Monday, February 8, 2010

IOS Bridge link with WPAv2 & AES

I finally found the right document that enabled me to setup a couple of 1242 IOS APs as a bridge link and use WPAv2 and AES encryption.

The document I used was the Wi-Fi Protected Access 2 (WPA 2) Configuration Example : LINK 

Here is a screen grab of the non-root bridge association statistics:
From ccie(w)
I used the config guide to setup the link via the GUI, and this is the pertinent CLI output for the Root Bridge.
aaa group server radius rad_eap
 server auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
dot11 ssid Cisco
   vlan 200
   authentication network-eap eap_methods
   authentication key-management wpa
   authentication client username admin password 0 Cisco123
interface Dot11Radio1
 no ip address
 no ip route-cache
 encryption mode ciphers aes-ccm
 encryption vlan 200 mode ciphers aes-ccm
 ssid Cisco
 station-role root bridge
!--- for the non-root bridge: station-role non-root bridge
!--- for the non-root bridge: parent 1 [parent AP MAC address]
radius-server local
  no authentication eapfast
  no authentication mac
  nas key 0 Cisco123
  user admin password 0 Cisco123
radius-server host auth-port 1812 acct-port 1813 key 0 Cisco123

No comments:

Post a Comment