Hi Community folk,

I need some advice on how to set up a dual (resilient) wireless bridge link.

<!--break-->

I have each pair of bridges configured trunking vlan 82 native and user vlan 570. Individually they are fine and I get management access on vlan 82 to both bridges and the switch at the remote end of the link, clients patched in to the switch at the remote end in switchport access vlan 570 also get the correct IP address and subsequent access to network resources, individually they are working well. rapid pvst is configured across the network as there are dual 1Gb connections to all access layer switches and this also works fine. My problem is when I enable the second bridge link, this seems to cause a network loop and essentially takes down the whole network, I have left it for a while to see if spanning tree convergence is taking a while but no luck, as soon as I disable the second link everything calms down and I have a good network again. I am posting my root and non-root bridge configurations here but only one of the pairs, the other pair is configured identically but has a different SSID, PSK and channel configured:

ROOT BRIDGE********************************

dot11 syslog
dot11 vlan-name Legacy_Data vlan 570
dot11 vlan-name management vlan 82
!
dot11 ssid test
   vlan 82
   authentication open 
   authentication key-management wpa version 2
   infrastructure-ssid
   wpa-psk ascii XXXXXXXXXXXXXXX
!
!
!
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm tkip 
 encryption vlan 82 mode ciphers aes-ccm tkip
 !
 ssid test
 !
 antenna gain 0
 peakdetect
 no dfs band block
 stbc
 channel width 40-below
 channel 5280
 station-role root bridge
 world-mode dot11d country-code GB outdoor
 infrastructure-client
!
interface Dot11Radio1.82
 encapsulation dot1Q 82 native
 no ip route-cache
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.570
 encapsulation dot1Q 570
 no ip route-cache
 no cdp enable
 bridge-group 70
 bridge-group 70 subscriber-loop-control
 bridge-group 70 spanning-disabled
 bridge-group 70 block-unknown-source
 no bridge-group 70 source-learning
 no bridge-group 70 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.82
 encapsulation dot1Q 82 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.570
 encapsulation dot1Q 570
 no ip route-cache
 bridge-group 70
 bridge-group 70 spanning-disabled
 no bridge-group 70 source-learning
!
interface BVI1
 mac-address xxxx.xxxx.xxxx
 ip address 10.xx.xx.xx 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.xx.xx.xx
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
!
bridge 1 priority 9000
bridge 1 protocol ieee
bridge 1 route ip
bridge 70 priority 10000
bridge 70 protocol ieee
!
!
!
line con 0
line vty 0 4
 transport input all
!
end

NON ROOT BRIDGE************************************************************************************

dot11 syslog
dot11 vlan-name Legacy_Data vlan 570
dot11 vlan-name management vlan 82
!
dot11 ssid test
   vlan 82
   authentication open 
   authentication key-management wpa version 2
   infrastructure-ssid
   wpa-psk ascii xxxxxxxxxxxxxxx
!
!
!
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm tkip 
 encryption vlan 82 mode ciphers aes-ccm tkip 
 !
 ssid test
 !
 antenna gain 0
 peakdetect
 stbc
 station-role non-root bridge
 world-mode dot11d country-code GB outdoor
!
interface Dot11Radio1.82
 encapsulation dot1Q 82 native
 no ip route-cache
 no cdp enable
 bridge-group 1
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.570
 encapsulation dot1Q 570
 no ip route-cache
 no cdp enable
 bridge-group 70
 bridge-group 70
 bridge-group 70 subscriber-loop-control
 bridge-group 70 spanning-disabled
 bridge-group 70 block-unknown-source
 no bridge-group 70 source-learning
 no bridge-group 70 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.82
 encapsulation dot1Q 82 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.570
 encapsulation dot1Q 570
 no ip route-cache
 bridge-group 70
 bridge-group 70 spanning-disabled
 no bridge-group 70 source-learning
!
interface BVI1
 mac-address xxxx.xxxx.xxxx
 ip address 10.xx.xx.xx 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.xx.xx.xx
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
!
bridge 1 priority 10000
bridge 1 protocol ieee
bridge 1 route ip
bridge 70 priority 12000
bridge 70 protocol ieee
!
!
!
line con 0
line vty 0 4
transport input all
!
end

Switchport Configurations****************************************************

interface FastEthernet0/23
 description Link to root bridge 1
 switchport trunk native vlan 82
 switchport trunk allowed vlan 82,570
 switchport mode trunk
!
interface FastEthernet0/24
 description Link to root bridge 2
 switchport trunk native vlan 82
 switchport trunk allowed vlan 82,570
 switchport mode trunk

BR

Rockford