I am trying to setup a point to point bridge link. I need both ends to support wireless clients so I know that one end will be setup as a root bridge wireless clients and the other end non-root bridge wireless clients.
I have three SSID's on each end connected to three VLAN's. I am using a 1230g access point for this.
I am unable to get the two units to connect to each other. I am using LEAP on the primary SSID which is setup for infrastructure-ssid with a user name and password.
On the root bridge I am never seeing the remote bridge even try to authenticate.
I know that when bridging multiple vlans you only need to encrypt the first vlan but all three SSID's are using encryption for the users.
Ok, it works now. I took the advice of someone who once told me that if your config does not work then you should clear it all out and start over. So that is what I did. And now it works. Of course the down side to having multiple SSID's on a bridge link is that you cannot use the MBSSID feature. So if you want to broadcast your SSID to allow users to see it, then it will have to be the SSID tied to the native VLAN which will also be your infrastructure SSID.
Here is the config.
service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname 1230a ! ! ip subnet-zero ! ! aaa new-model ! ! aaa group server radius rad_eap server 192.168.1.25 auth-port 1812 acct-port 1813 ! aaa group server radius rad_mac ! aaa group server radius rad_acct ! aaa group server radius rad_admin cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache ! aaa group server tacacs+ tac_admin server 192.168.1.25 cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa group server radius rad_eap1 server 192.168.1.25 auth-port 1812 acct-port 1813 ! aaa group server radius rad_eap2 server 192.168.1.25 auth-port 1812 acct-port 1813 ! aaa authentication login default cache tac_admin group tac_admin local aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authentication login eap_methods1 group rad_eap1 aaa authentication login eap_methods2 group rad_eap2 aaa authorization exec default cache tac_admin group tac_admin local aaa accounting network acct_methods start-stop group rad_acct aaa cache profile admin_cache all ! aaa session-id common dot11 syslog ! dot11 ssid Office vlan 192 authentication open eap eap_methods1 authentication network-eap eap_methods1 authentication key-management wpa guest-mode infrastructure-ssid ! dot11 ssid Directors vlan 22 authentication network-eap eap_methods2 authentication key-management wpa ! dot11 ssid Guest vlan 112 authentication open authentication key-management wpa wpa-psk ascii 7 121A0C0411044D0723382727 ! ! ! username Cisco password 7 01300F175804 username seth privilege 15 password 7 094F471A1A0A ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 192 mode ciphers tkip ! encryption vlan 22 mode ciphers aes-ccm ! encryption vlan 112 mode ciphers tkip ! ssid Office ! ssid Directors ! ssid Guest ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 power local cck 1 power local ofdm 1 channel 2412 station-role root bridge wireless-clients ! interface Dot11Radio0.22 encapsulation dot1Q 22 no ip route-cache bridge-group 22 bridge-group 22 subscriber-loop-control bridge-group 22 spanning-disabled ! interface Dot11Radio0.112 encapsulation dot1Q 112 no ip route-cache bridge-group 112 bridge-group 112 subscriber-loop-control bridge-group 112 spanning-disabled ! interface Dot11Radio0.192 encapsulation dot1Q 192 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! interface FastEthernet0.22 encapsulation dot1Q 22 no ip route-cache bridge-group 22 bridge-group 22 spanning-disabled ! interface FastEthernet0.112 encapsulation dot1Q 112 no ip route-cache bridge-group 112 bridge-group 112 spanning-disabled ! interface FastEthernet0.192 encapsulation dot1Q 192 native no ip route-cache bridge-group 1 bridge-group 1 spanning-disabled ! interface BVI1 ip address 192.168.1.35 255.255.255.0 no ip route-cache ! ip http server ip http authentication aaa no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag