+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 29
  1. SWM
    SWM is offline
    Senior Member SWM's Avatar
    Join Date
    May 2006
    Location
    Australia
    Posts
    293

    Certifications
    MCSE 2003, MCITP 2008, MCTS Vista, MCTS SBS2008, Blackberry Certified Server Specialist
    #1

    Default Configure two Cisco Waps root bridge and non root bridge

    Help

    I have two Cisco 1240AG WAP's that I am trying to configure to allow two offices buildings (about 20m apart) to connect to each other.

    Both WAP's were working, although the client did not know the username passwords, and as a result could not change the WPA key and the IP subnet was also wrong.
    Long story short, we had no current config and I discovered that these WAPS do not have a rommon mode, so a complete reset was done and reconfigure, so both devices have been blanked and resetup.

    The Radio0-802.11G interfaces on both devices are working well and allowing clients to connect.
    I am trying to get the WAP's talking via the 802.11A interfaces, with one device in "Root Bridge" and the other in "non-Root Bridge".

    My problem is the non-root bridge device keeps showing :software hardware status disabled when I select non root bridge. If i configure this interface as a AP it enables fine....
    Config ...
    Radio0-802.11G on WAP1 is rootbridge

    interface Dot11Radio1
    no ip address
    no ip route-cache
    !
    encryption mode ciphers tkip
    !
    ssid ADELWAP1
    !
    no dfs band block
    parent 1 001c.0ed1.c3d0
    speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.
    0 basic-54.0
    channel dfs
    station-role root bridge
    antenna gain 22
    bridge-group 1
    bridge-group 1 spanning-disabled
    !


    Radio0-802.11G on WAP2 is non rootbridge
    interface Dot11Radio1
    no ip address
    no ip route-cache
    !
    encryption mode ciphers tkip
    !
    ssid ADELWAP2
    !
    parent 1 001c.0ed1.d9b0
    parent timeout 65535
    speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.
    0 basic-54.0
    station-role non-root bridge
    antenna receive right
    antenna transmit right
    antenna gain 22
    bridge-group 1
    bridge-group 1 spanning-disabled

    Any clues on what I am doing wrong ?
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Senior Member
    Join Date
    Mar 2007
    Posts
    958

    Certifications
    MCSE, MCP+I, MCP, A+, CCNA certified, Cisco Networking Academy Semester 4 graduate
    #2
    SWM,

    Instead of configuring the second WAP as a non-root bridge, try configuring the second WAP as a repeater.
    Reply With Quote Quote  

  4. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #3
    Quote Originally Posted by tech-airman View Post
    Instead of configuring the second WAP as a non-root bridge, try configuring the second WAP as a repeater.
    It wouldn't bridge the two LANs if you set it as repeater.
    Reply With Quote Quote  

  5. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #4
    Quote Originally Posted by SWM View Post
    My problem is the non-root bridge device keeps showing :software hardware status disabled when I select non root bridge. If i configure this interface as a AP it enables fine....
    The non root bridge can't associate with the root bridge. What does the log say?

    Quote Originally Posted by SWM View Post
    encryption mode ciphers tkip
    No AES support in your AP?

    Quote Originally Posted by SWM View Post
    parent 1 001c.0ed1.c3d0
    The root bridge shouldn't have a parent?

    Quote Originally Posted by SWM View Post
    antenna gain 22
    You do have a directional antenna with gain?

    Quote Originally Posted by SWM View Post
    parent 1 001c.0ed1.d9b0
    parent timeout 65535
    When I setup a bridge, I just specified the root bridge's SSID in the non root bridge config.

    interface Dot11Radio1
    no ip address
    no ip route-cache
    !
    encryption mode ciphers aes-ccm
    !
    ssid SSIDofRootBridgeHere
    !
    speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role non-root bridge
    bridge-group 1
    bridge-group 1 spanning-disabled
    !
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Mar 2007
    Posts
    958

    Certifications
    MCSE, MCP+I, MCP, A+, CCNA certified, Cisco Networking Academy Semester 4 graduate
    #5
    Quote Originally Posted by tiersten View Post
    It wouldn't bridge the two LANs if you set it as repeater.
    tiersten,

    I was just trying to deal with the equipment that already exists which is a pair of WAPs.
    Reply With Quote Quote  

  7. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #6
    Quote Originally Posted by tiersten View Post
    No AES support in your AP?
    The 1240AG series of APs should support AES. I just tried it on my spare 1242.
    Reply With Quote Quote  

  8. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #7
    Quote Originally Posted by tech-airman View Post
    tiersten,

    I was just trying to deal with the equipment that already exists which is a pair of WAPs.
    Okay? SWM is trying to replicate the original configuration. If there isn't a wired LAN in the 2nd building then a repeater would work. If there is one then you'd need to use a bridge.
    Reply With Quote Quote  

  9. SWM
    SWM is offline
    Senior Member SWM's Avatar
    Join Date
    May 2006
    Location
    Australia
    Posts
    293

    Certifications
    MCSE 2003, MCITP 2008, MCTS Vista, MCTS SBS2008, Blackberry Certified Server Specialist
    #8
    Thanks for all the replies
    HTML Code:
    Quote:Originally Posted by tech-airman [IMG]http://www.techexams.net/forums/images/buttons/viewpost.gif[/IMG] Instead of configuring the second WAP as a non-root bridge, try configuring the second WAP as a repeater.It wouldn't bridge the two LANs if you set it as repeater.
    Correct, thats why a repeater is not a option. Each WAP needs to provide local Wireless and ethernet access.

    HTML Code:
    Quote:Originally Posted by SWM [IMG]http://www.techexams.net/forums/images/buttons/viewpost.gif[/IMG] parent 1 001c.0ed1.c3d0
    I was clutching at straws when I entered that. The event log on the non root bridge indicated it cannot associate, so I gave it the root-bridge mac address.

    HTML Code:
    Quote:Originally Posted by SWM [IMG]http://www.techexams.net/forums/images/buttons/viewpost.gif[/IMG] antenna gain 22You do have a directional antenna with gain?
    Yes each site has a 22db external roof mounted antenna

    HTML Code:
    Quote:Originally Posted by SWM [IMG]http://www.techexams.net/forums/images/buttons/viewpost.gif[/IMG] encryption mode ciphers tkipNo AES support in your AP?
    I am happy to tighten security once the two waps are talking. hey I would even use WEP just to get bi directional communication happening, and then increase security.

    I used the GUI interface to configure and its put the same SSID on both the A and G radio !

    Do i need a different SSID on each but a matching SSID on both A's at each site that match each other? The Cisco help and documentation is very vague.
    Reply With Quote Quote  

  10. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #9
    Quote Originally Posted by SWM View Post
    I am happy to tighten security once the two waps are talking. hey I would even use WEP just to get bi directional communication happening, and then increase security.
    Ah. I was wondering why you chose TKIP thats all. I'd have to stop talking to you if you did use WEP however

    Quote Originally Posted by SWM View Post
    I used the GUI interface to configure and its put the same SSID on both the A and G radio !
    That is the default. You can change it from the GUI via SECURITY -> SSID Manager.

    Select the SSID you want to modify and then check/uncheck the relevant radio.

    Quote Originally Posted by SWM View Post
    Do i need a different SSID on each but a matching SSID on both A's at each site that match each other?
    You can have the same SSID on both radios if you want. It doesn't matter.

    For your 802.11a link though you need to make sure that both bridges have the same SSID set for 802.11a. The non root bridge needs to have that SSID set as the Infrastructure SSID.

    Very rough set of steps:

    1. Create a SSID with relevant security for the 802.11g radio on both APs.
    2. Create a SSID with relevant security for the 802.11a radio on both APs.
    3. Set the 802.11g radio in both APs to be in Access Point mode.
    4. Set the 802.11a radios in both APs to use the correct antenna socket since you've got an external antenna.
    5. Set the 802.11a radio in one to be in root bridge mode.
    6. Set the 802.11a radio in the remaining AP to be in non root bridge mode.
    7. Set the SSID as the Infrastructure SSID on the non root bridge.
    8. Enable both radios on both APs

    I know you've done some of these steps before. That should be enough to get them to talk to each other and act as a bridge + AP. What does the log show anyway?
    Reply With Quote Quote  

  11. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #10
    Oh and work on your quoting! Press quote next to a post and see how it does the quoting.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Mar 2007
    Posts
    958

    Certifications
    MCSE, MCP+I, MCP, A+, CCNA certified, Cisco Networking Academy Semester 4 graduate
    #11
    Quote Originally Posted by tiersten View Post
    Okay? SWM is trying to replicate the original configuration. If there isn't a wired LAN in the 2nd building then a repeater would work. If there is one then you'd need to use a bridge.
    tiersten,

    At the time of my post, the above was unknown information based on the OP at the time.
    Reply With Quote Quote  

  13. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #12
    Quote Originally Posted by tech-airman View Post
    tiersten,

    At the time of my post, the above was unknown information based on the OP at the time.
    You could work out that SVM was trying to bridge two LANs together using 802.11a. The 802.11a radios were in root and non root bridged mode with client access disabled. Client devices using the 802.11g radios which are in AP mode.
    Reply With Quote Quote  

  14. SWM
    SWM is offline
    Senior Member SWM's Avatar
    Join Date
    May 2006
    Location
    Australia
    Posts
    293

    Certifications
    MCSE 2003, MCITP 2008, MCTS Vista, MCTS SBS2008, Blackberry Certified Server Specialist
    #13
    Thanks tiersten for the replies

    Internet Exploder 8 had a Hemorrhage, sorry about the quotes...

    "For your 802.11a link though you need to make sure that both bridges have the same SSID set for 802.11a. The non root bridge needs to have that SSID set as the Infrastructure SSID"

    So you are saying both external 802.11a interfaces have the SAME SSID. Is this how the non-root bridge knows who it is allowed to communicate with? If so what prevents another WAP from attempting to connect to my root-bridge WAP if it can see and copies my SSID ?
    Reply With Quote Quote  

  15. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #14
    Quote Originally Posted by SWM View Post
    So you are saying both external 802.11a interfaces have the SAME SSID. Is this how the non-root bridge knows who it is allowed to communicate with?
    Yes. The root bridge advertises its own SSID and you tell the non root bridge to look for that SSID. I didn't notice that you had two different SSIDs in your config.

    Quote Originally Posted by SWM View Post
    If so what prevents another WAP from attempting to connect to my root-bridge WAP if it can see and copies my SSID ?
    Same way you stop people accessing your AP. Encryption

    You should be able to restrict it based on MAC address as well.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Mar 2007
    Posts
    958

    Certifications
    MCSE, MCP+I, MCP, A+, CCNA certified, Cisco Networking Academy Semester 4 graduate
    #15
    SWM,

    Quote Originally Posted by SWM View Post
    Thanks for all the replies
    HTML Code:
    Quote:Originally Posted by tech-airman [IMG]http://www.techexams.net/forums/images/buttons/viewpost.gif[/IMG] Instead of configuring the second WAP as a non-root bridge, try configuring the second WAP as a repeater.It wouldn't bridge the two LANs if you set it as repeater.
    Correct, thats why a repeater is not a option. Each WAP needs to provide local Wireless and ethernet access.
    Questions:
    1. Where does Ethernet access in Building 1 go to?
    2. Where does Ethernet access in Building 2 go to?
    3. How and why does the network in Building 1 need to be connected with the network in Building 2?
    4. Does any building have a WAN/upstream link and if so, which building(s)?

    Quote Originally Posted by SWM View Post
    HTML Code:
    Quote:Originally Posted by SWM [IMG]http://www.techexams.net/forums/images/buttons/viewpost.gif[/IMG] parent 1 001c.0ed1.c3d0
    I was clutching at straws when I entered that. The event log on the non root bridge indicated it cannot associate, so I gave it the root-bridge mac address.
    According to the "Cisco Aironet Access Point FAQ" at cisco.com, it states...
    Quote Originally Posted by Cisco Aironet Access Point FAQ
    Q: Which devices can associate with an AP?
    • AP to client
    • AP to AP (in repeater mode)
    • AP (in repeater mode) to base station (in AP mode)
    • AP to workgroup bridge
    Note that "AP (in non-root bridge mode)" is NOT listed. The purpose of using an AP (in non-root bridge mode)" is so that the AP can associate with a wireless bridge in root bridge mode. You cannot associate an AP in non-root bridge mode with an AP in root bridge mode as you learned.

    Source:
    1. "cisco Aironet Access Point FAQ" webpage at cisco.com - Cisco Aironet Access Point FAQ - Cisco Systems

    Quote Originally Posted by SWM View Post
    HTML Code:
    Quote:Originally Posted by SWM [IMG]http://www.techexams.net/forums/images/buttons/viewpost.gif[/IMG] antenna gain 22You do have a directional antenna with gain?
    Yes each site has a 22db external roof mounted antenna

    HTML Code:
    Quote:Originally Posted by SWM [IMG]http://www.techexams.net/forums/images/buttons/viewpost.gif[/IMG] encryption mode ciphers tkipNo AES support in your AP?
    I am happy to tighten security once the two waps are talking. hey I would even use WEP just to get bi directional communication happening, and then increase security.

    I used the GUI interface to configure and its put the same SSID on both the A and G radio !

    Do i need a different SSID on each but a matching SSID on both A's at each site that match each other? The Cisco help and documentation is very vague.
    Reply With Quote Quote  

  17. SWM
    SWM is offline
    Senior Member SWM's Avatar
    Join Date
    May 2006
    Location
    Australia
    Posts
    293

    Certifications
    MCSE 2003, MCITP 2008, MCTS Vista, MCTS SBS2008, Blackberry Certified Server Specialist
    #16
    thanks, for all the help.

    I will give it a go over the next day or so, because I have external antenna, I cannot configure it on my workbench, have to connect the antenna and both device in each building.

    Second building is a concrete warehouse with a tin roof. So until I get the WAP's working I have no phone or Internet access. So walking back and forth is starting to get annoying...

    Cheers and thanks once again, I will let you know....
    Reply With Quote Quote  

  18. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #17
    Quote Originally Posted by tech-airman View Post
    Note that "AP (in non-root bridge mode)" is NOT listed. The purpose of using an AP (in non-root bridge mode)" is so that the AP can associate with a wireless bridge in root bridge mode. You cannot associate an AP in non-root bridge mode with an AP in root bridge mode as you learned.
    It does work and that is how you're supposed to do it.
    Reply With Quote Quote  

  19. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #18
    Quote Originally Posted by SWM View Post
    I will give it a go over the next day or so, because I have external antenna, I cannot configure it on my workbench, have to connect the antenna and both device in each building.
    Yeah. It is much easier to play about if you don't need to go downstairs, outside, walk across, inside and then upstairs every time you want to change something on the other AP I guess you can't temporarily remove them?

    Quote Originally Posted by SWM View Post
    So until I get the WAP's working I have no phone
    Ehh... No big loss...

    Quote Originally Posted by SWM View Post
    or Internet access.
    Now this is more annoying
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Mar 2007
    Posts
    958

    Certifications
    MCSE, MCP+I, MCP, A+, CCNA certified, Cisco Networking Academy Semester 4 graduate
    #19
    Quote Originally Posted by tiersten View Post
    It does work and that is how you're supposed to do it.
    tiersten,

    Show me where "...you're supposed to do it?" While we're at it, show me where "...it does work....?" The OP clearly shows that it does NOT work.
    Reply With Quote Quote  

  21. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #20
    Quote Originally Posted by tech-airman View Post
    tiersten,

    Show me where "...you're supposed to do it?" While we're at it, show me where "...it does work....?" The OP clearly shows that it does NOT work.
    An access point in root bridge mode is the same as a wireless bridge in root bridge mode. The wireless bridges are designed to only do bridging. The access points are capable of both. Read the Link-Role Flexibility section of the 1240AG datasheet.

    It does work because I've got it running here between two 1242s. 802.11g for client access and 802.11a as the backhaul using bridge mode. One is in root bridge mode and one is in non root bridge mode.

    It won't work for the OP because he hasn't got it configured properly. The SSIDs aren't the same for one.
    Reply With Quote Quote  

  22. SWM
    SWM is offline
    Senior Member SWM's Avatar
    Join Date
    May 2006
    Location
    Australia
    Posts
    293

    Certifications
    MCSE 2003, MCITP 2008, MCTS Vista, MCTS SBS2008, Blackberry Certified Server Specialist
    #21
    Hi tech-airman
    Questions:
    1. Where does Ethernet access in Building 1 go to?
    2. Where does Ethernet access in Building 2 go to?
    3. How and why does the network in Building 1 need to be connected with the network in Building 2?
    4. Does any building have a WAN/upstream link and if so, which building(s)?
    Answers

    1. Ethernet in main building is our main LAN, i,e servers, printers DSL router etc, workstations etc
    2. Ethernet is second office is used for offsite data backup, and the odd workstation (second building is a warehouse)
    3 User need to take laptops from Building one and connect to server infrastructure in building 1 whilst using wireless when in building two.
    4 As I said building one has all the infrastructure.

    The end result needs to be laptops or desktops can be connect either via ethernet cable or wireless in the second office (a tad slower) but have full connectivity...

    Hope this make sense
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Mar 2007
    Posts
    958

    Certifications
    MCSE, MCP+I, MCP, A+, CCNA certified, Cisco Networking Academy Semester 4 graduate
    #22
    Quote Originally Posted by SWM View Post
    Hi tech-airman
    Questions:
    1. Where does Ethernet access in Building 1 go to?
    2. Where does Ethernet access in Building 2 go to?
    3. How and why does the network in Building 1 need to be connected with the network in Building 2?
    4. Does any building have a WAN/upstream link and if so, which building(s)?
    Answers

    1. Ethernet in main building is our main LAN, i,e servers, printers DSL router etc, workstations etc
    2. Ethernet is second office is used for offsite data backup, and the odd workstation (second building is a warehouse)
    3 User need to take laptops from Building one and connect to server infrastructure in building 1 whilst using wireless when in building two.
    4 As I said building one has all the infrastructure.

    The end result needs to be laptops or desktops can be connect either via ethernet cable or wireless in the second office (a tad slower) but have full connectivity...

    Hope this make sense
    SWM,

    Thank you for helping me understand your network better. At this time, here's my recommendations:
    1. For the WAP in Building 2, set the Dot11Radio1 interface to "station-role workgroup bridge"
    2. For the WAP in Building 2, set the Dot11Radio0 interface to "station-role access point"
    3. Verify that the SSID used on the WAP in Building 1 matches that with the WAP in Building 2.
    4. Make sure that from an IP scheme perspective that both the WAP in Building 1 and the WAP in Building 2 share the same IP sub/network.
    5. Post back if these steps help or not.
    Reply With Quote Quote  

  24. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #23
    Quote Originally Posted by tech-airman View Post
    For the WAP in Building 2, set the Dot11Radio1 interface to "station-role workgroup bridge"
    For what SVM wants, it should be configured as a root bridge and non root bridge. A workgroup bridge won't do transparent bridging because the bridge is associated as a client device. A root bridge/non root bridge setup will do transparent bridging.
    Reply With Quote Quote  

  25. SWM
    SWM is offline
    Senior Member SWM's Avatar
    Join Date
    May 2006
    Location
    Australia
    Posts
    293

    Certifications
    MCSE 2003, MCITP 2008, MCTS Vista, MCTS SBS2008, Blackberry Certified Server Specialist
    #24
    Thanks tiersten for all your help, its working perfectly.

    Once I created the SSID that matched on both "A" External intefaces and the required security, the interface on the "non-root-bridge" automatically became "enabled and up" as it could associate with the "root-bridge"

    thanks again.
    Reply With Quote Quote  

  26. was here.
    Join Date
    Apr 2008
    Posts
    4,507
    #25
    Quote Originally Posted by SWM View Post
    Thanks tiersten for all your help, its working perfectly.

    Once I created the SSID that matched on both "A" External intefaces and the required security, the interface on the "non-root-bridge" automatically became "enabled and up" as it could associate with the "root-bridge"
    Great that you've got it working. You had pretty much all the config actually apart from the matching 802.11a SSIDs. I do agree that the documentation is a little lacking. The web GUI runs like molasses as well which can get frustrating.

    Make sure nobody loses the passwords this time
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks