11-06-2013 10:32 AM - edited 07-04-2021 01:13 AM
Unit keeps going through cycles as shown in index 1 to 7 in the attached file. From removing client to changing radio state back to up. Anyone have any thoughts at to where I should look?
11-06-2013 11:02 AM
Post the CLI output(show run) of two AP configuration to see how it is configured. Also what version (show version) of IOS running with these two unitis ?
HTH
Rasika
11-07-2013 05:10 AM
At this point, I only have web access. IOS is 12.2(15)JA on both units.
11-07-2013 11:38 AM
Rasika,
Following are the Root and Non-Root "running-config" reports. (encription keys have been modified)
FROM ROOT
Cisco_bridge_CCS#show running-config
Building configuration...
Current configuration : 2446 bytes
!
! Last configuration change at 07:44:23 R Thu Nov 7 2013
! NVRAM config last updated at 07:44:23 R Thu Nov 7 2013
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Cisco_bridge_CCS
!
logging queue-limit 100
enable secret 5 $1$dASj$8E8btwc3iNK5nmjJcX59b0
!
username Cisco password 7 00271A
username 0012433de760 password 7 075F711D1C5D4A564
username 0012433de760 autocommand exit
clock timezone R -5
clock summer-time R recurring
ip subnet-zero
ip name-server 151.197.0.39
ip name-server 151.197.0.38
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit 7 3C3B64DFC0E06624B transmit-key
encryption mode wep mandatory mic
!
ssid CannonCold
authentication open mac-address mac_methods
!
cca 0
concatenation
distance 1
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
rts threshold 4000
power local cck 30
power local ofdm 30
power client 30
channel 2462
station-role root
infrastructure-client
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
ntp broadcast client
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.33.103 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.33.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
/122-15.JA/1100
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 5 15
!
ntp clock-period 2141845
ntp server 192.168.33.217
end
*******************************************************************
NON ROOT
Cisco_bridge_PPP#show running-config
Building configuration...
Current configuration : 2320 bytes
!
! NVRAM config last updated at 07:47:36 R Thu Nov 7 2013
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco_bridge_PPP
!
logging queue-limit 100
enable secret 5 $1$yzXJ$/unHCO5/l2T6HMxD4HeQp.
!
username Cisco password 7 02250D
username 0012433de870 password 7 091C1E584B514
username 0012433de870 autocommand exit
clock timezone R -5
clock summer-time R recurring
ip subnet-zero
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit 7 FC3B64DFC0E0662 transmit-key
encryption mode wep mandatory mic
!
ssid CannonCold
authentication open mac-address mac_methods
infrastructure-ssid optional
!
cca 0
concatenation
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
rts threshold 4000
power local cck 30
power local ofdm 30
power client 30
station-role non-root
infrastructure-client
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
ntp broadcast client
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.33.203 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.33.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
/122-15.JA/1100
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 5 15
!
ntp clock-period 2141882
ntp server 192.168.33.217
end
11-07-2013 03:14 PM
Hello Paul.
On the Root side, try to change to this parameter:
station-role root bridge
Also, you could try to change your security settings to use WPA instead of WEP.
I hope this helps
Regards
Karla
11-08-2013 06:33 AM
Karla,
Thanks for your response.
The root side has always been set to root bridge. We have been running WPA as we are in a small town in the country and do not have a radius server running. My thought to change to WEP at this point, if that is not the problem, would create more issues for the distant 1310.
If you look at my first post attachment, it appears that we are losing authentication at strange intervals, it can be measured in seconds to 20 to 30 minutes or more. We are running yagi antennas, that are only 841 feet apart. One thougnt I have been having is that one antenna is located where there is a bit of vibration on the building from internal refrigeration equipment, but not enough to see any visable antenna movement.
Paul
11-08-2013 01:59 PM
Hi Paul,
I have few suggestions for this.
1. Upgrade the IOS of these bridges to 12.4(25d)JA which is the latest (& hope last as well) supported software code for these AP models.
2. You have configured this bridge to operate only in CH11(2462), is that for a reason ? If not I prefer allow bridge to choose least congested channel (either 1,6 or 11)
3. As Karla pointed, bridge keyword is missing on both AP radio's station role configuration. Try the command with the bridge keyword as well. ie in ROOT "station-role root bridge" & in NON_ROOT "station-role non root bridge" under radio interface.
4. I also prefer, If you could configure WAP2/AES for security (since WEP is very weak). Below post may help you to derive a required configuration for WPA2/AES with EAP-FAST.
http://mrncciew.com/2013/11/09/wireless-bridge-with-eap-fast/
5. Are you using any multicast application across this bridge ? I have seen you configured every data rate as mandatory (multicast traffic goes highest mandatory rate configured) & "infrastructure-client" which to give more reliability to those sort of traffic
HTH
Rasika
**** Pls rate all useful responses ****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide