Cisco 1300's won't associated.

Michael Klick · ‎07-21-2014

I have one a Root Bridge. Its Software/Hardware is up.

The Non-Root Bridge never show Software/Hardware is up.

If I switch the Non-Root Bridge to AP they come up.

When the Non-Root Bridge boots the log says it is unable to associate.

Triple checked password
Latest version of OS.
Even dedicated Non-Root to look just for this Root Bridge.
Identical settings.

Why won't the interface come up - or is there a way to find WHY it won't associate? Some log?

Michael Klick · ‎07-21-2014

One more question:

With this, how do the Install Root-Bridge and Install Non-Root-Bridge settings work? After I set them what do I do?

Thanks,

Rasika Nayanajith · ‎07-21-2014

few suggestion here

1. Remove all security settings & see whether those are associated in Open Auth

2. swap the roles (ie, current RB configure as NRB & current NRB as RB & see whether radio comes up)

HTH

Rasika

**** Pls rate all useful responses ****

George Stefanick · ‎07-23-2014

I agree with Ras. Unwrap the complexity first. Also post the config of both please.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Michael Klick · ‎07-23-2014

I switched them both to instal mode and all interfaces are up.

I am going attached requested files.

George Stefanick · ‎07-23-2014

Remove "optional"

infrastructure-ssid optional

Remove

dot11 ssid autoinstall
   authentication open 
   guest-mode
   infrastructure-ssid
!

Lets clean that up first

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Michael Klick · ‎07-24-2014

Ok I did it on both. Association still not happening. I have attached the console log of its attempts.

George Stefanick · ‎07-24-2014

I assume these are setup on a desk next to each other and they have antennas attached .. ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George Stefanick · ‎07-24-2014

Repost your latest config on both sides after the changes you did ..

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Michael Klick · ‎07-24-2014

Right George. I removed any config I did and put one in Bridge Install Mode and the other in Root Bridge install mode.

For the first time they are associating.

Now I would like to secure them, encrypt the traffic and get them out of install mode. Can you show me?

Attached are both show runs and logs from both.

George Stefanick · ‎07-24-2014

Im concerned because it shows it was dropping in the logs. I think your issue was the infrastructure SSID command. Thats required, not optional.

Do you have plans on doing VLANs across this thing or just a simple layer 2 to pass traffic ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George Stefanick · ‎07-24-2014

BTW - Install mode puts the radio signal strength in the CLI / LOG .. This is why you see all those readings ..

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George Stefanick · ‎07-24-2014

What security did you have in mind ? EAP, PSK ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Michael Klick · ‎07-24-2014

WPA is what I am thinking. But whatever you think best. WPA with shared key.

George Stefanick · ‎07-24-2014

WPA2 PSK .. is a simple and secure way ..

You need to config 2 spots ..

1) Under dot11 ssid you need to enter the below.. Add your key ..

dot11 ssid (your ssid)
   authentication open
   authentication key-management wpa version 2
   infrastructure-ssid
   wpa-psk ascii XXXXXXXXX

2) drop into the radio you are using and put " encryption mode ciphers aes-ccm ". This tells the radio to use AES-CCM (WPA2 AES). If you are doing vlans then you need to do each vlan here. If not, then just drop this in under dot11radioX.

interface Dot11Radio1

no ip address

!

encryption mode ciphers aes-ccm

Do this to both sides.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________