Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
9389
Views
10
Helpful
6
Comments

1310 / 1410 Outdoor Bridge Root - Non Root configuration example

Surendra BG
Cisco Employee
Cisco Employee

‎02-15-2011 05:46 AM - edited ‎11-18-2020 02:53 AM

   1310 / 1410 Outdoor Bridge Root - Non Root configuration example

Here is the configuration example for 1310 / 1410 bridge configuration for multiple VLAN traffic to flow from one building to another..

Assume you have Multiple VLANs on the Root and Non Root and you need to pass it across the buildings..
for example... Here in this config example.. here is the things we are using..
1>> on the Switch the Native Vlan is 1
2>> We are associating Root and and Non Root on Vlan 1. (Assuming i am using 10.10.5.1 as DG and IP for Root and Non Root as 10.10.5.2 and 3
/24)
3>> Vlan 1 is Native or management Vlan, Vlan 2 is Data Vlan , Vlan 3 is Corporate Vlan , VLan 4 is Voice Vlan and VLan 5 is Guest Vlan.
Objective
========
We have the management VLAN as 1 and rest 4 Vlans for respective traffic.. the Root and the Non root will associate on VLAN 5 and all the Vlan traffic can travel accross the wireless link.
Configuration on  the Switchport
=========================
Assuming you are connecting to the Fa 0/1 on the switch on both sides or on the Root


en
conf t
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport mode trunk
end
Configuration on the Root Bridge
=========================
en
conf t

hostname RootBridge
!

!
ip subnet-zero
no ip domain lookup
!
!
!
dot11 ssid test
   vlan 5
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 cisco123
!
!
!

!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 5 mode ciphers tkip
!
ssid test
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root bridge

!

interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1

!


interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
!

interface Dot11Radio0.3
encapsulation dot1Q 3
bridge-group 3
!

interface Dot11Radio0.4
encapsulation dot1Q 4
bridge-group 4
!

interface Dot11Radio0.5
encapsulation dot1Q 5
bridge-group 5
!
!
interface FastEthernet0
no ip address
no ip route-cache
hold-queue 80 in

!
interface FastEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1

!
interface FastEthernet0.2
encapsulation dot1Q 2
  bridge-group 2

!
interface FastEthernet0.3
encapsulation dot1Q 3
  bridge-group 3

!
interface FastEthernet0.4
encapsulation dot1Q 4
  bridge-group 4

!
interface FastEthernet0.5
encapsulation dot1Q 5
  bridge-group 5

!
interface BVI1
Description ASSIGN IP IN VLAN 1 RANGE
ip address 10.10.5.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.5.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
NON - Root bridge config
===================
en
conf t
!
hostname Non-RootBridge
!
!

!
ip subnet-zero
no ip domain lookup
!
!

!
dot11 ssid test
   vlan 5
   authentication open
   authentication key-management wpa
   infrastructure-ssid
   wpa-psk ascii 7 cisco123
!
!
!

!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 5 mode ciphers tkip
!
ssid test
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role non-root bridge

!

interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1

!


interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
!

interface Dot11Radio0.3
encapsulation dot1Q 3
bridge-group 3
!

interface Dot11Radio0.4
encapsulation dot1Q 4
bridge-group 4
!

interface Dot11Radio0.5
encapsulation dot1Q 5
bridge-group 5
!


!
interface FastEthernet0
no ip address
no ip route-cache
hold-queue 80 in

!
interface FastEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1

!
interface FastEthernet0.2
encapsulation dot1Q 2
  bridge-group 2

!
interface FastEthernet0.3
encapsulation dot1Q 3
  bridge-group 3

!
interface FastEthernet0.4
encapsulation dot1Q 4
  bridge-group 4

!
interface FastEthernet0.5
encapsulation dot1Q 5
  bridge-group 5

!
!
interface BVI1
Description ASSIGN IP IN VLAN 1 RANGE
ip address 10.10.5.3 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.5.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
Verification
==========
1>> Issue the command "show dot11 associations" on Either Root or Non Root to see if we are able to get the associations up and running.
2>> Issue "show logs" and see what is the specific reason the Root and Non root are not associating to each other.
3>> Make sure the antenna allignment is done correctly and bridges are facing each other.
4>> This configuration holds good for any AP which supports Root Bridge and Non- Root bridge station roles.
We are Done!!
Comments
Vinay Sharma
Level 7
Level 7
‎02-16-2011 09:56 PM

thanks for sharing the informaiton Surendra.

filiberto.aguirre
Level 4
Level 4
‎05-25-2012 04:23 PM

Hi !

Root and NonRoot  should  work in the same frequency channel ??

regards

gtoscano
Community Member
‎06-09-2012 09:24 PM

nevermind

lerner cisco
Level 1
Level 1
‎09-26-2012 06:15 AM

Hi All,

Below   is bridge configration .  I would like to know with this below    configuration data traffic will get compelete encrytion ?? any better   encryption configuration  ?? as I read wpa will not provide complete   encryption. please help

network topology

R1--------------SW1<----------------->   root bride-1 <---------------------------> Non-root bridge-1   <------------------------ >SW2( remote office)--------LAN   hosts                   

SW1- Gi0/0- 10.200.32.1/29              BVI- 32.2/29                               BVI -   32.3/29                                   SW2-GI0/0 - 32.4/29

network setup :  SW1 - LAN port to root bridge connection --  Gi 0/0 - ip address configured -10.200.32.1/29

                         Root-brdge -------------------------------------------- BVI  10.200.32.2/29 -----

                         Non root bridge----------------------------------------BVI 10.200.32.3/29

                         SW2 LAN port-Non root bridge ----------------- Gi0/0  10.200.32.4/29

both bridge have only BVI configured and no VLAN or subniterface on the both bridge .

SW1 and SW2 port connected to bridges are not part of vlan  , ports configured with specfic IP address

!
dot11 ssid
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 123456
!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm


station-role root bridge
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
!
interface BVI1
ip address 10.200.32.2 255.255.255.248
no ip route-cache
!        
ip default-gateway 10.200.32.1
ip http server
no ip http secure-server

!
!
control-plane
!
bridge 1 route ip
!
!
!

************************************Configuration   on non root   bridge.******************************************************************

!
dot11 ssid
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 123456

!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!

!
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
!
interface BVI1
ip address 10.200.32.3 255.255.255.248
no ip route-cache
!
ip default-gateway 10.200.32.2
ip http server
no ip http secure-server

!

!

control-plane

!

bridge 1 route ip

!

Regards

Santosh

Carlos Leiton
Level 1
Level 1
‎07-25-2013 03:00 PM

I have seen a situation with a few clients already, when they have the bridge group configuration just like the one on the example:

interface Dot11Radio0.1

encapsulation dot1Q 1 native

bridge-group 1

and the bridges are able to associate but they can't pass traffic between each other, ie. the root can't ping the non-root, or the clients can't obtain an IP address on the far side, to solve this problem, these commands will need to be added on the bridge-group configuration:

no bridge-group 1 subscriber-loop-control
no bridge-group 1 block-unknown-source
bridge-group 1 source-learning
bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled

Adding these commands on a few different situations, have helped me to solve these type of issues on a point-to-point connection between two BR1310

andrewdours
Level 1
Level 1
‎12-03-2014 05:08 AM

Thanks caleiton! Your configuration saved me a ton of time.  It was just as you explained.  Bridges associate, but won't pass any traffic.  Thanks again for your post.

Andrew

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents