Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

1532i and 1532e as a wirless bridge setup

I am trying to configure a 1532i and 1532e point to point bridge. Both are in autonomous mode. We have configured these the same as 1310 bridges which are working using a 2.4GHz radio.

 

However I am trying to use the 5GHz radio so this doesn’t affect a working environment. I have configured these bridges the same way as the 1310s but I am receiving error messages with the bridges authenticating with each other.

 

debug log shows

Unable to start supplicant on Dot11Radio1 

Mar 1 00:04:22.091          Warning               Interface Dot11Radio1, cannot associate: EAP authenticating 

Interface Dot11Radio1, cannot associate: EAP authenticating    

 

Any suggestions?

 

This is also occuring with the same setup on 2.4GHz. (Unable to start supplicant on Dot11Radio0)

 

Root AP

 

Cisco1532root#show run
Building configuration...
Current configuration : 2930 bytes
!
! Last configuration change at 04:10:09 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco1532root
!
!
logging rate-limit console 9
enable secret 5 $1$qxSo$W/Pc2S4qdFmyJXaqxb15v/
!
aaa new-model
!
!
aaa group server radius rad_eap
 server name 1532root
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
 server name 1532root
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid tatton5
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   authentication client username test password 7 03105E1812
   infrastructure-ssid
!
!
dot11 guest
!
eap profile test
 method leap
!
!
!
dot1x credentials test
 username test
 password 7 03105E1812
!
username Cisco password 7 062506324F41
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers aes-ccm
 !
 ssid tatton5
 !
 antenna gain 0
 power local 4
 power client 4
 packet retries 64 drop-packet
 channel 2412
 station-role root bridge
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 shutdown
 !
 encryption mode ciphers aes-ccm
 antenna gain 0
 peakdetect
 no dfs band block
 packet retries 64 drop-packet
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet1
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 172.16.8.64 255.255.248.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip default-gateway 172.16.8.18
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
radius-server local
  no authentication eapfast
  no authentication mac
  nas 172.16.8.64 key 7 020505551E120A
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
radius server 1532root
 address ipv4 172.16.8.64 auth-port 1812 acct-port 1813
 key 7 1306161C1E1801
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!
end

 

 

Non root ap

Cisco1532nonroot#show run
Building configuration...
Current configuration : 2958 bytes
!
! Last configuration change at 02:32:48 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco1532nonroot
!
!
logging rate-limit console 9
enable secret 5 $1$d.s.$FJ0VpKGZ5SkpP36N5jZPF0
!
aaa new-model
!
!
aaa group server radius rad_eap
 server name 1532nonroot
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
 server name 1532nonroot
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid tatton5
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   authentication client username test password 7 09584B1A0D
   infrastructure-ssid
!
!
dot11 guest
!
eap profile test
 method leap
!
!
!
dot1x credentials test
 username test
 password 7 131112011F
!
username Cisco password 7 072C285F4D06
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers aes-ccm
 !
 ssid tatton5
 !
 antenna gain 0
 power local 5
 power client 5
 packet retries 64 drop-packet
 station-role non-root bridge
 mobile station scan 2412
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 shutdown
 !
 encryption mode ciphers aes-ccm
 antenna gain 0
 peakdetect
 no dfs band block
 packet retries 64 drop-packet
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet1
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 172.16.8.65 255.255.248.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip default-gateway 172.16.8.18
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
radius-server local
  no authentication eapfast
  no authentication mac
  nas 172.16.8.65 key 7 104D0817100317
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
radius server 1532nonroot
 address ipv4 172.16.8.65 auth-port 1812 acct-port 1813
 key 7 070C20425B1D1C
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!
end

 

 

1 REPLY
Community Member

On your non-root you add the

On your non-root you add the credentials to the ssid.

 

Refer to this document:

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/68087-bridges-pt-to-pt.html#cisco12

ROOT:

dot11 ssid tatton5
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
 

NONROOT:

dot11 ssid tatton5
   authentication client username test password 7 03105E1812
 

add this to ROOT as well:

user test password 7 03105E1812

 

Let me know if this helps

245
Views
5
Helpful
1
Replies
CreatePlease to create content