Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
0
Helpful
1
Replies

1300 Bridge: VLAN and encryption question

himbeertoni
Level 1
Level 1

‎11-24-2004 02:26 AM - edited ‎07-04-2021 10:11 AM

Hi!

I configured a 1300 bridge with dot1q-VLANs and tkip/wpa encryption:

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers tkip

!

encryption vlan 91 mode ciphers tkip

!

encryption vlan 150 mode ciphers tkip

!

ssid skylink

vlan 1

authentication open

authentication key-management wpa

infrastructure-ssid

wpa-psk ascii 7 xxxx

!

short-slot-time

cca 0

concatenation

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

rts threshold 4000

channel 2472

station-role root

payload-encapsulation dot1h

antenna receive right

antenna transmit right

infrastructure-client

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.91

encapsulation dot1Q 91

no ip route-cache

bridge-group 91

bridge-group 91 spanning-disabled

!

interface Dot11Radio0.150

encapsulation dot1Q 150

no ip route-cache

bridge-group 150

bridge-group 150 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

ntp broadcast client

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 spanning-disabled

!

interface FastEthernet0.91

encapsulation dot1Q 91

no ip route-cache

bridge-group 91

bridge-group 91 spanning-disabled

!

interface FastEthernet0.150

encapsulation dot1Q 150

no ip route-cache

bridge-group 150

bridge-group 150 spanning-disabled

Is it necessary to set the

encryption vlan 91 mode ciphers tkip

!

encryption vlan 150 mode ciphers tkip

so that all VLANs are crypted?

How can I examine that all VLANs are crypted?

Best regards

Michael Simon

Labels:
0 Helpful
1 Reply 1

dixho
Level 6
Level 6

‎11-26-2004 02:04 PM

No. As there is no SSID assigned to VLAN 91 and 150, I was by the TME (Technical Marketing Engineer) that the 1300 should use the encryption defined in the native VLAN (VLAN 1 in your case) to transport traffic on VLAN 91 and 150. I have not taken any wireless sniffer trace to verify it though.

There are a couple of ways to verify it:

1. a wireless sniffer trace

2. debug dot dot 0 trace print xmt rcv

Please be very careful when use option #2. Option #2 turns the wireless bridge into a wireless sniffer. If there are heavy traffic between the two bridges, the wireless bridges will crash. Please use option # 2 in test environment or limited traffic.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card