02-15-2011 05:46 AM - edited 11-18-2020 02:53 AM
1310 / 1410 Outdoor Bridge Root - Non Root configuration example
Here is the configuration example for 1310 / 1410 bridge configuration for multiple VLAN traffic to flow from one building to another..
thanks for sharing the informaiton Surendra.
Hi !
Root and NonRoot should work in the same frequency channel ??
regards
nevermind
Hi All,
Below is bridge configration . I would like to know with this below configuration data traffic will get compelete encrytion ?? any better encryption configuration ?? as I read wpa will not provide complete encryption. please help
network topology
R1--------------SW1<-----------------> root bride-1 <---------------------------> Non-root bridge-1 <------------------------ >SW2( remote office)--------LAN hosts
SW1- Gi0/0- 10.200.32.1/29 BVI- 32.2/29 BVI - 32.3/29 SW2-GI0/0 - 32.4/29
network setup : SW1 - LAN port to root bridge connection -- Gi 0/0 - ip address configured -10.200.32.1/29
Root-brdge -------------------------------------------- BVI 10.200.32.2/29 -----
Non root bridge----------------------------------------BVI 10.200.32.3/29
SW2 LAN port-Non root bridge ----------------- Gi0/0 10.200.32.4/29
both bridge have only BVI configured and no VLAN or subniterface on the both bridge .
SW1 and SW2 port connected to bridges are not part of vlan , ports configured with specfic IP address
!
dot11 ssid
authentication open
authentication key-management wpa
wpa-psk ascii 7 123456
!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
station-role root bridge
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
!
interface BVI1
ip address 10.200.32.2 255.255.255.248
no ip route-cache
!
ip default-gateway 10.200.32.1
ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 route ip
!
!
!
************************************Configuration on non root bridge.******************************************************************
!
dot11 ssid
authentication open
authentication key-management wpa
wpa-psk ascii 7 123456
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
!
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
!
interface BVI1
ip address 10.200.32.3 255.255.255.248
no ip route-cache
!
ip default-gateway 10.200.32.2
ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 route ip
!
Regards
Santosh
I have seen a situation with a few clients already, when they have the bridge group configuration just like the one on the example:
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
and the bridges are able to associate but they can't pass traffic between each other, ie. the root can't ping the non-root, or the clients can't obtain an IP address on the far side, to solve this problem, these commands will need to be added on the bridge-group configuration:
no bridge-group 1 subscriber-loop-control
no bridge-group 1 block-unknown-source
bridge-group 1 source-learning
bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
Adding these commands on a few different situations, have helped me to solve these type of issues on a point-to-point connection between two BR1310
Thanks caleiton! Your configuration saved me a ton of time. It was just as you explained. Bridges associate, but won't pass any traffic. Thanks again for your post.
Andrew
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: