Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

1532i > 1532e point-to-point bridge setup

Hi

 

I am trying to configure a 1532i and 1532e point to point bridge. Both are in autonomous mode. We have configured these the same as 1310 bridges which are working using a 2.4GHz radio.

 

However I am trying to use the 5GHz radio so this doesn’t affect a working environment. I have configured these bridges the same way as the 1310s but I am receiving error messages with the bridges authenticating with each other.

 

debug log shows

Unable to start supplicant on Dot11Radio1 

Mar 1 00:04:22.091          Warning               Interface Dot11Radio1, cannot associate: EAP authenticating 

Interface Dot11Radio1, cannot associate: EAP authenticating   

 

Any suggestions?

___

Root AP

Cisco1532root#show run
Building configuration...
Current configuration : 2930 bytes
!
! Last configuration change at 04:10:09 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco1532root
!
!
logging rate-limit console 9
enable secret 5 $1$qxSo$W/Pc2S4qdFmyJXaqxb15v/
!
aaa new-model
!
!
aaa group server radius rad_eap
 server name 1532root
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
 server name 1532root
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid tatton5
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   authentication client username test password 7 03105E1812
   infrastructure-ssid
!
!
dot11 guest
!
eap profile test
 method leap
!
!
!
dot1x credentials test
 username test
 password 7 03105E1812
!
username Cisco password 7 062506324F41
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers aes-ccm
 !
 ssid tatton5
 !
 antenna gain 0
 power local 4
 power client 4
 packet retries 64 drop-packet
 channel 2412
 station-role root bridge
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 shutdown
 !
 encryption mode ciphers aes-ccm
 antenna gain 0
 peakdetect
 no dfs band block
 packet retries 64 drop-packet
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet1
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 172.16.8.64 255.255.248.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip default-gateway 172.16.8.18
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
radius-server local
  no authentication eapfast
  no authentication mac
  nas 172.16.8.64 key 7 020505551E120A
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
radius server 1532root
 address ipv4 172.16.8.64 auth-port 1812 acct-port 1813
 key 7 1306161C1E1801
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!
end

 

Non root AP

Cisco1532nonroot#show run
Building configuration...
Current configuration : 2958 bytes
!
! Last configuration change at 02:32:48 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco1532nonroot
!
!
logging rate-limit console 9
enable secret 5 $1$d.s.$FJ0VpKGZ5SkpP36N5jZPF0
!
aaa new-model
!
!
aaa group server radius rad_eap
 server name 1532nonroot
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
 server name 1532nonroot
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid tatton5
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   authentication client username test password 7 09584B1A0D
   infrastructure-ssid
!
!
dot11 guest
!
eap profile test
 method leap
!
!
!
dot1x credentials test
 username test
 password 7 131112011F
!
username Cisco password 7 072C285F4D06
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers aes-ccm
 !
 ssid tatton5
 !
 antenna gain 0
 power local 5
 power client 5
 packet retries 64 drop-packet
 station-role non-root bridge
 mobile station scan 2412
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 shutdown
 !
 encryption mode ciphers aes-ccm
 antenna gain 0
 peakdetect
 no dfs band block
 packet retries 64 drop-packet
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet1
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 172.16.8.65 255.255.248.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip default-gateway 172.16.8.18
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
radius-server local
  no authentication eapfast
  no authentication mac
  nas 172.16.8.65 key 7 104D0817100317
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
radius server 1532nonroot
 address ipv4 172.16.8.65 auth-port 1812 acct-port 1813
 key 7 070C20425B1D1C
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!
end
Cisco1532nonroot# conf ter
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco1532nonroot(config)#ip domain lookup
Cisco1532nonroot(config)#exit

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Ah that makes sense now,

Ah that makes sense now,

 

Either remove your key management or add a PSK

 

We may need to define the leap settings in non-root, but I'm not sure and don't have a lab to test in at the moment.

 

So..

on ROOT ssid remove the following line:

   authentication key-management wpa version 2
 

If you get successful authentication add the key-magement back to both sides, then a PSK

New Member

I have lab'd this out with

I have lab'd this out with 1252s and your configuration. There are some features that don't work, but for the most part I think I found the issue.

 

First, configure you SSIDs like this:

NON-ROOT

dot11 ssid test5ghz
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   authentication client username admin1 password admin1

ROOT

dot11 ssid test5ghz
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   infrastructure-ssid

This shows that our non-rot will be autenticating to the ROOT SSID.

 

Now, the first issue that you came with is what will be seen (failing to authenticate).

On your ROOT AP you have the authentication to eap_methods1

eap_methods1 is configured for group rad_eap1

rad_eap1 is defined as server name 1532root

When we look at 1532root we get:

radius server 1532root
 address ipv4 172.16.8.64 auth-port 1645 acct-port 1646
 key 7 1434130519102F7B75

If you see, we have no users defined in this server. So adding the username admin1 pass admin1 should allow it to authenticate.

I got it to work in lab

20 REPLIES
Hall of Fame Super Silver

Well you have the 2.4ghz

Well you have the 2.4ghz radio as root bridge and the 5ghz radio is shutdown. You need to enable the 5ghz and make one the root bridge and the other the non root bridge. Then your 2.4ghz you need to change the role since it's defined as a bridge.
-Scott
*** Please rate helpful posts ***
New Member

Hi Scott, thanks for your

Hi Scott,

 

Thank you for your help and reply it is much appreciated. Unfortunately I think I have confused the matter because I was testing a 2.4 setup and posted the run script for that (hence why Radio0 was showing up and Radio1 was showing ‘shutdown’). To be clear on our setup I have posted our setup instructions (via the web interface) that we have used on a 1310 bridge and 1142 bridge without any problems. I have also posted below a new set of run scripts from our 1532 units (after using the setup instructions below).

 

Setup instructions (successful on 1310>1310 bridge and 1142>1142 bridge)

 

Configure network settings (172.16.8.64, 255.255.248.0, 172.16.8.18)

 

Configure the AP as a local RADIUS server

1. Security > Server Manager > define the IP address (172.16.8.64), ports (1812,1813), and shared secret of the RADIUS server.

2. In the Default Server Priorities area, define the default EAP authentication priority as 172.16.8.64

 

Set encryption

1. Security > Encryption Manager > Cipher = AES CCMP.

 

SSID Manager settings

1. Security > SSID Manager > Create new SSID > ‘tatton5’

2. Tick 5ghz radio interface

3. Tick only the Network EAP check box

4. Authenticated Key Management area > Key Management = Mandatory > Check the WPA check box > Select WPAv2

 

Local RADIUS

1. Security > Local Radius Server

2. Click the General Set-Up tab located at the top of the window.

3. Check only the LEAP check box and click Apply.

4. Network Access Servers area > define the IP address (172.16.8.64) and shared secret of the RADIUS server.

 

SSID Manager settings

1. Security > SSID Manager

2. Select current SSID in listbox to load its current settings

3. Client authentication settings >> EAP authentication servers >> Customize >> Priority 1 >> 172.16.8.64

4. Apply

5. Go to bottom of screen

6. Guest mode/Infrastructure SSID settings >> choose 2.4ghz OR 5ghz >> Set infrastructure SSID to SSID used above from drop down >> Tick ‘Force ….’

 

Network interfaces >> Radio 2.4ghz OR 5ghz

Settings >> Tick ‘Enabled’

Settings >> Tick ‘Root Bridge’

Leave everything at default at this point

 

Repeat the above process for Non-Root bridge (172.16.8.65) ... but choose non-root as role at the end

 

 

 

I'll post the running-config for a 5Ghz setup shortly

New Member

  Hi 5Ghz running-configs -

 

 

Hi 5Ghz running-configs - note the radio on the non root device won't come onlin fully most likey due to the autheticaion failure

Root AP - 172.16.8.64, 255.255.248.0

1532root#show run
Building configuration...
Current configuration : 3007 bytes
!
! Last configuration change at 07:23:00 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 1532root
!
!
logging rate-limit console 9
enable secret 5 $1$jeE7$TpCeI5mqk/xRdpf7SO0Y/1
!
aaa new-model
!
!
aaa group server radius rad_eap
 server name 1532root
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
 server name 1532root
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid test5ghz
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   authentication client username admin1 password 7 105A0C0A110713181F13253920
   infrastructure-ssid
!
!
dot11 guest
!
!
!
username Cisco password 7 01300F175804
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 shutdown
 !
 encryption mode ciphers aes-ccm
 antenna gain 0
 packet retries 64 drop-packet
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !
 encryption mode ciphers aes-ccm
 !
 ssid test5ghz
 !
 antenna gain 0
 peakdetect
 no dfs band block
 power local 5
 power client 5
 packet retries 64 drop-packet
 channel dfs
 station-role root bridge
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet1
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 172.16.8.64 255.255.248.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
radius-server local
  no authentication eapfast
  no authentication mac
  nas 172.16.8.64 key 7 08024D401C0D004743
  user admin1 nthash 7 09681D5B38574E425A5C557B7A737E60617B3153472755060F7C70775
756394F09
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
radius server "1532root "
 address ipv4 172.16.8.64 auth-port 1812 acct-port 1813
 key 7 02250D480809
!
radius server 1532root
 address ipv4 172.16.8.64 auth-port 1645 acct-port 1646
 key 7 1434130519102F7B75
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!
end

 

 

Non root AP - 172.16.8.65, 255.255.248.0

1532nonroot#show run
Building configuration...
Current configuration : 2808 bytes
!
! Last configuration change at 08:31:01 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 1532nonroot
!
!
logging rate-limit console 9
enable secret 5 $1$9uM9$s2zj14lEDFf8M0sxyPFWL1
!
aaa new-model
!
!
aaa group server radius rad_eap
 server name 1532nonroot
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
 server name 1532nonroot
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid test5ghz
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   infrastructure-ssid
!
!
dot11 guest
!
!
!
username Cisco password 7 0802455D0A16
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 shutdown
 !
 encryption mode ciphers aes-ccm
 antenna gain 0
 packet retries 64 drop-packet
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !
 encryption mode ciphers aes-ccm
 !
 ssid test5ghz
 !
 antenna gain 0
 peakdetect
 power local 5
 power client 5
 packet retries 64 drop-packet
 station-role non-root bridge
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet1
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 172.16.8.65 255.255.248.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
radius-server local
  no authentication eapfast
  no authentication mac
  nas 172.16.8.65 key 7 022505551E120A711D
  user admin1 nthash 7 123D5645335955547B7B757962627440534F2155077D0C03022A203B4
F0C790E03
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
radius server 1532nonroot
 address ipv4 172.16.8.65 auth-port 1645 acct-port 1646
 key 7 123A0419071F09547B
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!
end

 

New Member

Note on the root device under

Note on the root device under association tab the state is listed as association porcesing.

 

On the non-root device on the home tab:

Still get errors:

Interface Dot11Radio1, cannot associate: EAP authenticating
Mar 1 09:33:25.255 Error Unable to start supplicant on Dot11Radio1

New Member

Robert, I posted yesterday,

Robert,

 

I posted yesterday, but not sure why it's not showing.

 

Look here: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/68087-bridges-pt-to-pt.html#cisco12

 

On your root bridge remove the authentication client string and place it on your non-root configuration. Remove the other authentication settings from your non-root bridge.

If you have additional authentication issues add user test password 7 09584B1A0D to your global configuration.

 

New Member

Hi thanks for your post, I’m

Hi thanks for your post, I’m entirely sure what you mean by “remove the authentication client string” or what other authentication settings should be removed.  I came across the link you posted thanks. I’ve been looking at this too. There are a few syntax differences. I’ve been configuring most of the settings via the web interface but can use CLI if required.

 

Other passwords applied are default for web, telnet and console session.

 

On root (172.16.8.64)

Changed the mandatory option under Client Authenticated Key Management from SSID manager  on the root this drops the radio on the non root.

 

results of change:

root = Clients: 0 Infrastructure clients: 0

non root = Clients: 0       Infrastructure clients: 0

The non root 5ghz radio shutdown

non root status error log = Interface Dot11Radio1, cannot associate: WPAIE not found and required

 

When enabling this again (Mandatory, WPA2)

 

On root (172.16.8.64)

 Applied mandatory setting under Client Authenticated Key Management from SSID manager, set WPA2

 Association

this changes the status

Clients: 0              Infrastructure clients: 1

under association

Radio1-802.11N5GHz

SSID test5ghz :

Device Type       Name    IPv4 Address      IPv6 Address      MAC Address    State     Parent  VLAN

bridge   1532nonroot      172.16.8.65         ::             189c.5d72.6a20 Association processing  self         none

 

on non root after this change

Clients: 0              Infrastructure clients: 1

under association tab

Radio1-802.11N5GHz

SSID test5ghz :

Device Type       Name    IPv4 Address      IPv6 Address      MAC Address    State     Parent  VLAN

bridge   1532root              172.16.8.64         ::             189c.5d73.0e10                 EAP-Associated -              none

 

 

New Member

Any help would be appreciated

Any help would be appreciated

New Member

On Root Bridge SSID would be

On Root Bridge SSID would be like this:

dot11 ssid test5ghz
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   infrastructure-ssid

 

On Non-Root Bridge SSID would be like this:

dot11 ssid test5ghz
   authentication client username admin1 password 7 105A0C0A110713181F13253920

 

The non-root is a client on the ssid from the root, which authenticates through the radius on the root as well. No need for a radius configuration on the non-root.

New Member

Thanks for your input, its

Thanks for your input, its appreciated. I made the changes but this unfortunately hasn’t resolved the issue.  With your changes the non root 5GHz stays down and the following is listed in status

                Interface Dot11Radio1, cannot associate: WPAIE found and SSID has no key management

 

Also both root and non root report

 Association

Clients: 0              Infrastructure clients: 0


172.16.8.64 root

!
! Last configuration change at 18:58:58 UTC Fri Mar 21 2014
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 1532root
!
!
logging rate-limit console 9
enable secret 5 $1$jeE7$TpCeI5mqk/xRdpf7SO0Y/1
!
aaa new-model
!
!
aaa group server radius rad_eap
 server name 1532root
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
 server name 1532root
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid test5ghz
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   infrastructure-ssid
!
!
dot11 guest
!
!
!
username Cisco password 7 01300F175804
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 shutdown
 !
 encryption mode ciphers aes-ccm
 antenna gain 0
 packet retries 64 drop-packet
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !
 encryption mode ciphers aes-ccm
 !
 ssid test5ghz
 !
 antenna gain 0
 peakdetect
 no dfs band block
 power local 5
 power client 5
 packet retries 64 drop-packet
 channel dfs
 station-role root bridge
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet1
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 172.16.8.64 255.255.248.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
radius-server local
  no authentication eapfast
  no authentication mac
  nas 172.16.8.64 key 7 0130070A4E1F035F70
  user admin1 nthash 7 00204054250952565E711D1F584E534446522E507B0F7078651101305E43225806
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
!
radius server 1532root
 address ipv4 172.16.8.64 auth-port 1645 acct-port 1646
 key 7 03275A05131B241C1F
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!
en

 


172.16.8.65 - non root

! Last configuration change at 18:54:43 UTC Fri Mar 21 2014 by Cisco
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 1532nonroot
!
!
logging rate-limit console 9
enable secret 5 $1$9uM9$s2zj14lEDFf8M0sxyPFWL1
!
aaa new-model
!
!
aaa group server radius rad_eap
 server name 1532nonroot
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
 server name 1532nonroot
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid test5ghz
   authentication client username admin1 password 7 021201481F160E325F59060B01
   guest-mode
!
!
dot11 guest
!
!
!
username Cisco password 7 0802455D0A16
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 shutdown
 !
 encryption mode ciphers aes-ccm
 antenna gain 0
 packet retries 64 drop-packet
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !
 encryption mode ciphers aes-ccm
 !
 ssid test5ghz
 !
 antenna gain 0
 peakdetect
 power local 5
 power client 5
 packet retries 64 drop-packet
 station-role non-root bridge
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet1
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 172.16.8.65 255.255.248.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
radius-server local
  no authentication eapfast
  no authentication mac
  nas 172.16.8.65 key 7 096F4F070C1112425A
  user admin1 nthash 7 072B721E6F5B405546425A5D557D7D777C6A17764223425357727A7B0A012F5A48
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
radius server 1532nonroot
 address ipv4 172.16.8.65 auth-port 1645 acct-port 1646
 key 7 123A0419071F09547B
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!
end

 

New Member

Ah that makes sense now,

Ah that makes sense now,

 

Either remove your key management or add a PSK

 

We may need to define the leap settings in non-root, but I'm not sure and don't have a lab to test in at the moment.

 

So..

on ROOT ssid remove the following line:

   authentication key-management wpa version 2
 

If you get successful authentication add the key-magement back to both sides, then a PSK

New Member

I'm sorry, CCKM, ignore what

I'm sorry, CCKM, ignore what I said about PSK smiley

New Member

I have lab'd this out with

I have lab'd this out with 1252s and your configuration. There are some features that don't work, but for the most part I think I found the issue.

 

First, configure you SSIDs like this:

NON-ROOT

dot11 ssid test5ghz
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   authentication client username admin1 password admin1

ROOT

dot11 ssid test5ghz
   authentication network-eap eap_methods1
   authentication key-management wpa version 2
   infrastructure-ssid

This shows that our non-rot will be autenticating to the ROOT SSID.

 

Now, the first issue that you came with is what will be seen (failing to authenticate).

On your ROOT AP you have the authentication to eap_methods1

eap_methods1 is configured for group rad_eap1

rad_eap1 is defined as server name 1532root

When we look at 1532root we get:

radius server 1532root
 address ipv4 172.16.8.64 auth-port 1645 acct-port 1646
 key 7 1434130519102F7B75

If you see, we have no users defined in this server. So adding the username admin1 pass admin1 should allow it to authenticate.

I got it to work in lab

New Member

Thanks for your help, it’s

Thanks for your help, it’s greatly appreciated.

 

I initially tried manually editing the config but was still not successful. But I may have misinterpreted  your advice. Therefore we tried the setup wizard instead but this limits you to open authentication and PSK. This was usable but not ideal.

 

Currently we now have EAP/Radius authentication working in a manner you specified. When trying to manually add the same username and hashed password these didn’t store the same value I’d typed on the non root AP. So it is best doing this via the web interface (as ASCII) this is then automatically handed.

 

E.g. if anyone else finds his useful I have posted configs below.

 

The only problem now is the speed. Currently we are testing in a our IT room, trying varying power levels. initially there was quite a mix of really poor results using the dot11 dot111 linktest command. There was a high percentage on reties of loss (after max default 64 packet retries).

 

Currently the link test retires are very low.

Cisco1532root#show dot11 linktest

 

GOOD (1  % retries)  Time   Strength(dBm)   SNR      SNR          Retries

                     msec      In     Out    In      Out         In   Out

      Sent :1000, Avg   0    - 63    - 64    35       30   Tot:  17    19

Lost to Tgt:   0, Max   8    - 61    - 62    38       33   Max:   1     2

Lost to Src:   0, Min   0    - 67    - 66    32       29

Rates (Src/Tgt)     24Mb 0/4  mcs12 999/995  mcs13 1/1

GOOD (3  % retries)  Time   Strength(dBm)   SNR      SNR          Retries

                     msec      In     Out    In      Out         In   Out

      Sent : 100, Avg   0    - 64    - 63    34       31   Tot:   1     6

Lost to Tgt:   0, Max   4    - 63    - 63    36       32   Max:   1     2

Lost to Src:   0, Min   0    - 67    - 65    32       30

Rates (Src/Tgt)     24Mb 0/1  mcs12 100/99

 

 However we have 1142 operating as a bridge point-to-point on 2.4GHz @ 20Mhz (802.11n) that gets around 10-12Mbps in terms of real-time file transfer speed; which is what we get per machine on a switch (100Mbps conns, 1Gbps for servers) so around this speed would be suitable. These new 1532 units are to replace our old 1310 units (802.11g, 54Mbps with real time data transfer speed is up to 2MBps) .

 

However the 1532 units are only transferring files at up to or over 3MBps, the transfer will pause during stages of the transfer (30/40MB files) and the ping time to the machine over the link fluctuates wildly – unlike our other bridges.

The 1532 are using 5GHz, 20Mhz width.  We got around the same speeds using 2.4GHz. We are using dual antenna mode. I will try single mode out and post if any better or not.  

If you have any suggestions about improving the speed over the link that would be really helpful. Again, thanks for all your help for getting us to this stage.  J

 

Root (172.16.8.64/255.255.248.0)

Cisco1532root#show run

Building configuration...

Current configuration : 2878 bytes

!

! Last configuration change at 16:16:05 UTC Sat Mar 22 2014

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Cisco1532root

!

!

logging rate-limit console 9

enable secret 5 $1$ASQS$oF/QcIDxVnkNNvg5gJoj.1

!

aaa new-model

!

!

aaa group server radius rad_eap

 server name 1532root

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa group server radius rad_eap1

 server name 1532root

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authentication login eap_methods1 group rad_eap1

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

!

!

!

!

!

aaa session-id common

no ip cef

!

!

!

!

dot11 syslog

!

dot11 ssid tatton12345

   authentication network-eap eap_methods1

   authentication key-management wpa version 2

   authentication client username maurice password 7 104D0817100317

   infrastructure-ssid

!

!

dot11 guest

!

!

!

username Cisco password 7 05280F1C2243

!

!

bridge irb

!

!

!

interface Dot11Radio0

 no ip address

 shutdown

 !

 encryption mode ciphers aes-ccm

 antenna gain 0

 packet retries 64 drop-packet

 station-role root

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 spanning-disabled

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

!

interface Dot11Radio1

 no ip address

 !

 encryption mode ciphers aes-ccm

 !

 ssid tatton12345

 !

 antenna gain 0

 peakdetect

 no dfs band block

 power local 11

 power client 11

 packet retries 64 drop-packet

 channel dfs

 station-role root bridge

 bridge-group 1

 bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

 no ip address

 duplex auto

 speed auto

 bridge-group 1

 bridge-group 1 spanning-disabled

!

interface GigabitEthernet1

 no ip address

 duplex auto

 speed auto

 bridge-group 1

 bridge-group 1 spanning-disabled

!

interface BVI1

 ip address 172.16.8.64 255.255.248.0

 ipv6 address dhcp

 ipv6 address autoconfig

 ipv6 enable

!

ip default-gateway 172.16.8.18

ip forward-protocol nd

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

!

!

radius-server local

  nas 172.16.8.64 key 7 03075A05131B24

  user maurice nthash 7 14314A2F5B507A73760E171306445E35555474010E0B005B50404609

0807727076

!

radius-server attribute 32 include-in-access-req format %h

radius-server vsa send accounting

!

radius server 1532root

 address ipv4 172.16.8.64 auth-port 1812 acct-port 1813

 key 7 020505551E120A

!

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

 transport input all

!

end

 

Non root (172.16.8.65)

Cisco1532nonroot#show run

Building configuration...

Current configuration : 2701 bytes

!

! Last configuration change at 10:07:45 UTC Mon Mar 24 2014

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Cisco1532nonroot

!

!

logging rate-limit console 9

enable secret 5 $1$FGN6$DEJPqzZmeIa33pAeUJlBK1

!

aaa new-model

!

!

aaa group server radius rad_eap

 server name 1532root

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa group server radius rad_eap1

 server name 1532root

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authentication login eap_methods1 group rad_eap1

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

!

!

!

!

!

aaa session-id common

no ip cef

!

!

!

!

dot11 syslog

!

dot11 ssid tatton12345

   authentication network-eap eap_methods1

   authentication key-management wpa version 2

   authentication client username maurice password 7 08224D401C0D00

   infrastructure-ssid

!

!

dot11 guest

!

!

!

username Cisco password 7 02250D480809

!

!

bridge irb

!

!

!

interface Dot11Radio0

 no ip address

 shutdown

 !

 encryption mode ciphers aes-ccm

 antenna gain 0

 packet retries 64 drop-packet

 station-role root

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 spanning-disabled

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

!

interface Dot11Radio1

 no ip address

 !

 encryption mode ciphers aes-ccm

 !

 ssid tatton12345

 !

 antenna gain 5

 peakdetect

 power local 11

 power client 11

 packet retries 64 drop-packet

 station-role non-root bridge

 bridge-group 1

 bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

 no ip address

 duplex auto

 speed auto

 bridge-group 1

 bridge-group 1 spanning-disabled

!

interface GigabitEthernet1

 no ip address

 duplex auto

 speed auto

 bridge-group 1

 bridge-group 1 spanning-disabled

!

interface BVI1

 ip address 172.16.8.65 255.255.248.0

 ipv6 address dhcp

 ipv6 address autoconfig

 ipv6 enable

!

ip default-gateway 172.16.8.18

ip forward-protocol nd

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

!

!

radius-server attribute 32 include-in-access-req format %h

radius-server vsa send accounting

!

radius server 1532root

 address ipv4 172.16.8.64 auth-port 1812 acct-port 1813

 key 7 04580A081A3549

!

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

 transport input all

!

end

 

New Member

Also note here are both

Also note here are both devices showing they are associated  

 

Root 64:

Cisco1532root#show dot11 associations

802.11 Client Stations on Dot11Radio1:

SSID [tatton12345] :

MAC Address    IP address      IPV6 address                           Device

    Name            Parent         State

189c.5d71.0e10 0.0.0.0         ::                                     Br-client

    -               189c.5d73.0e10 Assoc

189c.5d73.0e10 172.16.8.65     ::                                     bridge

    Cisco1532nonroo self           EAP-Assoc

 

Non root 65 >

Cisco1532nonroot#show dot11 associations

802.11 Client Stations on Dot11Radio1:

SSID [tatton12345] :

MAC Address    IP address      IPV6 address                           Device

    Name            Parent         State

189c.5d72.6a20 172.16.8.64     ::                                     bridge

    Cisco1532root   -              EAP-Assoc

 

 

I should have also listed the antenna info, the 1532E uses an external antenna.

 

AIR-ANT2588P3M-N
3 element dual band polarised MIMO Antenna

Of connection A, B or C on the patch antenna only A and B are used (only two required for either 2.4GHz or 5Ghz). In dual band mode you can uses connection 1 and 2 on the 1532E for either 2.4 or 5GHz. Note when testing single band mode (used connection 3 and 4 on 1532E) the speeds were roughly the same, so set back to dual band mode.

 

Stats/data from root antenna

Cisco1532root#show controllers dot111 antenna
Antenna:                        Rx[right-a left-b ]
                                Tx[right-a left-b  ofdm all]
                                External
                                Gain [Allowed, In Use 0]  (dBi x 2), In Use 0]
(dBi x 2), In Use 0]  (dBi x 2), In Use 0]  (dBi x 2), Reported 0, Configured 0,
 In Use 0]  (dBi x 2)

 


Cisco1532root#show controllers dot111 radio-stats
        DOT11 Statistics (Cumulative Total/Last 5 Seconds):
RECEIVER                               TRANSMITTER
Host Rx K Bytes:      24531 / 397      Host Tx K Bytes:            48 / 0
Unicasts Rx:           4014 / 93       Unicasts Tx:               372 / 6
Unicasts to host:      4014 / 93       Unicasts by host:          372 / 6
Broadcasts Rx:            2 / 0        Broadcasts Tx:            1818 / 47
Beacons Rx:               0 / 0        Beacons Tx:               1818 / 47
Broadcasts to host:       2 / 0        Broadcasts by host:          0 / 0
Multicasts Rx:            0 / 0        Multicasts Tx:               0 / 0
Multicasts to host:       0 / 0        Multicasts by host:          0 / 0
Mgmt Packets Rx:          8 / 0        Mgmt Packets Tx:             5 / 0
RTS received:             0 / 0        RTS transmitted:             0 / 0
Duplicate frames:         0 / 0        CTS not received:            0 / 0
CRC errors:               7 / 0        Unicast Fragments Tx:        0 / 0
WEP errors:               0 / 0        Retries:                     0 / 0
Buffer full:              0 / 0        Packets one retry:           0 / 0
Host buffer full:         0 / 0        Packets > 1 retry:           0 / 0
Header CRC errors:        0 / 0        Protocol defers:             0 / 0
Invalid header:           0 / 0        Energy detect defers:        0 / 0
Length invalid:           0 / 0        Jammer detected:             0 / 0
Incomplete fragments:     0 / 0        Packets aged:                0 / 0
Rx Concats:               0 / 0        Tx Concats:                  0 / 0
R2H Buffer full:          0 / 0

 Tx Watchdog stats:
 Tx SW Watchdog        0 / 0
 Tx HW Watchdog        0 / 0

RATE 6.0
Rx Packets:              14 / 0        Tx Packets:                  9 / 0
Rx Bytes:              1156 / 0        Tx Bytes:                 1042 / 0
RTS Retries:              0 / 0        Data Retries:                0 / 0

RATE m13-2
Rx Packets:               9 / 0        Tx Packets:                  1 / 0
Rx Bytes:               694 / 0        Tx Bytes:                   94 / 0
RTS Retries:              0 / 0        Data Retries:                0 / 0

RATE m14-2
Rx Packets:               2 / 0        Tx Packets:                  1 / 0
Rx Bytes:               115 / 0        Tx Bytes:                  121 / 0
RTS Retries:              0 / 0        Data Retries:                0 / 0

RATE m15-2
Rx Packets:            4105 / 114      Tx Packets:                367 / 8
Rx Bytes:            339377 / 9046     Tx Bytes:                49046 / 1081
RTS Retries:              0 / 0        Data Retries:                0 / 0


Cisco1532root#show controllers dot111 powercfg
Configured TxPower:             11 dBm (Level Index 4)
Chipset TxPower:                10 dBm per-path (RF-switch:- Digital Attenuator)
 (Attenuation: 0 dB)
Allowed Power Levels:           22 19 16 13 10  7  4  dBm
Allowed Client Power Levels:    22 19 16 13 10  7  4  dBm

 

Cisco1532root#show controllers dot111 rate
Active Rates:  basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0-2 m1-2
 m2-2 m3-2 m4-2 m5-2 m6-2 m7-2 m8-2 m9-2 m10-2 m11-2 m12-2 m13-2 m14-2 m15-2
Current Rates:  basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0-2 m1-
2 m2-2 m3-2 m4-2 m5-2 m6-2 m7-2 m8-2 m9-2 m10-2 m11-2 m12-2 m13-2 m14-2 m15-2
Allowed Rates:  6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
All Rates:  6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0-2 m1-2 m2-2 m3-2 m4-2 m5-2
m6-2 m7-2 m8-2 m9-2 m10-2 m11-2 m12-2 m13-2 m14-2 m15-2
Default Rates:  basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0-2 m1-
2 m2-2 m3-2 m4-2 m5-2 m6-2 m7-2 m8-2 m9-2 m10-2 m11-2 m12-2 m13-2 m14-2 m15-2
Best Range Rates:  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0-2 m1-2 m2-2 m3
-2 m4-2 m5-2 m6-2 m7-2 m8-2 m9-2 m10-2 m11-2 m12-2 m13-2 m14-2 m15-2
Best Throughput Rates:  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 bas
ic-36.0 basic-48.0 basic-54.0 m0-2 m1-2 m2-2 m3-2 m4-2 m5-2 m6-2 m7-2 m8-2 m9-2
m10-2 m11-2 m12-2 m13-2 m14-2 m15-2
Current Voice Rates:  basic-6.0 basic-12.0 basic-24.0 [disabled until voice pack
et-discard enabled]
Default Voice Rates:  basic-6.0 basic-12.0 basic-24.0
Managment Rates:  basic-6.0
Multicast Rates:  basic-6.0 basic-12.0 basic-24.0
 Multicast Active rate: 24.0
RTS Rates:  basic-6.0 basic-12.0 basic-24.0
RTS Active rate 24.0
RTS Max rate 24.0
 Local Packet Rate Probing is disabled : Packet Size 20
Data Rate Sensitivity (rate, SNR dB, Contention dBm)
( 6.0, 15, -89)   ( 9.0, 16, -88)   (12.0, 18, -88)   (18.0, 19, -86)
(24.0, 20, -85)   (36.0, 24, -81)   (48.0, 27, -78)   (54.0, 31, -77)

 

 

New Member

I’m still trying to improve

I’m still trying to improve data throughput speeds, link test looks really good (1-2 retires) but I can only achieve around 5Mbps actual data transfer speeds. Using two indoor 1142 in a root and non root point to point setup I can achieve a data through put speed of 10-12Mbps.

 

Example of a few things I’ve tried. Note data rates are listed as MCS15 (Data rates: http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1530-series/data_sheet_c78-728356.html)

 

(Non root 172.16.8.65/255.255.248.0) 65 = (1532I - internal), 64 (1532E – external with external antenna)

Was 65 (non root): Antenna Gain 5 dBi, 64: 0

Set 65 (non root) = 0dBi, 64 = 8dBi (external 3 patch antenna)

Looked at EIRP (https://learningnetwork.cisco.com/thread/58934, https://supportforums.cisco.com/document/49506/snr-

rssi-eirp-and-free-space-path-loss, http://wireless.navigator.co.uk/standards.htm)

Power was 65 = 11dBm, 64 =12dBm

Now 65 =14 and 64 = 15, rebooted

Changed 65 = 20 for transmit power, rebooted > Seems a little slower more under 4Mbps most of the time

65 > Set power from max (=20) > changed to 14dBm, also set client power from 11 to 14 too. Rebooted

Closer to the 5MBps mark

Antenna post: https://supportforums.cisco.com/discussion/12053846/outdoor-5ghz-mimo-deployment

172.16.8.64 select best throughput - was set to band 3, rebooted, not much of a difference

Changed to best range, rebooted,

Above link 5dbi of integrated antenna

65 > set antenna gain back to 5dbi, power set to 17, rebooted both

64 - Set to above 40Mhz channel width

Shows configured radio as 40MHz, but active radio as 20Mhz

Speeds under 4Mbps on average

Rebooted, again under 4Mbps avg

Set back to 20MHz rebooted, avg under 5Mbps

 

Any suggestions would be greatly appreciated

 

 

New Member

Robert, This thread is

Robert,

 

This thread is getting wicked long, so bear with me as I try to sort it out.....

Can you please run the following commands on both ROOT and non-ROOT?

show ap auto-rf { 802.11a | 802.11b} ap_name 

show {802.11a | 802.11b} cleanair air-quality Cisco_AP

show dot11 ass all

Thanks!

 

New Member

Hi, thanks for your

Hi, thanks for your suggestion

 

Unfortunately I think the first command can only be issued for a WLC, whereas these bridges are in autonomous mode as we have no WLC.

 

Also the CleanAir command would not be supported on our 1532s this is available on the 1550 models.  

 

However on the root (172.16.8.64, 1532E)

I can run the command: dot11 dot111 carrier busy

 

Results:

Frequency  Carrier Busy %

---------  --------------

   5500          0

   5520          0

   5540          0

   5560          0

   5580          0

   5660          0

   5680          0

   5700          0

 

I did a another check via web interface and this outputted only two channels with something above 0%

5660       2

5680       2

 

On the Non root (172.16.8.65, 1532i)

From CLI 5680 reported 49% busy

Then from the web interface test all zero except 568022, which reported 22% busy.

 

The current channel being used was 5660 (Channel 132).

 

Therefore just to ensure no problem I have changed via: dot11 dot111 channel-set 100, and width 20, this is now showing as 5500 MHz channel 100, 20MHz.

 

Data transfer rates are still around the 5Mbps mark about 40% of what it should be; after testing on this channel too.

 

Associations:

 

Root (1532E, 172.16.8.64)

 

Cisco1532root#show dot11 associations

 

802.11 Client Stations on Dot11Radio1:

 

SSID [tatton12345] :

 

MAC Address    IP address      IPV6 address                           Device

    Name            Parent         State

189c.5d71.0e10 0.0.0.0         ::                                     Br-client

    -               189c.5d73.0e10 Assoc

189c.5d73.0e10 172.16.8.65     ::                                     bridge

    Cisco1532nonroo self           EAP-Assoc

 

Cisco1532root#show dot11 associations all
Address           : 189c.5d71.0e10     Name             : NONE
IP Address        : 0.0.0.0            IPv6 Address        : ::

Gateway Address   : 0.0.0.0
Netmask Address   : 0.0.0.0            Interface        : Dot11Radio 1
Bridge-group        : 0
reap_flags_1        : 0x0     ip_learn_type       : 0x0       transient_static_i
p : 0x0
Device            : Br-client          Software Version : NONE
CCX Version       : NONE               Client MFP       : Off

State             : Assoc              Parent           : 189c.5d73.0e10
SSID              : tatton12345
VLAN              : 0
Hops to Infra     : 0
Clients Associated: 0                  Repeaters associated: 0
11w Status       : Off

Address           : 189c.5d73.0e10     Name             : Cisco1532nonroo
IP Address        : 172.16.8.65        IPv6 Address        : ::

Gateway Address   : 0.0.0.0
Netmask Address   : 0.0.0.0            Interface        : Dot11Radio 1
Bridge-group        : 1
reap_flags_1        : 0x0     ip_learn_type       : 0x0       transient_static_i
p : 0x0
Device            : bridge             Software Version : 15.2
CCX Version       : 5                  Client MFP       : Off

State             : EAP-Assoc          Parent           : self
SSID              : tatton12345
VLAN              : 0
Hops to Infra     : 1                  Association Id   : 1
Clients Associated: 1                  Repeaters associated: 0
Tunnel Address    : 0.0.0.0
Key Mgmt type     : WPAv2              Encryption       : AES-CCMP
Current Rate      : m15-               Capability       : WMM ShortHdr 11h
Supported Rates   : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0-2 m1-2 m2-2 m3-2 m4
-2 m5-2 m6-2 m7-2 m8-2 m9-2 m10-2 m11-2 m12-2 m13-2 m14-2 m15-2
Voice Rates       : disabled           Bandwidth        : 20 MHz
Signal Strength   : -44  dBm           Connected for    : 158 seconds
Signal to Noise   : 53  dB            Activity Timeout : 30 seconds
Power-save        : Off                Last Activity    : 0 seconds ago
Apsd DE AC(s)     : NONE

Packets Input     : 3472               Packets Output   : 384
Bytes Input       : 353398             Bytes Output     : 98965
Duplicates Rcvd   : 0                  Data Retries     : 0
Decrypt Failed    : 0                  RTS Retries      : 0
MIC Failed        : 0                  MIC Missing      : 0
Packets Redirected: 0                  Redirect Filtered: 0
IP source guard failed : 0             PPPoE passthrough failed : 0

DAI failed : IP mismatch  : 0             src MAC mismatch : 0             targe
t MAC mismatch : 0
Existing IP failed :  0              New IP failed :  0
11w Status       : On
Session timeout   : 0 seconds
Reauthenticate in : never

 

Non root (Cisco 1532I, 172.16.8.65)

Cisco1532nonroot#show dot11 associations

 

802.11 Client Stations on Dot11Radio1:

 

SSID [tatton12345] :

 

MAC Address    IP address      IPV6 address                           Device

    Name            Parent         State

189c.5d72.6a20 172.16.8.64     ::                                     bridge

 

Cisco1532nonroot#show dot11 associations all
Address           : 189c.5d72.6a20     Name             : Cisco1532root
IP Address        : 172.16.8.64        IPv6 Address        : ::

Gateway Address   : 0.0.0.0
Netmask Address   : 0.0.0.0            Interface        : Dot11Radio 1
Bridge-group        : 0
reap_flags_1        : 0x0     ip_learn_type       : 0x0       transient_static_i
p : 0x0
Device            : bridge             Software Version : 15.2
CCX Version       : 5                  Client MFP       : Off

State             : EAP-Assoc          Parent           : -
SSID              : tatton12345
VLAN              : 0
Hops to Infra     : 0                  Association Id   : 1
Tunnel Address    : 0.0.0.0
Key Mgmt type     : WPAv2              Encryption       : AES-CCMP
Current Rate      : m15-               Capability       : WMM ShortHdr 11h
Supported Rates   : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0-2 m1-2 m2-2 m3-2 m4
-2 m5-2 m6-2 m7-2 m8-2 m9-2 m10-2 m11-2 m12-2 m13-2 m14-2 m15-2
Voice Rates       : disabled           Bandwidth        : 20 MHz
Signal Strength   : -56  dBm           Connected for    : 281 seconds
Signal to Noise   : 41  dB            Activity Timeout : 15 seconds
Power-save        : Off                Last Activity    : 0 seconds ago
Apsd DE AC(s)     : NONE

Packets Input     : 3475               Packets Output   : 6474
Bytes Input       : 761132             Bytes Output     : 844331
Duplicates Rcvd   : 0                  Data Retries     : 206
Decrypt Failed    : 0                  RTS Retries      : 0
MIC Failed        : 0                  MIC Missing      : 0
Packets Redirected: 0                  Redirect Filtered: 0
IP source guard failed : 0             PPPoE passthrough failed : 0

DAI failed : IP mismatch  : 0             src MAC mismatch : 0             targe
t MAC mismatch : 0
Existing IP failed :  0              New IP failed :  0
11w Status       : Off

 

Thanks again

New Member

What are you using to test

What are you using to test the link? Your bridge looks fine to me.

New Member

Still struggling to get 'n'

Still struggling to get 'n' speeds over this bridge. I will start a new thread as this is unrelated to my initial issues (unable to authenicate the root>non root bridge).

New Member

New thread, thanks for you

10997
Views
0
Helpful
20
Replies
CreatePlease login to create content