Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
0
Helpful
2
Replies

1310 wireless outdoor bridge - strong Encryption configuration - high priority

Go to solution
lerner cisco
Level 1
Level 1

‎09-26-2012 06:10 AM - edited ‎07-03-2021 10:43 PM

Hi All,

Below  is bridge configration .  I would like to know with this below   configuration data traffic will get compelete encrytion ?? any better  encryption configuration  ?? as I read wpa will not provide complete  encryption. please help

network topology

R1--------------SW1<----------------->  root bride-1 <---------------------------> Non-root bridge-1  <------------------------ >SW2( remote office)--------LAN  hosts                   

SW1- Gi0/0- 10.200.32.1/29             BVI- 32.2/29                               BVI -  32.3/29                                   SW2-GI0/0 - 32.4/29

network setup :  SW1 - LAN port to root bridge connection --  Gi 0/0 - ip address configured -10.200.32.1/29

                         Root-brdge -------------------------------------------- BVI  10.200.32.2/29 -----

                         Non root bridge----------------------------------------BVI 10.200.32.3/29

                         SW2 LAN port-Non root bridge ----------------- Gi0/0  10.200.32.4/29

both bridge have only BVI configured and no VLAN or subniterface on the both bridge .

SW1 and SW2 port connected to bridges are not part of vlan  , ports configured with specfic IP address

!
dot11 ssid
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 123456
!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm


station-role root bridge
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
!
interface BVI1
ip address 10.200.32.2 255.255.255.248
no ip route-cache
!        
ip default-gateway 10.200.32.1
ip http server
no ip http secure-server

!
!
control-plane
!
bridge 1 route ip
!
!
!

************************************Configuration  on non root  bridge.******************************************************************

!
dot11 ssid
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 123456

!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!

!
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
!
interface BVI1
ip address 10.200.32.3 255.255.255.248
no ip route-cache
!
ip default-gateway 10.200.32.2
ip http server
no ip http secure-server

!
!
control-plane
!
bridge 1 route ip
!
!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to lerner cisco

‎10-03-2012 06:41 AM

Hi there ..

I want to make sure I understand. You are concerned about the encryption of the wireless tranmission over the bridge correct ? I see based on your config you are using WPA/AES. This isnt standard based, if you wanted to be more stnadards based you should use WPA/TKIP or WPA/AES. Both are very secure. I would lease with WPA/AES. Again this is only for the encryption.

If you want stronger authentcation you might consider 802.1X.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

0 Helpful
2 Replies 2

Go to solution
lerner cisco
Level 1
Level 1

‎10-03-2012 05:53 AM

can any one help me on this please

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to lerner cisco

‎10-03-2012 06:41 AM

Hi there ..

I want to make sure I understand. You are concerned about the encryption of the wireless tranmission over the bridge correct ? I see based on your config you are using WPA/AES. This isnt standard based, if you wanted to be more stnadards based you should use WPA/TKIP or WPA/AES. Both are very secure. I would lease with WPA/AES. Again this is only for the encryption.

If you want stronger authentcation you might consider 802.1X.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card