I finally found the right document that enabled me to setup a couple of 1242 IOS APs as a bridge link and use WPAv2 and AES encryption.
The document I used was the Wi-Fi Protected Access 2 (WPA 2) Configuration Example : LINK
Here is a screen grab of the non-root bridge association statistics:
 |
| From ccie(w) |
I used the config guide to setup the link via the GUI, and this is the pertinent CLI output for the Root Bridge.
aaa group server radius rad_eap
server 192.168.200.10 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
!
server 192.168.200.10 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
!
dot11 ssid Cisco
vlan 200
authentication network-eap eap_methods
authentication key-management wpa
authentication client username admin password 0 Cisco123
infrastructure-ssid
!
vlan 200
authentication network-eap eap_methods
authentication key-management wpa
authentication client username admin password 0 Cisco123
infrastructure-ssid
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 200 mode ciphers aes-ccm
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 200 mode ciphers aes-ccm
!
ssid Cisco
ssid Cisco
!
!
station-role root bridge
!--- for the non-root bridge: station-role non-root bridge
!--- for the non-root bridge: parent 1 [parent AP MAC address]
radius-server local
no authentication eapfast
no authentication mac
nas 192.168.200.10 key 0 Cisco123
user admin password 0 Cisco123
no authentication eapfast
no authentication mac
nas 192.168.200.10 key 0 Cisco123
user admin password 0 Cisco123
!
radius-server host 192.168.200.10 auth-port 1812 acct-port 1813 key 0 Cisco123
radius-server host 192.168.200.10 auth-port 1812 acct-port 1813 key 0 Cisco123
No comments:
Post a Comment