https://community.cisco.com/t5/wireless/bridge-security-1310g/m-p/732919#M22549 <HTML><HEAD></HEAD><BODY><P>Hello, I managed to put a config with LEAP and WPA 2 working on a P2P link, authenticated by a ACS on the Root side.</P><P></P><P>I'll past the relevant config for the root and non-root.</P><P></P><P>!</P><P></P><P>hostname BR1300-NonRoot</P><P>!</P><P>dot11 ssid test</P><P> authentication network-eap DUMMY </P><P> authentication key-management wpa version 2</P><P> authentication client username bridgelink password XXXXXX</P><P> infrastructure-ssid</P><P>!</P><P>!</P><P>interface Dot11Radio0</P><P> !</P><P> encryption mode ciphers aes-ccm </P><P> !</P><P> ssid test</P><P> !</P><P> station-role non-root bridge</P><P></P><P>end</P><P></P><P>======ROOT=======</P><P></P><P>hostname BR1300-Root</P><P>!</P><P>aaa new-model</P><P>!</P><P>aaa authentication login EAP-LIST group radius</P><P>!</P><P>dot11 ssid test</P><P> authentication network-eap EAP-LIST </P><P> authentication key-management wpa version 2</P><P> infrastructure-ssid</P><P>!</P><P>interface Dot11Radio0</P><P> !</P><P> encryption mode ciphers aes-ccm </P><P>!</P><P> ssid test</P><P> !</P><P> station-role root bridge</P><P>!</P><P>!</P><P>interface BVI1</P><P> ip address XXXXXXXXXX</P><P> no ip route-cache</P><P>!</P><P>radius-server host ACS-RADIUS IP auth-port 1645 acct-port 1646 key XXXXXXXXXXXXXXXXXXX</P></BODY></HTML> Fri, 24 Aug 2007 18:31:00 GMT Gustavo Novais 2007-08-24T18:31:00Z https://community.cisco.com/t5/wireless/bridge-security-1310g/m-p/732917#M22547 <P>Hi,</P><P>we have established a bridge connection between a 1310G Root Bridge and a 1310G Non Root Bridge with the following settings for this bridge SSID: "Open Authentication" with "WPA mandatory and WPA Preshared Key" in Client Authenticated Key Management.</P><P>Moreover we have a 2nd SSID with EAP (Radius) for network authentication.</P><P>a). can this scenario be viewed as secure ?</P><P>b). is it possible to use EAP-Authentication (e.g. Network EAP with LEAP) for the Bridge SSID as well ? If yes, how can we do this ?</P><P>We enabled local authentication on the Root Bridge with Bridge and Non Root Bridge as AAA-Clients - and the usernames/passwords defined in it were entered in AP authentication. But this failed.</P><P>Thanks,</P><P>Thorsten</P> Sat, 03 Jul 2021 21:31:57 GMT https://community.cisco.com/t5/wireless/bridge-security-1310g/m-p/732917#M22547 ciscoprolin 2021-07-03T21:31:57Z https://community.cisco.com/t5/wireless/bridge-security-1310g/m-p/732918#M22548 <HTML><HEAD></HEAD><BODY><P>Hi, coincidently I'm trying to do the same thing, (the authentication part) and with no success. </P><P>I found a link on CCO, <A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml</A></P><P> but it isn't working.</P><P>Besides, they specify that we should use network-eap for authentication, but they don't specify any method list for AAA, which is mandatory (at least on the CLI).</P><P></P><P>If you find out anything, plase reply to this post</P></BODY></HTML> Fri, 24 Aug 2007 15:48:26 GMT https://community.cisco.com/t5/wireless/bridge-security-1310g/m-p/732918#M22548 Gustavo Novais 2007-08-24T15:48:26Z https://community.cisco.com/t5/wireless/bridge-security-1310g/m-p/732919#M22549 <HTML><HEAD></HEAD><BODY><P>Hello, I managed to put a config with LEAP and WPA 2 working on a P2P link, authenticated by a ACS on the Root side.</P><P></P><P>I'll past the relevant config for the root and non-root.</P><P></P><P>!</P><P></P><P>hostname BR1300-NonRoot</P><P>!</P><P>dot11 ssid test</P><P> authentication network-eap DUMMY </P><P> authentication key-management wpa version 2</P><P> authentication client username bridgelink password XXXXXX</P><P> infrastructure-ssid</P><P>!</P><P>!</P><P>interface Dot11Radio0</P><P> !</P><P> encryption mode ciphers aes-ccm </P><P> !</P><P> ssid test</P><P> !</P><P> station-role non-root bridge</P><P></P><P>end</P><P></P><P>======ROOT=======</P><P></P><P>hostname BR1300-Root</P><P>!</P><P>aaa new-model</P><P>!</P><P>aaa authentication login EAP-LIST group radius</P><P>!</P><P>dot11 ssid test</P><P> authentication network-eap EAP-LIST </P><P> authentication key-management wpa version 2</P><P> infrastructure-ssid</P><P>!</P><P>interface Dot11Radio0</P><P> !</P><P> encryption mode ciphers aes-ccm </P><P>!</P><P> ssid test</P><P> !</P><P> station-role root bridge</P><P>!</P><P>!</P><P>interface BVI1</P><P> ip address XXXXXXXXXX</P><P> no ip route-cache</P><P>!</P><P>radius-server host ACS-RADIUS IP auth-port 1645 acct-port 1646 key XXXXXXXXXXXXXXXXXXX</P></BODY></HTML> Fri, 24 Aug 2007 18:31:00 GMT https://community.cisco.com/t5/wireless/bridge-security-1310g/m-p/732919#M22549 Gustavo Novais 2007-08-24T18:31:00Z