Wireless bridge - encrypting all VLANs

Unanswered Question
Jul 15th, 2009
User Badges:
  • Gold, 750 points or more

I'm bridging two VLANs across a wireless bridge link. I have the following configuration:


dot11 ssid bridge

vlan 1

authentication open

!

interface Dot11Radio1

ssid bridge

station-role root bridge

!

interface Dot11Radio1.1

encapsulation dot1Q 1 native

bridge-group 1

!

interface Dot11Radio1.2

encapsulation dot1Q 2

bridge-group 2

!

interface FastEthernet0

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

bridge-group 1

!

interface FastEthernet0.2

encapsulation dot1Q 2

bridge-group 2


If I want to encrypt this link with WEP on all vlans, which configuration would apply?


this?


int dot11radio1

encryption key 1 size 128bit 7 63D14E186CB92CC74122FD345E51 transmit-key

encryption mode wep mandatory


this?


int dot11radio1

encryption vlan 1 key 1 size 128bit 7 803EC038BBEA5C207F4663056E3B transmit-key

encryption vlan 1 mode wep mandatory


or this?


int dot11radio1

encryption vlan 1 key 1 size 128bit 7 803EC038BBEA5C207F4663056E3B transmit-key

encryption vlan 1 mode wep mandatory

encryption vlan 2 key 1 size 128bit 7 803EC038BBEA5C207F4663056E3B transmit-key

encryption vlan 2 mode wep mandatory


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Roman Rodichev Mon, 07/20/2009 - 20:00
User Badges:
  • Gold, 750 points or more

if anyone's interested, it appears that this config is enough:


int dot11radio1

encryption vlan 1 key 1 size 128bit 7 803EC038BBEA5C207F4663056E3B transmit-key

encryption vlan 1 mode wep mandatory


apparently, all VLANs become encrypted just with this config. WEP configuration for additional VLANs is ignored. I configured mismatching keys for vlan 2 on both sides, I could still bridge vlan 2 traffic.


This of course applies to bridging only. AP configuraiton would require correct keys for all vlans.

Actions

This Discussion

 

 

Trending Topics - Security & Network