Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Workgroup Bridge in Universal Mode

I have a Cisco 1242 access point which I have configured as a workgroup bridge. This bridge needs to connect to non-Cisco AP's.

I have this working fine (you have to run version 12.4 or later to be able to use the universal command)

I am running EAP-TLS and have a certificate on the AP, but it was ages since I configured it, so I after clarification that my steps are correct for adding a new certificate.

The relevant commands on the AP are as follows:-

dot11 ssid WHATEVER
   authentication open eap eap_methods
   authentication network-eap eap_methods
   authentication key-management wpa version 2
   dot1x credentials EAPTLS
   dot1x eap profile EAPTLS

eap profile EAPTLS
method tls

interface Dot11Radio0

no ip address

no ip route-cache

encryption mode ciphers aes-ccm

ssid WHATEVER

station-role workgroup-bridge universal aaaa.bbbb.ccccc !This is mac address of attached laptop!

bridge-group 1

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

no ip address

no ip route-cache

Now the existing certificate is setup as follows:-

crypto pki trustpoint aaaaaaa
revocation-check crl
rsakeypair aaaaaaa

crypto pki certificate chain aaaaaaa

certificate 175B

  308205DF 308204C7 A0030201 02020217 5B300D06 092A8648 86F70D01 01050500

etc etc etc

Am I right in thinking to load the new certificate (bbbbbb) all I have to do is copy the certificate to AP (copy tftp flash:), and then run the following commands:-

crypto pki trustpoint bbbbbb
revocation-check crl
rsakeypair bbbbbbbbb

crypto pki certificate chain bbbbbb

certificate ##### ! then copy and paste the details of the user certificate in here???

Is there any order these need to be added in??

Any help would be much appreciated.

Regards

Andrew

Everyone's tags (3)
1 REPLY
New Member

Re: Workgroup Bridge in Universal Mode

Answered my own question:-

crypto pki import bbbbb pkcs12 flash:bbbbbbb.pfx (password if required)

Once the cert is imported it creates the crypto pki trustpoint!!

Just then need to add the following:-

dot1x credentials EAPTLS
username bbbbb.bbbbb.com
pki-trustpoint bbbbb

2392
Views
0
Helpful
1
Replies
CreatePlease to create content