1300 Bridge: VLAN and encryption question

Similar Messages

• 1242AG Bridge, VLAN and Multiple SSIDs

  I have two buildings that I'm trying to configure a bridge in between them using 2 1242AG APs.
  Building A
  PCOFFICE SSID on VLAN 200 Radio G
  ROOT_1 SSID on Native VLAN 1 Radio A
  Root Bridge
  Building B
  FDAPC SSID on Native VLAN 1 Radio G
  ROOT_1 SSID on Native VLAN 1 Radio A
  We are using directional antenna.  I know they are lined up properly because I have them both down and in front of me.  I'm getting an error on the Building B AP that says "
  No SSID with VLAN configured. Dot11Radio1 not started." and I'm unable to get this to work.  The bridge was working before I added the VLAN and encryption/WPA information for the PCOFFICE and FDAPC SSIDs
  Any assistance would be amazing.  Thanks!  Please see attached files for configurations.  I know the switch is configured properly because I had this working before and forgot to save the damn configuration off the devices.  I'm not having to do it over from scratch.

  That did not work.
  I've managed to fix the ROOT_1 and FDAPC... now I'm having an issue where I can attempt to connect to the PCOFFICE SSID but I'm unable to get a DHCP address from the server.
  Here is the config for the AP with PCOFFICE on it and the switch.
  SWITCH
  interface GigabitEthernet3/2
  switchport trunk allowed vlan 1,200
  switchport mode trunk
  interface Vlan1
  ip address 192.168.3.4 255.255.255.0
  interface Vlan200
  ip address 192.168.30.2 255.255.255.0
  ip helper-address 192.168.3.98
  ip default-network 192.168.3.0
  ip route 0.0.0.0 0.0.0.0 192.168.3.1
  no ip http server
  ACCESS POINT
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname AP1_ROOT_AP
  enable secret 5 REMOVED
  ip subnet-zero
  no aaa new-model
  dot11 vlan-name VLAN1 vlan 1
  dot11 vlan-name pcCopper vlan 200
  dot11 ssid PCOFFICE
     vlan 200
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 7 REMOVED
  dot11 ssid ROOT_1
     vlan 1
     authentication open
     authentication key-management wpa
     infrastructure-ssid optional
     wpa-psk ascii 7 REMOVED
  dot11 network-map
  dot11 arp-cache optional
  power inline negotiation prestandard source
  username Cisco password 7 REMOVED
  username admin privilege 15 password 7 REMOVED
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  encryption vlan 200 mode ciphers tkip
  ssid PCOFFICE
  speed basic-2.0 5.5 11.0 12.0 18.0 24.0 36.0 48.0 54.0
  no power client local
  power client 17
  power local cck 17
  power local ofdm 17
  channel 2462
  station-role root access-point
  antenna receive right
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 port-protected
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface Dot11Radio0.200
  encapsulation dot1Q 200
  no ip route-cache
  bridge-group 200
  bridge-group 200 subscriber-loop-control
  bridge-group 200 block-unknown-source
  no bridge-group 200 source-learning
  no bridge-group 200 unicast-flooding
  bridge-group 200 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  encryption vlan 1 mode ciphers tkip
  ssid ROOT_1
  dfs band 3 block
  speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
  no power client local
  power client 11
  power local 11
  channel 5180
  station-role root bridge
  antenna receive right
  antenna transmit right
  interface Dot11Radio1.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  hold-queue 160 in
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0.200
  encapsulation dot1Q 200
  no ip route-cache
  bridge-group 200
  bridge-group 200 spanning-disabled
  interface BVI1
  ip address 192.168.3.241 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.3.1
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  control-plane
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local

• 1300 Bridge VLAN support

  Dears
  i have two sites required to be connected using wireless 1300 bridge but There is 30 VLAN and i think that 1300 series support 16 VLAN only is it right ?. Please advice me if 1300 support more than 16 VLAN how to conigure it if not support then which mode support more VLANS.
  Thanks

  buy a pair of routers, and use the 1300's to provide the link between the routed interfaces, then you only have to pass one VLAN between them.
  Then, if you're still desperate to get those specific VLANs to the other site, I believe you can do some magic with your routers to tunnel them inside your routed link.

• Bridge gallery and iWeb questions, newbie....

  Hi All....
  I have made myselve a page in iWeb but I´m not happy with the gallery-layout with thumpnails and small sized pictures, I would like my galleries to be scroll down type, OR just one picture at the time and nothing else, except "Next/previous" and a "Menu" sign, either in a good (>>>big pictures) size....
  I have this morning realized that I can do that in Bridge, so I have made myselve a testgallery and uploaded to my site via Bridge, and I can see in Filezilla that it is there, but I can´t see it on my page, off course because there´s no link between the two of them, the question is, how do I make my page show the gallery....???
  I haven´t been able to locate the testgallery on the web, as mentioned I can see in Filezilla that it is there somewhere, but how to find it out there I don´t know....
  My homepage is called www.easerfoto.dk and the gallery I have oploaded is called Bridgegallerytest, if it has any relevance....
  If anyone have a page that is made in Bridge and care to share how´s, then please step forward, I´m on zero here, any tip is appreciated....;-)
  Maybe I should mention that I am an complete NOOB on all this (managed to have Filezilla working first time last week), but want to learn....
  Bjarke

  When you created your gallery did you publish the file to a folder?  And was one of the files in that folder named index.htm or html?  Make sure the gallery works correctly by opening the index.html file with your browser from the gallery copy on your hard drive. 
  Then upload to the root directory of your account on the server.  The url would be something like this:  http://www.easerfoto.dk/Folder_name/index.html.
  Put that URL in the iFrame code below in an HTML snippet. The iFrame code in the snippet would look like this:
  <iframe height="XXXpx" allowTransparency="true" frameborder="0" scrolling="no" style="width:XXXpx;border:none" src=" http://www.easerfoto.dk/Folder_name/index.html"></iframe>
  Adjust the height and width dimensions to fit the size of the gallery you want on the page.
  Also for what it's worth there are other gallery types of presentations, some from iPhoto with a free plugin, that might be of interest to you:
  SimpleViewer and Flash Album Exporter
  Flash Album Exporter Postcard and AutoViewer Slideshow Themes
  Jalbum Examples
  OT

• PCI and Encryption questions

  Hi All,
  Under WS2013 R2 Std Remote Desktop Services (RDP, Terminal Services),
  1)  are there any special PCI (credit card security) requirements?
  and
  2)  is there a way to use 2048 bit encryption?
  Many thanks,
  -T

  Hi,
  Here providing you general link which might helpful to understand.
  1.  What's New in BitLocker for Windows 8.1 and Windows Server 2012 R2
  2.  6 Appendix A: Product Behavior
  3.  Microsoft Security Advisory: Update for minimum certificate key length
  Hope it helps!
  Thanks,
  Dharmesh

• Transfering from PhotoshopCS3 to CS5 Bridge keywording and rating questions?

  I have been using my daughter's photoshop CS3 on her computer and have keyworded and star rated most of my photos. She is now leaving home and I am going to purchase CS5 (as she will be taking her computer and the program). How do I transfer all these to the new version of CS5? I have spent soooo much time doing this and don't want to have to redo all the hard work.
  I read somewhere that the keywords are embedded in the metadata. If that is so, would I just create the new keywords in the newer version and it will pick them up when I import the photos? I can't seem to find anything about importing star ratings.
  Any suggestions???  I don't want to go ahead and purchase the new program until I know if this will work.

  Keywords are embedded on the image so it is portable no matter what viewer.  So there should be no problem in switching from CS3 to 5, worked for me. 
  However, (there always is a however isn't there?) the keyword panel will show italacized keywords meaning they are tempary.  You can right click on the keyword and choose "make persistant".
  If you like the keyword structure on your daughters computer click on the arrow in upper right hand corner of the keyword panel and choose Export.  Save it on a flash drive and you will have it for future use.
  I think the stars will be OK also.
  Hope this helps.

• Java and encryption - question please...

  Hi all,
  Does Java provides libraries for encryptions eg DES. or i need to find Dll or alternatively write the whole crap?
  any hint, online tips , example will be appreciated.
  best regards
  rahman

  Thanks for quick replies of you guys!!
  I really really appreciated.
  Mine is jdk 1.4 which means i already have the encryption stuff.
  Is there any example available to show usage of one of these encryptions eg DES at all.
  will be really appreciated.
  regards
  rahman

• 1300 bridge with native and management vlan in different vlans

  Hello,
  We are going to set up a wireless bridge between two 1300 accesspoints. In our network the native vlan and the management vlan are different vlan's. Will we be able to manage the ap and switch at the "remote" site? Do we have to set up two ssid's, one for native and one for management?
  regards,
  Rutger

  Too answer my own question:
  I don't think it is possible. Things work fine by making our management vlan the native vlan on switches and ap's involved. Management IP address on the BVI1 interface and everything works!
  Rutger

• Is it possible to do multiple ssids and encryptions on an autonomous AP without vlans?

  I got a customer who just has autonomous APs. They are upgrading from 1210s to 1262s. They are currently running a config that is wide open with no authentication or encryption and using a VPN tunnel on the wireless clients for security. They want to switch to using WPA2/PSK with the new APs. They have existing clients that have to continue to work during the upgrade to the new APs. They run 3 shifts so it is a 24 hr operation with no downtime. What I was thinking would be to configure the 1262 with multiple SSIDs, one with their existing settings and one with the new. Then I could swap the APs one at a time and it would only impact service for a short period of time while I was mounting the new AP. Then once all the new APs are installed I could transition the clients over to the new SSID and encryption then disable the old SSID once all the clients are switched over. I've done this before with a WLC but not with an autonomous APs. The only config examples I can find uses VLANs. This customer is not using VLANs. Is there anyway to use multiple SSIDs with different encryption on a single radio on an autonomous 1262 without VLANs?
  The site has about 30 APs and 100 clients. Yes I know a controller would be preferred for a site of this size but that is a question for sales and why they didn't see them a controller. I just get stuck with what they sell them.
  thanks

  Hi Don,
  Im afraid on the autonmous platform you can not map multiple WLANS to a single vlan.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• AES-CCMP and 1300 bridges

  I'm looking for a document showing the settings and how to use AES-CCMP with the latest firmware on the 1300 bridges.

  I use my Br1300 in bridge-mode with WPA-PSK and aes-ccm. Note the bug mentioned in the config.
  *** root***
  interface Dot11Radio0
  no ip address
  no ip route-cache
  no concat (CSCef66724)
  cca 61
  station-role root
  encryption mode ciphers aes-ccm
  ssid xxxx
  authentication open
  authentication key-management wpa
  infrastructure-ssid
  wpa-psk ascii 0 1234567890
  ***non-root***
  interface Dot11Radio0
  no ip address
  no ip route-cache
  no concat (CSCef66724)
  cca 61
  station-role non-root
  encryption mode ciphers aes-ccm
  ssid xxxx
  authentication open
  authentication key-management wpa
  infrastructure-ssid
  wpa-psk ascii 0 1234567890

• 1300 bridges trunking question

  Hi all,
  I have two 1300 bridges connecting two buildings. Both buildings are using native vlan. I only have one SSID and native vlan on the birdges. There is a L3 switch connecting to the root bridge and L2 switch connecting to the non-root bridge.
  Right now, we are upgrading the network to support mutilple vlans. Do I need to make trunking on the bridges in order for the bridges to pass multiple vlans traffic? I already made trunking (802.1q) on both switches. But once I assign ports to access different vlan, I could not get dhcp address (except native vlan)if I am on the second building.
  Any suggestion/comment?
  thanks
  Gene

  Hey Gene,
  I had a similar setup and the only thing you need to care about pretty much is that the native vlan in your bridges is the one assigned to the SSID which it linking those 1300 together... All the rest of the vlans at your switch will pass through the wireless link effortlessly... :)
  Just try to be sure you are NOT restricting vlans at the switch port where you have your bridges connected.
  If you need any assistance please do not hesitate in contact me... :)
  Cheers,
  Hery

• 1300 Bridge - Extending VLANs in Pt-to-Pt Mode

  I need to set up 1300 series Wireless Bridges in a point-to-point mode, and I need to extend several VLANs from one building to the other.
  On the 1231G/1242AG APs in AP mode, each SSID must be mapped to a unique VLAN ID. Is this also the case with the 1300 bridge?
  Is there a good doc out there that explains how to config what I'm trying to do?

  No its no the case, you can have several vlans going over one SSID.
  Just create sub interfaces on the Dot1radio interface and Ethernet interface.
  like this (this will pass the native vlan and vlan 2 and 3 ) -
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  bridge-group 2 spanning-disabled
  interface Dot11Radio0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  bridge-group 3 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  hold-queue 80 in
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  bridge-group 2 spanning-disabled
  interface FastEthernet0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  bridge-group 3 spanning-disabled
  There is a guide here
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanbr

• Native VLAN over 1300 bridge

  Does the BVI interface work on the native VLAN or always on VLAN1 on a 1300 bridge? If I set a VLAN other than VLAN1 for native will that move the BVI to that VLAN?
  Also, does the native vlan have to match at both ends or does it only have local significance? If I had a point to multipoint bridge link, could one remote bridge be set for a different native vlan than another remote bridge?
  I have a bridge link that carries two data vlan's and a voice vlan. At the remote end I only have a phone connected to the bridge directly and have configured the phone to be on the correct voice vlan but I need the computer to access a vlan other than the native. I know I cannot configure the phone to have the PC use the proper vlan as it just uses what the bridge tells it is the native.
  All network equipment is managed in the vlan1, the native vlan, and user data is on another vlan.
  Seth

  You cannot configure multiple VLANs on repeater access points. Repeater access points support only the native VLAN.

• Adobe bridge appears as a question mark on iMac dock and will not open, why?

  Adobe bridge appears as a question mark on iMac dock and will not open, why?

  Because your Bridge install is somehow messed up.
  BOILERPLATE TEXT:
  If you give complete and detailed information about your setup and the issue at hand, such as your platform (Mac or Win), exact versions of your OS, of Photoshop and of Bridge, machine specs, what troubleshooting steps you have taken so far, what error message(s) you receive, if having issues opening raw files also the exact camera make and model that generated them, etc., someone may be able to help you.
  Please read this FAQ for advice on how to ask your questions correctly for quicker and better answers:
  http://forums.adobe.com/thread/419981?tstart=0
  Thanks!

• Simple question involving data signing and encryption

  What is exactly mean by signing and encrypting data?
  And how would it apply to the case of a web browser..where I have to sign and encrypt data to and from a web browser? In this case it is an output and input stream.
  Does every byte have to be signed or just the starting bytes? Singing every byte would make the process slow and inefficient

  I know if you you sign and encrypt the data to the
  web browser, it will obviously not be recognized but
  this is my scenario:Your ASCII art didn't come across at all, I'm afraid - I'm not sure what you were going for, but I can't seem to recreate it. I think I can follow the explanation, though.
  P is the program i am developing. It is supposed to
  encrypt and sign data to and from the web browser.
  P1 get the web browser request, encrypts the data
  a and is supposed to sign the data...send it
  to P2 which decrypts and verifies the signing which
  then forwards it to the proxy or the server as seen.
  Vice versa from the server response.So you're working on a web-proxy that encrypts it's transmissions, and you want to add signature verification as well.
  My question still remains...how do you sign a stream?I answered your question, actually. You don't sign "streams" - you sign "messages". In your case, you sign the entire transmission, and then you transmit it.
  Right now I am using RSA keys to send a symmetric key
  across safely for the decryption etc I have the
  encryption/decryption process covered and the browser
  works..but i didn't do signing of any sort...how to
  implement this..for every byte? Is signing necessary?Given your requirements, I have to ask - why are you re-creating SSL? If you have P1 and P2 talk SSL to each other, you get everything you've described here, including signing. I don't understand why you feel the need to recreate an existing protocol.
  Grant