Configure two Cisco Waps root bridge and non root bridge
SWM
Member Posts: 287
Help
I have two Cisco 1240AG WAP's that I am trying to configure to allow two offices buildings (about 20m apart) to connect to each other.
Both WAP's were working, although the client did not know the username passwords, and as a result could not change the WPA key and the IP subnet was also wrong.
Long story short, we had no current config and I discovered that these WAPS do not have a rommon mode, so a complete reset was done and reconfigure, so both devices have been blanked and resetup.
The Radio0-802.11G interfaces on both devices are working well and allowing clients to connect.
I am trying to get the WAP's talking via the 802.11A interfaces, with one device in "Root Bridge" and the other in "non-Root Bridge".
My problem is the non-root bridge device keeps showing :software hardware status disabled when I select non root bridge. If i configure this interface as a AP it enables fine....
Config ...
Radio0-802.11G on WAP1 is rootbridge
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid ADELWAP1
!
no dfs band block
parent 1 001c.0ed1.c3d0
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.
0 basic-54.0
channel dfs
station-role root bridge
antenna gain 22
bridge-group 1
bridge-group 1 spanning-disabled
!
Radio0-802.11G on WAP2 is non rootbridge
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid ADELWAP2
!
parent 1 001c.0ed1.d9b0
parent timeout 65535
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.
0 basic-54.0
station-role non-root bridge
antenna receive right
antenna transmit right
antenna gain 22
bridge-group 1
bridge-group 1 spanning-disabled
Any clues on what I am doing wrong ?
I have two Cisco 1240AG WAP's that I am trying to configure to allow two offices buildings (about 20m apart) to connect to each other.
Both WAP's were working, although the client did not know the username passwords, and as a result could not change the WPA key and the IP subnet was also wrong.
Long story short, we had no current config and I discovered that these WAPS do not have a rommon mode, so a complete reset was done and reconfigure, so both devices have been blanked and resetup.
The Radio0-802.11G interfaces on both devices are working well and allowing clients to connect.
I am trying to get the WAP's talking via the 802.11A interfaces, with one device in "Root Bridge" and the other in "non-Root Bridge".
My problem is the non-root bridge device keeps showing :software hardware status disabled when I select non root bridge. If i configure this interface as a AP it enables fine....
Config ...
Radio0-802.11G on WAP1 is rootbridge
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid ADELWAP1
!
no dfs band block
parent 1 001c.0ed1.c3d0
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.
0 basic-54.0
channel dfs
station-role root bridge
antenna gain 22
bridge-group 1
bridge-group 1 spanning-disabled
!
Radio0-802.11G on WAP2 is non rootbridge
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid ADELWAP2
!
parent 1 001c.0ed1.d9b0
parent timeout 65535
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.
0 basic-54.0
station-role non-root bridge
antenna receive right
antenna transmit right
antenna gain 22
bridge-group 1
bridge-group 1 spanning-disabled
Any clues on what I am doing wrong ?
Isn't Bill such a Great Guy!!!!
Comments
Instead of configuring the second WAP as a non-root bridge, try configuring the second WAP as a repeater.
No AES support in your AP?
The root bridge shouldn't have a parent?
You do have a directional antenna with gain?
When I setup a bridge, I just specified the root bridge's SSID in the non root bridge config.
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid SSIDofRootBridgeHere
!
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role non-root bridge
bridge-group 1
bridge-group 1 spanning-disabled
!
tiersten,
I was just trying to deal with the equipment that already exists which is a pair of WAPs.
[HTML]
Quote:Originally Posted by tech-airman
Correct, thats why a repeater is not a option. Each WAP needs to provide local Wireless and ethernet access.
[HTML]
Quote:Originally Posted by SWM
I was clutching at straws when I entered that. The event log on the non root bridge indicated it cannot associate, so I gave it the root-bridge mac address.
[HTML]
Quote:Originally Posted by SWM
Yes each site has a 22db external roof mounted antenna
[HTML]
Quote:Originally Posted by SWM
[/HTML]
I am happy to tighten security once the two waps are talking. hey I would even use WEP just to get bi directional communication happening, and then increase security.
I used the GUI interface to configure and its put the same SSID on both the A and G radio !
Do i need a different SSID on each but a matching SSID on both A's at each site that match each other? The Cisco help and documentation is very vague.
That is the default. You can change it from the GUI via SECURITY -> SSID Manager.
Select the SSID you want to modify and then check/uncheck the relevant radio.
You can have the same SSID on both radios if you want. It doesn't matter.
For your 802.11a link though you need to make sure that both bridges have the same SSID set for 802.11a. The non root bridge needs to have that SSID set as the Infrastructure SSID.
Very rough set of steps:
1. Create a SSID with relevant security for the 802.11g radio on both APs.
2. Create a SSID with relevant security for the 802.11a radio on both APs.
3. Set the 802.11g radio in both APs to be in Access Point mode.
4. Set the 802.11a radios in both APs to use the correct antenna socket since you've got an external antenna.
5. Set the 802.11a radio in one to be in root bridge mode.
6. Set the 802.11a radio in the remaining AP to be in non root bridge mode.
7. Set the SSID as the Infrastructure SSID on the non root bridge.
8. Enable both radios on both APs
I know you've done some of these steps before. That should be enough to get them to talk to each other and act as a bridge + AP. What does the log show anyway?
tiersten,
At the time of my post, the above was unknown information based on the OP at the time.
Internet Exploder 8 had a Hemorrhage, sorry about the quotes...:)
"For your 802.11a link though you need to make sure that both bridges have the same SSID set for 802.11a. The non root bridge needs to have that SSID set as the Infrastructure SSID"
So you are saying both external 802.11a interfaces have the SAME SSID. Is this how the non-root bridge knows who it is allowed to communicate with? If so what prevents another WAP from attempting to connect to my root-bridge WAP if it can see and copies my SSID ?
Same way you stop people accessing your AP. Encryption
You should be able to restrict it based on MAC address as well.
Questions:
According to the "Cisco Aironet Access Point FAQ" at cisco.com, it states...
Note that "AP (in non-root bridge mode)" is NOT listed. The purpose of using an AP (in non-root bridge mode)" is so that the AP can associate with a wireless bridge in root bridge mode. You cannot associate an AP in non-root bridge mode with an AP in root bridge mode as you learned.
Source:
I will give it a go over the next day or so, because I have external antenna, I cannot configure it on my workbench, have to connect the antenna and both device in each building.
Second building is a concrete warehouse with a tin roof. So until I get the WAP's working I have no phone or Internet access. So walking back and forth is starting to get annoying...
Cheers and thanks once again, I will let you know....
Ehh... No big loss...
Now this is more annoying
tiersten,
Show me where "...you're supposed to do it?" While we're at it, show me where "...it does work....?" The OP clearly shows that it does NOT work.
It does work because I've got it running here between two 1242s. 802.11g for client access and 802.11a as the backhaul using bridge mode. One is in root bridge mode and one is in non root bridge mode.
It won't work for the OP because he hasn't got it configured properly. The SSIDs aren't the same for one.
Questions:
- Where does Ethernet access in Building 1 go to?
- Where does Ethernet access in Building 2 go to?
- How and why does the network in Building 1 need to be connected with the network in Building 2?
- Does any building have a WAN/upstream link and if so, which building(s)?
Answers1. Ethernet in main building is our main LAN, i,e servers, printers DSL router etc, workstations etc
2. Ethernet is second office is used for offsite data backup, and the odd workstation (second building is a warehouse)
3 User need to take laptops from Building one and connect to server infrastructure in building 1 whilst using wireless when in building two.
4 As I said building one has all the infrastructure.
The end result needs to be laptops or desktops can be connect either via ethernet cable or wireless in the second office (a tad slower) but have full connectivity...
Hope this make sense
SWM,
Thank you for helping me understand your network better. At this time, here's my recommendations:
Once I created the SSID that matched on both "A" External intefaces and the required security, the interface on the "non-root-bridge" automatically became "enabled and up" as it could associate with the "root-bridge"
thanks again.
Make sure nobody loses the passwords this time
i have the same problem.
with root bridge and non-root bridge configuration.
i am trying to connect the two points via "a" with the same SSID
can anyone write the steps with some more details???????????
i'm trying to do that exact thing - would you mind helping out? thanks.