cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
446
Views
0
Helpful
1
Replies

Problem with C3201 as bridge (WGB Universal)

andregrana
Level 1
Level 1

I am using some Cisco C3201 to work as network bridge to connect a wired device to an existing Wi-Fi Network.

The simplified scenario is:

[Not cisco AP]----- Dot11Radio 0 -C3201- FastEthernet 0 ---- Wired device (debian).

I've updated to IOS version 12.4, in order to use WPA2-PSK with AES-CCMP encryption, and I can verify that the bridge is successfully associated with the AP, with "show dot11 association all" command. (Excepted with TP-Link access points, which I could only associate using WEP or no security, but this is subject for another topic).

 

I am able to verify at the wired device the mac-address of the AP and other devices connected to the same WiFi network. I can get an address with DHCP from the same AP, but I can't get connectivity (even ping).

 

Tried to change to infrastructure-ssid, and infrastructure-client in order to don't mess with mac-adress, but still can't get ping response between access-point (which is the gateway for testing purposes) and the wired device.

 

"show bridge" command at the C3210 successfully presents the mac-address and interface of all devices.

 

With wireshark I could verify that the ping originated in the wired device reaches the network, but the response doesn't go through the bridge.

 

Here is the running-config:
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BRIDGE_C3201
!
logging rate-limit console 9
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid NET@001
authentication open
authentication key-management wpa version 2
encryption mode ciphers aes-ccm
wpa-psk ascii 0 some_network_password

!
dot11 holdoff-time 15
!
!
username Cisco privilege 15 password 0 Cisco
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid NET@001
!
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role workgroup-bridge universal
bridge-group 1
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
!
interface BVI1
ip address 10.0.0.1 255.255.255.0
no ip route-cache
!
ip http server
ip http authentication local
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
bridge 1 route ip
bridge 1 aging-time 120
!
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login local
!
end

 

Someone could help in that issue? Is there anything obvious that I'm not seeing?


Thank you!

1 Accepted Solution

Accepted Solutions

andregrana
Level 1
Level 1

I got it working configuring the wired host MAC address at the station-role parameter.

 

station-role workgroup-bridge universal AAAA.BBBB.CCCC

 

Still can't associate with TP-Link access points using WPA-2/PSK

View solution in original post

1 Reply 1

andregrana
Level 1
Level 1

I got it working configuring the wired host MAC address at the station-role parameter.

 

station-role workgroup-bridge universal AAAA.BBBB.CCCC

 

Still can't associate with TP-Link access points using WPA-2/PSK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: