Rasika Nayanajith Wed, 11/06/2013 - 11:02
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Post the CLI output(show run) of two AP configuration to see how it is configured. Also what version (show version) of IOS running with these two unitis ?


HTH

Rasika

paulwolpert Thu, 11/07/2013 - 05:10
User Badges:

At this point, I only have web access.  IOS is 12.2(15)JA on both units.

paulwolpert Thu, 11/07/2013 - 11:38
User Badges:

Rasika,


Following are the Root and Non-Root "running-config" reports. (encription keys have been modified)




FROM ROOT



Cisco_bridge_CCS#show running-config

Building configuration...



Current configuration : 2446 bytes

!

! Last configuration change at 07:44:23 R Thu Nov 7 2013

! NVRAM config last updated at 07:44:23 R Thu Nov 7 2013

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname Cisco_bridge_CCS

!

logging queue-limit 100

enable secret 5 $1$dASj$8E8btwc3iNK5nmjJcX59b0

!

username Cisco password 7 00271A

username 0012433de760 password 7 075F711D1C5D4A564

username 0012433de760 autocommand exit

clock timezone R -5

clock summer-time R recurring

ip subnet-zero

ip name-server 151.197.0.39

ip name-server 151.197.0.38

!

aaa new-model

!

!

aaa group server radius rad_eap

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa authorization ipmobile default group rad_pmip

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 1 size 128bit 7 3C3B64DFC0E06624B transmit-key

encryption mode wep mandatory mic

!

ssid CannonCold

    authentication open mac-address mac_methods

!

cca 0

concatenation

distance 1

speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b

asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0

rts threshold 4000

power local cck 30

power local ofdm 30

power client 30

channel 2462

station-role root

infrastructure-client

bridge-group 1

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

ntp broadcast client

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.33.103 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.33.1

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

/122-15.JA/1100

ip radius source-interface BVI1

radius-server attribute 32 include-in-access-req format %h

radius-server authorization permit missing Service-Type

radius-server vsa send accounting

bridge 1 route ip

!

!

!

line con 0

line vty 5 15

!

ntp clock-period 2141845

ntp server 192.168.33.217

end


*******************************************************************


NON ROOT



Cisco_bridge_PPP#show running-config

Building configuration...



Current configuration : 2320 bytes

!

! NVRAM config last updated at 07:47:36 R Thu Nov 7 2013

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Cisco_bridge_PPP

!

logging queue-limit 100

enable secret 5 $1$yzXJ$/unHCO5/l2T6HMxD4HeQp.

!

username Cisco password 7 02250D

username 0012433de870 password 7 091C1E584B514

username 0012433de870 autocommand exit

clock timezone R -5

clock summer-time R recurring

ip subnet-zero

!

aaa new-model

!

!

aaa group server radius rad_eap

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa authorization ipmobile default group rad_pmip

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 1 size 128bit 7 FC3B64DFC0E0662 transmit-key

encryption mode wep mandatory mic

!

ssid CannonCold

    authentication open mac-address mac_methods

    infrastructure-ssid optional

!

cca 0

concatenation

speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b

asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0

rts threshold 4000

power local cck 30

power local ofdm 30

power client 30

station-role non-root

infrastructure-client

bridge-group 1

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

ntp broadcast client

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.33.203 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.33.1

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

/122-15.JA/1100

ip radius source-interface BVI1

radius-server attribute 32 include-in-access-req format %h

radius-server authorization permit missing Service-Type

radius-server vsa send accounting

bridge 1 route ip

!

!

!

line con 0

line vty 5 15

!

ntp clock-period 2141882

ntp server 192.168.33.217

end

cisnerosk Thu, 11/07/2013 - 15:14
User Badges:

Hello Paul.


On the Root side, try to change to this parameter:

station-role root bridge



Also, you could try to change your security settings to use WPA instead of WEP.


I hope this helps


Regards

Karla

paulwolpert Fri, 11/08/2013 - 06:33
User Badges:

Karla,


Thanks for your response.


The root side has always been set to root bridge.  We have been running WPA as we are in a small town in the country and do not have a radius server running. My thought to change to WEP at this point, if that is not the problem, would create more issues for the distant 1310.


If you look at my first post attachment, it appears that we are losing authentication at strange intervals, it can be measured in seconds to 20 to 30 minutes or more.  We are running yagi antennas, that are only 841 feet apart.  One thougnt I have been having is that one antenna is located where there is a bit of vibration on the building from internal refrigeration equipment, but not enough to see any visable antenna movement.


Paul

Rasika Nayanajith Fri, 11/08/2013 - 13:59
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Hi Paul,


I have few suggestions for this.


1. Upgrade the IOS of these bridges to 12.4(25d)JA which is the latest (& hope last as well) supported software code for these AP models.


2.  You have configured this bridge to operate only in CH11(2462), is that for a reason ? If not I prefer allow bridge to choose least congested channel (either 1,6 or 11)


3. As Karla pointed,  bridge keyword is missing on both AP radio's station role configuration. Try the command with the bridge keyword as well. ie in ROOT "station-role root bridge"  & in NON_ROOT "station-role non root bridge" under radio interface.


4. I also prefer, If you could configure WAP2/AES for security (since WEP is very weak). Below post may help you to derive a required configuration for WPA2/AES with EAP-FAST.

http://mrncciew.com/2013/11/09/wireless-bridge-with-eap-fast/


5. Are you using any multicast application across this bridge ? I have seen you configured every data rate as mandatory (multicast traffic goes highest mandatory rate configured) & "infrastructure-client" which to give more reliability to those sort of traffic


HTH

Rasika


**** Pls rate all useful responses ****

Actions

This Discussion

Related Content

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode