cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

440
Views
0
Helpful
2
Replies
Highlighted
Beginner

1310 wireless outdoor bridge - strong Encryption configuration - high priority

Hi All,

Below  is bridge configration .  I would like to know with this below   configuration data traffic will get compelete encrytion ?? any better  encryption configuration  ?? as I read wpa will not provide complete  encryption. please help

network topology

R1--------------SW1<----------------->  root bride-1 <---------------------------> Non-root bridge-1  <------------------------ >SW2( remote office)--------LAN  hosts                   

SW1- Gi0/0- 10.200.32.1/29             BVI- 32.2/29                               BVI -  32.3/29                                   SW2-GI0/0 - 32.4/29

network setup :  SW1 - LAN port to root bridge connection --  Gi 0/0 - ip address configured -10.200.32.1/29

                         Root-brdge -------------------------------------------- BVI  10.200.32.2/29 -----

                         Non root bridge----------------------------------------BVI 10.200.32.3/29

                         SW2 LAN port-Non root bridge ----------------- Gi0/0  10.200.32.4/29

both bridge have only BVI configured and no VLAN or subniterface on the both bridge .

SW1 and SW2 port connected to bridges are not part of vlan  , ports configured with specfic IP address

!
dot11 ssid
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 123456
!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm


station-role root bridge
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
!
interface BVI1
ip address 10.200.32.2 255.255.255.248
no ip route-cache
!        
ip default-gateway 10.200.32.1
ip http server
no ip http secure-server

!
!
control-plane
!
bridge 1 route ip
!
!
!

************************************Configuration  on non root  bridge.******************************************************************

!
dot11 ssid
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 123456

!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!

!
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
!
interface BVI1
ip address 10.200.32.3 255.255.255.248
no ip route-cache
!
ip default-gateway 10.200.32.2
ip http server
no ip http secure-server

!
!
control-plane
!
bridge 1 route ip
!
!

1 ACCEPTED SOLUTION

Accepted Solutions

1310 wireless outdoor bridge - strong Encryption configuration -

Hi there ..

I want to make sure I understand. You are concerned about the encryption of the wireless tranmission over the bridge correct ? I see based on your config you are using WPA/AES. This isnt standard based, if you wanted to be more stnadards based you should use WPA/TKIP or WPA/AES. Both are very secure. I would lease with WPA/AES. Again this is only for the encryption.

If you want stronger authentcation you might consider 802.1X.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

2 REPLIES 2
Beginner

1310 wireless outdoor bridge - strong Encryption configuration -

can any one help me on this please

1310 wireless outdoor bridge - strong Encryption configuration -

Hi there ..

I want to make sure I understand. You are concerned about the encryption of the wireless tranmission over the bridge correct ? I see based on your config you are using WPA/AES. This isnt standard based, if you wanted to be more stnadards based you should use WPA/TKIP or WPA/AES. Both are very secure. I would lease with WPA/AES. Again this is only for the encryption.

If you want stronger authentcation you might consider 802.1X.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards