Workgroup Bridge in Universal Mode

Unanswered Question
Mar 29th, 2010
User Badges:

I have a Cisco 1242 access point which I have configured as a workgroup bridge. This bridge needs to connect to non-Cisco AP's.

I have this working fine (you have to run version 12.4 or later to be able to use the universal command)


I am running EAP-TLS and have a certificate on the AP, but it was ages since I configured it, so I after clarification that my steps are correct for adding a new certificate.


The relevant commands on the AP are as follows:-


dot11 ssid WHATEVER
   authentication open eap eap_methods
   authentication network-eap eap_methods
   authentication key-management wpa version 2
   dot1x credentials EAPTLS
   dot1x eap profile EAPTLS


eap profile EAPTLS
method tls


interface Dot11Radio0

no ip address

no ip route-cache

encryption mode ciphers aes-ccm

ssid WHATEVER

station-role workgroup-bridge universal aaaa.bbbb.ccccc !This is mac address of attached laptop!

bridge-group 1


interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

no ip address

no ip route-cache



Now the existing certificate is setup as follows:-


crypto pki trustpoint aaaaaaa
revocation-check crl
rsakeypair aaaaaaa


crypto pki certificate chain aaaaaaa

certificate 175B

  308205DF 308204C7 A0030201 02020217 5B300D06 092A8648 86F70D01 01050500

etc etc etc


Am I right in thinking to load the new certificate (bbbbbb) all I have to do is copy the certificate to AP (copy tftp flash:), and then run the following commands:-


crypto pki trustpoint bbbbbb
revocation-check crl
rsakeypair bbbbbbbbb


crypto pki certificate chain bbbbbb

certificate ##### ! then copy and paste the details of the user certificate in here???


Is there any order these need to be added in??


Any help would be much appreciated.


Regards

Andrew

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ANDREW WIGHTMAN Mon, 03/29/2010 - 06:49
User Badges:

Answered my own question:-


crypto pki import bbbbb pkcs12 flash:bbbbbbb.pfx (password if required)

Once the cert is imported it creates the crypto pki trustpoint!!


Just then need to add the following:-

dot1x credentials EAPTLS
username bbbbb.bbbbb.com
pki-trustpoint bbbbb

Actions

This Discussion

Related Content

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode