10-23-2005 03:12 PM - edited 07-04-2021 11:14 AM
Hi,
I have two Aironets setup as below. They both have the radio configured and up. I suspect the issue is with the security. I am unfamiliar with how it works - if anyone can provide me any pointers, it would be much appreciated!
thanks,
Mark
dot11 vlan-name BRIDGE1 vlan 153
dot11 vlan-name BRIDGE2 vlan 254
dot11 vlan-name BRIDGE3 vlan 154
!
dot11 ssid BRIDGE1
vlan 153
!
dot11 ssid BRIDGE2
vlan 254
authentication open
authentication key-management wpa
infrastructure-ssid
wpa-psk ascii 7 <key here>
!
dot11 ssid BRIDGE3
vlan 154
!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 3 size 128bit 7 <key here> transmit-key
encryption mode ciphers wep128
!
encryption vlan 254 mode ciphers tkip
!
ssid BRIDGE1
!
ssid BRIDGE2
!
ssid BRIDGE3
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root bridge
cca 75
concatenation
infrastructure-client
!
interface Dot11Radio0.153
encapsulation dot1Q 153
no ip route-cache
bridge-group 153
!
interface Dot11Radio0.154
encapsulation dot1Q 154
no ip route-cache
bridge-group 154
!
interface Dot11Radio0.254
encapsulation dot1Q 254 native
no ip route-cache
bridge-group 1
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0.153
encapsulation dot1Q 153
no ip route-cache
bridge-group 153
!
interface FastEthernet0.154
encapsulation dot1Q 154
no ip route-cache
bridge-group 154
!
interface FastEthernet0.254
encapsulation dot1Q 254 native
no ip route-cache
bridge-group 1
!
interface BVI1
ip address 10.0.254.203 255.255.255.0
no ip route-cache
!
10-23-2005 05:11 PM
I have captured the debug below. I suspect now that it's actually down to some of the config not matching at both ends - am checking that now..
*Mar 3 14:30:53.088: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 3 14:31:03.148: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: No Response
*Mar 3 14:31:26.147: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Rcvd response from 0013.1949.14f0 channel 8 3254
10-23-2005 10:12 PM
I have resolved this issue now - was down to slightly different configs at each end.
03-29-2012 12:46 AM
Hi Mark,
Can I ask you what were the configuration mismatch that you have tuned ?
Thanks in advance.
Vincent
03-29-2012 01:24 AM
Hi Vincent,
It was quite a while ago now!
From memory it was due to authentication.. as I recall it only authenticates on one direction - there were a few configs I found on the net that were incorrect, but from testing I found this to the the case. I'd try it with no auth on to see if you can get them to connect up to each other, then add the authentication back on.
Have you got any error messages?
cheers,
Mark
03-29-2012 01:47 AM
Hi Mark,
Thanks for your feedback, I haven't take care about the date of your post. Sorry to ask you about a such old entry.
I didn't manage to get any or message other than the DOT11-4-CANT_ASSOC. And the problem is that I don't manage the "root" station.
Thanks again.
Vincent
04-01-2012 05:47 PM
Hi Vincent,
Firstly, if you've got a MAC address access list to restrict access, just confirm you've got the right MAC address in there - in my testing it caused exactly the error you've indicated.
The other things to try are:
Check this link for authentication debugging:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a008024aa4f.shtml
These commands may help:
thanks,
Mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide