Workgroup Bridge in Universal Mode

Unanswered Question
Mar 29th, 2010
User Badges:

I have a Cisco 1242 access point which I have configured as a workgroup bridge. This bridge needs to connect to non-Cisco AP's.

I have this working fine (you have to run version 12.4 or later to be able to use the universal command)

I am running EAP-TLS and have a certificate on the AP, but it was ages since I configured it, so I after clarification that my steps are correct for adding a new certificate.

The relevant commands on the AP are as follows:-

dot11 ssid WHATEVER
   authentication open eap eap_methods
   authentication network-eap eap_methods
   authentication key-management wpa version 2
   dot1x credentials EAPTLS
   dot1x eap profile EAPTLS

eap profile EAPTLS
method tls

interface Dot11Radio0

no ip address

no ip route-cache

encryption mode ciphers aes-ccm


station-role workgroup-bridge universal aaaa.bbbb.ccccc !This is mac address of attached laptop!

bridge-group 1

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

bridge-group 1 spanning-disabled


interface BVI1

no ip address

no ip route-cache

Now the existing certificate is setup as follows:-

crypto pki trustpoint aaaaaaa
revocation-check crl
rsakeypair aaaaaaa

crypto pki certificate chain aaaaaaa

certificate 175B

  308205DF 308204C7 A0030201 02020217 5B300D06 092A8648 86F70D01 01050500

etc etc etc

Am I right in thinking to load the new certificate (bbbbbb) all I have to do is copy the certificate to AP (copy tftp flash:), and then run the following commands:-

crypto pki trustpoint bbbbbb
revocation-check crl
rsakeypair bbbbbbbbb

crypto pki certificate chain bbbbbb

certificate ##### ! then copy and paste the details of the user certificate in here???

Is there any order these need to be added in??

Any help would be much appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ANDREW WIGHTMAN Mon, 03/29/2010 - 06:49
User Badges:

Answered my own question:-

crypto pki import bbbbb pkcs12 flash:bbbbbbb.pfx (password if required)

Once the cert is imported it creates the crypto pki trustpoint!!

Just then need to add the following:-

dot1x credentials EAPTLS
pki-trustpoint bbbbb


This Discussion

Related Content



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode