Re: Securely Connect two BR1310 Bridges

Markus Pethe · ‎01-19-2006

Did anyone of you found an Configuration Example for an secure Connection between two 1310 Bridges.

jdewberr · ‎01-20-2006

try this for WPA-PSK:

***global config for both bridges***

!

dot11 ssid cisco

authentication open

authentication key-management wpa

infrastructure-ssid

wpa-psk ascii 0 1234567890

!

**Root bridge config (only showing the relevant part of config)**

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid cisco

!

NON-ROOT config****

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid cisco

!

--

joe

kka · ‎01-22-2006

WPA-PSK is vulnerable against dictionary attacks, ideally use a

random hex string as PSK. (I guess "1234567890" was just an example)

Since you are using 1310 on both sides, I'd suggest using AES (WPA2)

for encryption. Simply replace

encryption mode ciphers tkip

with

encryption mode ciphers aes-ccm

The only disadvantage is the missing "concatenation" support if AES is enabled.

Markus Pethe · ‎01-22-2006

Thanks for your replys!

I also added this:

*dot11 ssid

#max-associations 1 ! So after the other bridge is associated no more would be allowed (I hope)

I also tried to apply the filter

*dot11 radio 0

#l2-filter block-arp

But when I do this on both sides (root and non-root) I lose the association.

antzoulis · ‎03-08-2008

did you ever get WPA2 encryption to work between the 2 cisco 1310 bridges ?