AP Client Bridge

AP Client Bridge topology extends a wired LAN using a wireless network. The Client Bridge can be used to tunnel network traffic to ExtremeCloud IQ Controller, enabling connectivity for wired devices that are moved around a facility. For example, a medical device that is moved between rooms can maintain connectivity to ExtremeCloud IQ Controller through an AP radio configured as the uplink. The medical device moves with the Client Bridge AP, the two devices can be connected through the wired port (ETH1/GE2) or through a wireless connection. Client Bridge can be deployed for untagged traffic from an access port to a single VLAN on ExtremeCloud IQ Controller. (The wired port is associated with a single network.) Or, as a Transparent Bridge that supports a trunk port with tagged traffic to multiple VLANs.

For more information, see Configure Transparent Bridge.

The Client Bridge deployment includes one or more infrastructure APs. After provisioning, the Client AP connects to normal infrastructure services. The infrastructure AP is essentially any AP deployed for standard service offering. The infrastructure APs communicate with the ExtremeCloud IQ Controller supporting the usual traffic flow. The Client Bridge AP roams like a wireless client, supporting background scanning to determine available infrastructure APs. The Client Bridge AP associates on the infrastructure AP SSID (using network credentials) establishing a Client Bridge link with the infrastructure.

Client Bridge AP is adopted by ExtremeCloud IQ Controller and is managed as any other AP:
  • When the Client Bridge AP is in Client mode (i.e. the GE2 port is set to Client), the wired clients connected to Client Bridge AP are controlled by the same policies as the wireless clients that are connected to any other AP.
  • When the Client Bridge AP is in Transparent Bridge mode (i.e. the GE2 port is set to Bridge), the Client Bridge AP is transparently forwarding all traffic without monitoring individual sessions.

To get started, configure the Client Bridge settings on ExtremeCloud IQ Controller. Configure the Client Bridge from the configuration Profile. The Client Bridge AP is a member of a device group that references a Profile configured for Client Bridge.

Define Client Bridge from the Radios tab within the configuration Profile. Only one radio can be configured as a Client Bridge. This can be either radio. Regardless of which radio is configured as the Client Bridge, both radios will continue to provide service.

Client Bridge and Transparent Bridge are supported on Wi-Fi 6 AP models:
  • Wi-Fi 6E World-Wide Universal APs ExtremeCloud IQ or on-premise operation
  • Wi-Fi 6 Universal APs ExtremeCloud IQ or on-premise operation
  • Wi-Fi 6 on-premise operation only.
.
Note

Note

The ETH1/GE2 Bridge port is not supported on access points with a single Ethernet port.
Note

Note

For ExtremeCloud IQ Controller deployments with network policy assignment for proper end-system visibility, the Client Bridge AP must be in a Centralized Site (Campus mode) and must be managed by ExtremeCloud IQ Controller.
Wired and wireless clients can be managed by Client Bridge. Client traffic can be forwarded on any of the following supported topologies: Bridged@AP, Bridged@AC, Fabric Attach, and VxLAN. A wired client refers to a device that has direct wired connectivity to the client port (GE2) of the AP. This can be a direct connection into the AP port or connected through a layer 2 switch. The wired client port supports up to 128 simultaneous client sessions.
Note

Note

  • The following AP models with PSE provide downstream POE:
    • AP5010 — PSE controlled from the user interface, and it is available only when the AP is powered from BT.
    • AP302W and AP310i/e — PSE is switched on automatically when the AP is powered from AT.
  • Ports on the Universal APs are labeled with the prefix ETH.
  • When Client Bridge is configured on a single interface AP, the single interface is used as the client port, not as an uplink, and you will not see the GE2 Port Function field in the configuration Profile Advanced Settings.

Network policy is applied to both wired and wireless clients in the same way. The network policy is enforced on the Client Bridge AP before the network traffic is forwarded. All configuration updates are pushed to the Client Bridge AP before being applied to the infrastructure AP.

The role assignment for each AP is defined in its unique configuration Profile. When using Bridged@AP and Fabric Attach topologies, ensure that the Client Bridge role assignment is synchronized with the infrastructure AP role assignment.
Note

Note

For a Client Bridge path, policy enforcement for clients is handled at the Client Bridged AP, including any adjustments to topology assignment (VLAN Tagging). The infrastructure AP operates purely as a transparent bridge for the traffic that is received from the Client Bridge AP. The same applies to management network access. If the infrastructure is configured to require management traffic on a specific VLAN, and is tagged by the infrastructure AP, the same configuration needs to be applied to each Client Bridge AP, ensuring that the VLAN tags match the infrastructure requirement. It behaves essentially as if the Client Bridge access point was directly connected to the same infrastructure switch port as the infrastructure AP that provides the path for wireless connectivity.