Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Bridge Security (1310G)

Hi,

we have established a bridge connection between a 1310G Root Bridge and a 1310G Non Root Bridge with the following settings for this bridge SSID: "Open Authentication" with "WPA mandatory and WPA Preshared Key" in Client Authenticated Key Management.

Moreover we have a 2nd SSID with EAP (Radius) for network authentication.

a). can this scenario be viewed as secure ?

b). is it possible to use EAP-Authentication (e.g. Network EAP with LEAP) for the Bridge SSID as well ? If yes, how can we do this ?

We enabled local authentication on the Root Bridge with Bridge and Non Root Bridge as AAA-Clients - and the usernames/passwords defined in it were entered in AP authentication. But this failed.

Thanks,

Thorsten

2 REPLIES
New Member

Re: Bridge Security (1310G)

Hi, coincidently I'm trying to do the same thing, (the authentication part) and with no success.

I found a link on CCO, http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml

but it isn't working.

Besides, they specify that we should use network-eap for authentication, but they don't specify any method list for AAA, which is mandatory (at least on the CLI).

If you find out anything, plase reply to this post

New Member

Re: Bridge Security (1310G)

Hello, I managed to put a config with LEAP and WPA 2 working on a P2P link, authenticated by a ACS on the Root side.

I'll past the relevant config for the root and non-root.

!

hostname BR1300-NonRoot

!

dot11 ssid test

authentication network-eap DUMMY

authentication key-management wpa version 2

authentication client username bridgelink password XXXXXX

infrastructure-ssid

!

!

interface Dot11Radio0

!

encryption mode ciphers aes-ccm

!

ssid test

!

station-role non-root bridge

end

======ROOT=======

hostname BR1300-Root

!

aaa new-model

!

aaa authentication login EAP-LIST group radius

!

dot11 ssid test

authentication network-eap EAP-LIST

authentication key-management wpa version 2

infrastructure-ssid

!

interface Dot11Radio0

!

encryption mode ciphers aes-ccm

!

ssid test

!

station-role root bridge

!

!

interface BVI1

ip address XXXXXXXXXX

no ip route-cache

!

radius-server host ACS-RADIUS IP auth-port 1645 acct-port 1646 key XXXXXXXXXXXXXXXXXXX

168
Views
0
Helpful
2
Replies
CreatePlease to create content