Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Non-root is not associate with root

I am working to setup the non-root  associate with root. I have checked every configuration from the root  are the same as non-root. Accept it set to non-root.

- It is the same VLAN, SSID, authentication is open. I have encryption from both sides are the same.

It is still not associated. What else should I check from the non-root to get association? Please give me some helps

I am really appreciated that.

The root configuration:

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname Root_Bridge

!

no logging console

!

aaa new-model

!

!

aaa group server radius rad_eap

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login default local

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

!

aaa session-id common

!

resource policy

!

clock timezone MST -7

clock save interval 24

ip subnet-zero

ip domain name Bridge

!

!

ip ssh time-out 60

ip ssh version 2

no dot11 igmp snooping-helper

dot11 vlan-name Management vlan 51

dot11 vlan-name User vlan 11

!

dot11 ssid LOCALBRIDGE

   vlan 51

   authentication open

   infrastructure-ssid

!

dot11 network-map

!

crypto pki trustpoint TP-self-signed-4076113752

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-4076113752

revocation-check none

rsakeypair TP-self-signed-4076113752

!

!

crypto pki certificate chain TP-self-signed-4076113752

certificate self-signed 01

  30820261 308201CA A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 34303736 31313337 3532301E 170D3032 30333031 30303030

  33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30373631

  31333735 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100B329 87F691CA 1107EC3A 9EF4676D 2F96A7E4 42DBB88F 426D78C1 0E9E09A0

  8F5EA9A1 DF88C33A A0DF128A E13E6E59 E9232487 0F5C953C 274DF314 1F48544F

  E213D232 85B1E45A 4D186A9E FF9581E6 3E471891 16B627B6 CB3D8F01 BCFF89E0

  77E8EA44 0E255F75 BFF1299A B3198E9B 61B3056B 8F365D98 2A8D463E F3122C47

  B80D0203 010001A3 81883081 85300F06 03551D13 0101FF04 05300301 01FF3032

  0603551D 11042B30 29822737 3332385F 42726964 67652E64 61766973 2D6D6F6E

  7468616E 2E616363 2E64732E 61662E6D 696C301F 0603551D 23041830 1680145F

  9DB7F2A6 BD563ACB 429F6938 6AF9D336 69139F30 1D060355 1D0E0416 04145F9D

  B7F2A6BD 563ACB42 9F69386A F9D33669 139F300D 06092A86 4886F70D 01010405

  00038181 00372387 521D029A FAE2F579 73EDCF3B FDF262EE 5DF6154E 5469A5BD

  6630E5FD C8A1311A A24493D4 D1856862 8979692B CDFE65D7 29E97B60 FCC37584

  A27FA332 9CC5F175 2EDC871C D41BA4F5 A50634DE 75210305 47240D4F A30D0046

  532F68ED 569CE374 98C5F53D A417CFBF 3A93C98A D399B06E A73E61AB D4889452

  0B695B54 86

  quit

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 1 size 128bit 7 E99521751C16125A7754722A6B72 transmit-key

encryption key 2 size 128bit 7 1857F02303182327EA1A9242A53B

encryption key 3 size 128bit 7 FE1CF103855EBB2763224F129556

encryption key 4 size 128bit 7 19A03A5D596B029A01C208EF1C0F

encryption mode ciphers wep128

!

encryption vlan 11 key 1 size 128bit 7 419258EC0B7E6C7413C571760B67 transmit-key

encryption vlan 11 key 2 size 128bit 7 AB3C5B091B37223F39306B1F7442

encryption vlan 11 key 3 size 128bit 7 3E1CF103855EBB2763224F129556

encryption vlan 11 key 4 size 128bit 7 E858C5382B5D5E372A6C0438604C

encryption vlan 11 mode wep mandatory

!

encryption vlan 51 key 1 size 128bit 7 90792B34ACD2C8D18A0B7AF3AC68 transmit-key

encryption vlan 51 key 2 size 128bit 7 72063EA2FEF03A39E5468E92A7C5

encryption vlan 51 key 3 size 128bit 7 8607AEADB49EE0B7E4529770D9AE

encryption vlan 51 key 4 size 128bit 7 F60210B48CB39887A59255187D6D

encryption vlan 51 mode wep mandatory

!

ssid LOCALBRIDGE

!

speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0

packet retries 128

station-role root

rts threshold 4000

rts retries 128

cca 87

concatenation

distance 5

beacon period 20

infrastructure-client

!

interface Dot11Radio0.11

encapsulation dot1Q 11

no ip route-cache

no snmp trap link-status

bridge-group 11

!

interface Dot11Radio0.51

encapsulation dot1Q 51 native

no ip route-cache

no snmp trap link-status

bridge-group 1

!

interface FastEthernet0

no ip address

no ip route-cache

hold-queue 80 in

!

interface FastEthernet0.11

encapsulation dot1Q 11

no ip route-cache

no snmp trap link-status

bridge-group 11

!

interface FastEthernet0.51

encapsulation dot1Q 51 native

no ip route-cache

no snmp trap link-status

bridge-group 1

!

interface BVI1

ip address 192.168.0.5 255.255.255.0

no ip route-cache

!

no ip http server

ip http authentication aaa

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

logging history informational

snmp-server view dot11view ieee802dot11 included

snmp-server community PUBLICSTRING RW

snmp-server chassis-id Bridge

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps entity

snmp-server enable traps disassociate

snmp-server enable traps deauthenticate

snmp-server enable traps authenticate-fail

snmp-server enable traps dot11-qos

snmp-server enable traps wlan-wep

snmp-server enable traps config

snmp-server enable traps syslog

snmp-server enable traps cpu threshold

snmp-server enable traps aaa_server

snmp-server enable traps envmon

snmp-server host 192.168.9.10 PUBLICSTRING

tacacs-server host 192.168.6.100

tacacs-server host 192.168.4.100

tacacs-server directed-request

radius-server attribute 32 include-in-access-req format %h

radius-server vsa send accounting

bridge 1 protocol ieee

bridge 1 route ip

!

!

!

line con 0

access-class 111 in

line vty 0 4

access-class 111 in

line vty 5 15

access-class 111 in

!

end

The non-root configuration:

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Bridge

!

logging console informational

logging monitor informational

!

aaa new-model

!

!

aaa group server radius rad_eap

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login default local

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

aaa cache profile admin_cache

all

!

!

aaa session-id common

!

resource policy

!

clock timezone MST -7

clock save interval 24

ip subnet-zero

ip domain name Bridge

!

!

no dot11 igmp snooping-helper

dot11 activity-timeout bridge default 3600

dot11 vlan-name Management vlan 51

dot11 vlan-name User vlan 11

!

dot11 ssid LOCALBRIDGE

   vlan 51

   authentication open

   infrastructure-ssid

!

dot11 network-map

!

!

!

no crypto provisioning petitioner

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 1 size 128bit 7 E99521751C16125A7754722A6B72 transmit-key

encryption key 2 size 128bit 7 1857F02303182327EA1A9242A53B

encryption key 3 size 128bit 7 FE1CF103855EBB2763224F129556

encryption key 4 size 128bit 7 19A03A5D596B029A01C208EF1C0F

encryption mode ciphers wep128

!

encryption vlan 11 key 1 size 128bit 7 419258EC0B7E6C7413C571760B67 transmit-key

encryption vlan 11 key 2 size 128bit 7 AB3C5B091B37223F39306B1F7442

encryption vlan 11 key 3 size 128bit 7 3E1CF103855EBB2763224F129556

encryption vlan 11 key 4 size 128bit 7 E858C5382B5D5E372A6C0438604C

encryption vlan 11 mode wep mandatory

!

encryption vlan 51 key 1 size 128bit 7 90792B34ACD2C8D18A0B7AF3AC68 transmit-key

encryption vlan 51 key 2 size 128bit 7 72063EA2FEF03A39E5468E92A7C5

encryption vlan 51 key 3 size 128bit 7 8607AEADB49EE0B7E4529770D9AE

encryption vlan 51 key 4 size 128bit 7 F60210B48CB39887A59255187D6D

encryption vlan 51 mode wep mandatory

!

ssid LOCALBRIDGE

!

speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0

packet retries 128

station-role non-root bridge

rts threshold 4000

rts retries 128

cca 87

concatenation

beacon period 20

infrastructure-client

!

interface Dot11Radio0.11

encapsulation dot1Q 11

no ip route-cache

no snmp trap link-status

bridge-group 11

!

interface Dot11Radio0.51

encapsulation dot1Q 51 native

no ip route-cache

no snmp trap link-status

bridge-group 1

!

interface FastEthernet0

no ip address

no ip route-cache

hold-queue 80 in

!

interface FastEthernet0.11

encapsulation dot1Q 11

no ip route-cache

no snmp trap link-status

bridge-group 11

!

interface FastEthernet0.51

encapsulation dot1Q 51 native

no ip route-cache

no snmp trap link-status

bridge-group 1

!

interface BVI1

ip address 192.168.0.10 255.255.255.0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

snmp-server community PUBLICSTRING RW

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps entity

snmp-server enable traps disassociate

snmp-server enable traps deauthenticate

snmp-server enable traps authenticate-fail

snmp-server enable traps dot11-qos

snmp-server enable traps wlan-wep

snmp-server enable traps config

snmp-server enable traps syslog

snmp-server enable traps cpu threshold

snmp-server enable traps aaa_server

snmp-server enable traps envmon

snmp-server host 192.168.9.10 PUBLICSTRING

tacacs-server host 192.168.6.100

tacacs-server host 192.168.4.100

tacacs-server directed-request

radius-server attribute 32 include-in-access-req format %h

radius-server vsa send accounting

bridge 1 protocol ieee

bridge 1 route ip

bridge 11 protocol ieee

!

!

!

line con 0

line vty 0 4

!

end

  • Getting Started with Wireless
1 REPLY

Non-root is not associate with root

Chieu,

    The only thing I see and not sure that it makes a difference but I recall that on the root device the station role should be "root bridge", not just "root" but I could be wrong.  Although I checked my bridges here and the roots all have station-role root bridge

433
Views
0
Helpful
1
Replies
This widget could not be displayed.