11-24-2004 02:26 AM - edited 07-04-2021 10:11 AM
Hi!
I configured a 1300 bridge with dot1q-VLANs and tkip/wpa encryption:
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 91 mode ciphers tkip
!
encryption vlan 150 mode ciphers tkip
!
ssid skylink
vlan 1
authentication open
authentication key-management wpa
infrastructure-ssid
wpa-psk ascii 7 xxxx
!
short-slot-time
cca 0
concatenation
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 4000
channel 2472
station-role root
payload-encapsulation dot1h
antenna receive right
antenna transmit right
infrastructure-client
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.91
encapsulation dot1Q 91
no ip route-cache
bridge-group 91
bridge-group 91 spanning-disabled
!
interface Dot11Radio0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
ntp broadcast client
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0.91
encapsulation dot1Q 91
no ip route-cache
bridge-group 91
bridge-group 91 spanning-disabled
!
interface FastEthernet0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 spanning-disabled
Is it necessary to set the
encryption vlan 91 mode ciphers tkip
!
encryption vlan 150 mode ciphers tkip
so that all VLANs are crypted?
How can I examine that all VLANs are crypted?
Best regards
Michael Simon
11-26-2004 02:04 PM
No. As there is no SSID assigned to VLAN 91 and 150, I was by the TME (Technical Marketing Engineer) that the 1300 should use the encryption defined in the native VLAN (VLAN 1 in your case) to transport traffic on VLAN 91 and 150. I have not taken any wireless sniffer trace to verify it though.
There are a couple of ways to verify it:
1. a wireless sniffer trace
2. debug dot dot 0 trace print xmt rcv
Please be very careful when use option #2. Option #2 turns the wireless bridge into a wireless sniffer. If there are heavy traffic between the two bridges, the wireless bridges will crash. Please use option # 2 in test environment or limited traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide