09-26-2012 06:10 AM - edited 07-03-2021 10:43 PM
Hi All,
Below is bridge configration . I would like to know with this below configuration data traffic will get compelete encrytion ?? any better encryption configuration ?? as I read wpa will not provide complete encryption. please help
network topology
R1--------------SW1<-----------------> root bride-1 <---------------------------> Non-root bridge-1 <------------------------ >SW2( remote office)--------LAN hosts
SW1- Gi0/0- 10.200.32.1/29 BVI- 32.2/29 BVI - 32.3/29 SW2-GI0/0 - 32.4/29
network setup : SW1 - LAN port to root bridge connection -- Gi 0/0 - ip address configured -10.200.32.1/29
Root-brdge -------------------------------------------- BVI 10.200.32.2/29 -----
Non root bridge----------------------------------------BVI 10.200.32.3/29
SW2 LAN port-Non root bridge ----------------- Gi0/0 10.200.32.4/29
both bridge have only BVI configured and no VLAN or subniterface on the both bridge .
SW1 and SW2 port connected to bridges are not part of vlan , ports configured with specfic IP address
!
dot11 ssid
authentication open
authentication key-management wpa
wpa-psk ascii 7 123456
!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
station-role root bridge
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
!
interface BVI1
ip address 10.200.32.2 255.255.255.248
no ip route-cache
!
ip default-gateway 10.200.32.1
ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 route ip
!
!
!
************************************Configuration on non root bridge.******************************************************************
!
dot11 ssid
authentication open
authentication key-management wpa
wpa-psk ascii 7 123456
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
!
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 80 in
!
interface BVI1
ip address 10.200.32.3 255.255.255.248
no ip route-cache
!
ip default-gateway 10.200.32.2
ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 route ip
!
!
Solved! Go to Solution.
10-03-2012 06:41 AM
Hi there ..
I want to make sure I understand. You are concerned about the encryption of the wireless tranmission over the bridge correct ? I see based on your config you are using WPA/AES. This isnt standard based, if you wanted to be more stnadards based you should use WPA/TKIP or WPA/AES. Both are very secure. I would lease with WPA/AES. Again this is only for the encryption.
If you want stronger authentcation you might consider 802.1X.
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
10-03-2012 05:53 AM
can any one help me on this please
10-03-2012 06:41 AM
Hi there ..
I want to make sure I understand. You are concerned about the encryption of the wireless tranmission over the bridge correct ? I see based on your config you are using WPA/AES. This isnt standard based, if you wanted to be more stnadards based you should use WPA/TKIP or WPA/AES. Both are very secure. I would lease with WPA/AES. Again this is only for the encryption.
If you want stronger authentcation you might consider 802.1X.
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide