Root Bridge can see NonRoot Bridges but does not Associate

Unanswered Question
Feb 3rd, 2010

This is a point-to-multipoint bridging LAN for networking eight serial devices (air quality monitors) to a central Windows box for real-time wireless data acquisition.  Thus far, I have configured a single Aironet 1310 as the root bridge (RB:  150.100.0.2, 255.255.0.0) at the Windows box (PC: 150.100.0.1, 255.255.0.0) and three Aironet 1310s as non-root bridges (NRB1:  150.100.0.3; NRB2:  150.100.0.4; NRB3:  150.100.0.5).  When the system's working, each of the NRBs will connect to an ethernet-to-serial device server with its own IP, and the serial devices will connect to the device servers as COM2-COM9, respectively.  Each node in this network has an external antenna, an omni at the RB and directional/Yagi antennae at the NRBs.  Distances are short, hundreds of meters, so power will not be the limiting factor.  (We could have done this with Zigbee but decided to overdesign for reliability.)

After assigning IP addresses to all four bridges using the command-line interface, and with the RB connected to an ethernet hub/switch, we configured each of the NRBs by connecting them to the same hub/switch and using the browser interface.  We used the document at

http://www.cisco.com/application/pdf/paws/68087/bridges_pt_to_pt.pdf

and followed it to the letter to configure first the RB, then the NRBs.

After configuring all four bridges, and while all four were still hard-wired together through the hub/switch, all four bridges showed the proper associations in the "State" column of the web interface under "Association."  To test the wireless links we disconnected the three NRBs from the hub/switch by removing the ethernet cables, leaving the RB connected to the hub/switch (naturally) to maintain connection to the host PC.  We then refreshed all associations.

On the RB web interface, all three NRBs showed up with the proper IP addresses, but the "State" fields showed "Attempting Association" or something like that rather than "EAP-Associated."

All three NRB web interfaces disappeared because the links were lost.  I tried to PING each of the IP addresses using a DOS command, but all three timed out.

So, in short, the RB can "see" all three NRBs and "knows" they're there; but the association does not complete.  What are my options for diagnosing the problem?

Thanks in advance...

Brent Auvermann

Amarillo, TX

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Wed, 02/03/2010 - 18:25

What a coincidence.  I created a TAC case because I followed the same document TWICE and didn't get any result.  TAC told me the document was faulty.  Here's what I've did>


dot11 vlan-name NATIVE vlan 99
dot11 vlan-name Matata vlan 1812
dot11 vlan-name Hakuna vlan 1811
!
dot11 ssid Backhaul
vlan
authentication open
authentication key-management wpa version 2
wpa-psk ascii 0 yabba-dabba-doo
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan mode ciphers aes-ccm
!
ssid Backhaul
!
antenna gain 0
no dfs band block
channel dfs
station-role root bridge
!
interface Dot11Radio1.
encapsulation dot1Q   native
no ip route-cache
bridge-group 250
!
interface Dot11Radio1.1810
encapsulation dot1Q 1810
no ip route-cache
bridge-group 1
!
interface Dot11Radio1.1811
encapsulation dot1Q 1811
no ip route-cache
bridge-group 255
!        
interface Dot11Radio1.1812
encapsulation dot1Q 1812
no ip route-cache
bridge-group 254
!
interface Dot11Radio1.1815
encapsulation dot1Q 1815
no ip route-cache
bridge-group 253

Use the same config for your non-root bridge but just substitute root bridge with non-root bridge.

Hope this helps!

queue_ball Thu, 02/04/2010 - 09:49

I appreciate your post, but I do not understand it in the least!  Obviously a CLI thread, but I'm certainly not equipped to decipher it and determine which words to change for my own purposes.  Thanks again, qb

Leo Laohoo Thu, 02/04/2010 - 13:36

Copy the above configuration into a notepad and make your changes to suit your network.  I have added two VLANs just in case you need more than one VLAN to bridge across both locations.  If you have one, remove the others and the subinterface.  Once you've made your changes copy the config into the root bridge AP via CLI.  For the non-root bridge change the "station-role root bridge" to "station-role non root bridge" and copy `em back.

Uwe Fucik Wed, 06/23/2010 - 04:21

Hello,

Insert on the AP that is the non-root bridge to the line

"dot11 ssid ....... native" the command

"infrastructure-ssid" but only for the native vlan ssid

kind regards

Uwe Jäger

Austria

Chieu Dinh Wed, 02/29/2012 - 13:56

- How do we check for the association between root and non root?

- How do we initiate the root bridge for association?

and non root bridge  to associate?

Justin Kurynny Wed, 02/29/2012 - 23:08

Chieu Dinh,

show dot11 association

Root radio int: shut/no shut to "reset" it

Nonroot radio: nothing to do. It automatically scans once you configure and no shut the interface.

Justin

Sent from Cisco Technical Support iPhone App

Chieu Dinh Thu, 03/01/2012 - 06:42

Justin

- The CLI command does help to get more information for the association.

- For the non-root bridge, is there a way to set the scan? I can see in the log file shows that the scan is starting when I changed from Install to non-root bridge. Once I am on the non-root bridge role, I don't see any more the log for scanning.

My question is "is there some ways that I can initiate the scan on the non-root bridge?

- can I use the "parent" command on the point-to-multipoint environment? or it is working only for workgroup environment?

Thanks

Justin Kurynny Thu, 03/01/2012 - 09:49

Chieu Dinh,

For the non-root bridge, is there a way to set the scan? I can see in the log file shows that the scan is starting when I changed from Install to non-root bridge. Once I am on the non-root bridge role, I don't see any more the log for scanning.

I don't know about any command that controls the scanning interval when the bridge is in non-root mode. I also don't think it logs every time it goes into a scan cycle because I think they're pretty close together, maybe at most a few seconds.

My question is "is there some ways that I can initiate the scan on the non-root bridge?

You can shut/no-shut the non-root bridge radio interface. Every time you do this it intiates a new scan immediately.

can I use the "parent" command on the point-to-multipoint environment?

As far as I know, yes. I think the only mode parent doesn't work in is repeater mode. For repeaters, you don't configure a list of parents, you only configure one single MAC peer.

An added thought: if you are having trouble with the bridge link coming up, then there is likely either a signal or a configuration issue (and chasing the scan interval probably won't net you any solutions). I've found that a great way to narrow the troubleshooting is to configure the bridges on the ground at close range (maybe 50-100 feet apart, not right up against each other) to control for signal. Once you have a working configuration and you know for sure that the bridges will come up, then install them in your outdoor locations. Keep in mind that when outdoors, a lot of factors can play into signal claritiy and usability (trees/foliage, distance, LOS/fresnel, earth curvature, weather, noise and interference, etc.). Also, unfortunately for the 1310s, the 2.4GHz space is really congested in most populated areas so they are not a reliable solution unless you're out in the country. Always survey first.

Justin

Chieu Dinh Thu, 03/01/2012 - 11:52

Justin,

Thank you very much for your helps. It have been very helpful with your information.

I am troubleshooting the non-root bridge associate with root bridge.

The problem was the bridge is already on the tower. I just connected to the power injector to work on the configuration only. It is Cisco Aironet 1410 model.

Question: the interface BVI1 is  10.0.10.10. (VLAN 10).  Can the dot11radio0.2 on another subnet (ex: 10.0.2.10) (VLAN2). or it have to be on the same VLAN?

Justin Kurynny Wed, 02/29/2012 - 23:05

Brent,

If you could log into the CLI on your RB and one of your NRBs, copy their configs ("show run") and then post them here, we can probably spot the issue pretty quickly.

Justin

Sent from Cisco Technical Support iPhone App

Actions

This Discussion

Related Content