Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
0
Helpful
2
Replies

Bridge Security (1310G)

ciscoprolin
Level 1
Level 1

‎08-24-2007 02:27 AM - edited ‎07-03-2021 02:31 PM

Hi,

we have established a bridge connection between a 1310G Root Bridge and a 1310G Non Root Bridge with the following settings for this bridge SSID: "Open Authentication" with "WPA mandatory and WPA Preshared Key" in Client Authenticated Key Management.

Moreover we have a 2nd SSID with EAP (Radius) for network authentication.

a). can this scenario be viewed as secure ?

b). is it possible to use EAP-Authentication (e.g. Network EAP with LEAP) for the Bridge SSID as well ? If yes, how can we do this ?

We enabled local authentication on the Root Bridge with Bridge and Non Root Bridge as AAA-Clients - and the usernames/passwords defined in it were entered in AP authentication. But this failed.

Thanks,

Thorsten

Labels:
0 Helpful
2 Replies 2

Gustavo Novais
Level 1
Level 1

‎08-24-2007 08:48 AM

Hi, coincidently I'm trying to do the same thing, (the authentication part) and with no success.

I found a link on CCO, http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml

but it isn't working.

Besides, they specify that we should use network-eap for authentication, but they don't specify any method list for AAA, which is mandatory (at least on the CLI).

If you find out anything, plase reply to this post

0 Helpful

Gustavo Novais
Level 1
Level 1
In response to Gustavo Novais

‎08-24-2007 11:31 AM

Hello, I managed to put a config with LEAP and WPA 2 working on a P2P link, authenticated by a ACS on the Root side.

I'll past the relevant config for the root and non-root.

!

hostname BR1300-NonRoot

!

dot11 ssid test

authentication network-eap DUMMY

authentication key-management wpa version 2

authentication client username bridgelink password XXXXXX

infrastructure-ssid

!

!

interface Dot11Radio0

!

encryption mode ciphers aes-ccm

!

ssid test

!

station-role non-root bridge

end

======ROOT=======

hostname BR1300-Root

!

aaa new-model

!

aaa authentication login EAP-LIST group radius

!

dot11 ssid test

authentication network-eap EAP-LIST

authentication key-management wpa version 2

infrastructure-ssid

!

interface Dot11Radio0

!

encryption mode ciphers aes-ccm

!

ssid test

!

station-role root bridge

!

!

interface BVI1

ip address XXXXXXXXXX

no ip route-cache

!

radius-server host ACS-RADIUS IP auth-port 1645 acct-port 1646 key XXXXXXXXXXXXXXXXXXX

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card