02-25-2021 10:06 AM - edited 07-05-2021 01:17 PM
I am using some Cisco C3201 to work as network bridge to connect a wired device to an existing Wi-Fi Network.
The simplified scenario is:
[Not cisco AP]----- Dot11Radio 0 -C3201- FastEthernet 0 ---- Wired device (debian).
I've updated to IOS version 12.4, in order to use WPA2-PSK with AES-CCMP encryption, and I can verify that the bridge is successfully associated with the AP, with "show dot11 association all" command. (Excepted with TP-Link access points, which I could only associate using WEP or no security, but this is subject for another topic).
I am able to verify at the wired device the mac-address of the AP and other devices connected to the same WiFi network. I can get an address with DHCP from the same AP, but I can't get connectivity (even ping).
Tried to change to infrastructure-ssid, and infrastructure-client in order to don't mess with mac-adress, but still can't get ping response between access-point (which is the gateway for testing purposes) and the wired device.
"show bridge" command at the C3210 successfully presents the mac-address and interface of all devices.
With wireshark I could verify that the ping originated in the wired device reaches the network, but the response doesn't go through the bridge.
Here is the running-config:
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BRIDGE_C3201
!
logging rate-limit console 9
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid NET@001
authentication open
authentication key-management wpa version 2
encryption mode ciphers aes-ccm
wpa-psk ascii 0 some_network_password
!
dot11 holdoff-time 15
!
!
username Cisco privilege 15 password 0 Cisco
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid NET@001
!
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role workgroup-bridge universal
bridge-group 1
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
!
interface BVI1
ip address 10.0.0.1 255.255.255.0
no ip route-cache
!
ip http server
ip http authentication local
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
bridge 1 route ip
bridge 1 aging-time 120
!
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login local
!
end
Someone could help in that issue? Is there anything obvious that I'm not seeing?
Thank you!
Solved! Go to Solution.
03-09-2021 03:08 AM
I got it working configuring the wired host MAC address at the station-role parameter.
station-role workgroup-bridge universal AAAA.BBBB.CCCC
Still can't associate with TP-Link access points using WPA-2/PSK
03-09-2021 03:08 AM
I got it working configuring the wired host MAC address at the station-role parameter.
station-role workgroup-bridge universal AAAA.BBBB.CCCC
Still can't associate with TP-Link access points using WPA-2/PSK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: