Root Bridge Configuration

Similar Messages

• SAP 1602 Wireless bridge issue. Non root bridge loses it's configuration

  Hi guys,
  Today I tried to configure wireless link between two autonomous AP 1602 APs.
  There is a problem with Non-root bridge. I configured it with this command:
  AP2(config-if)#station-role non-root wireless-clients
  Non-root bridge successfully joins the root bridge (root AP). Anyway, this configuration does not work, if I reload my non-root bridge. Even without reload, If I check my non-root bridge configuration it looks like this:
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption vlan 1 mode ciphers aes-ccm
  ssid WiFi-Bridge
  antenna gain 0
  stbc
  beamform ofdm
  Command "station-role non-root wireless-clients" is missing here. But I just configured it few seconds ago... Does anyone know, where could be a problem?

  Okay... Everything works with OPEN ssid. Not with my WPA 2 configuration.
  On both APs configuration looks like this:
  dot11 ssid Private
     vlan 10
     authentication open
     authentication key-management wpa version 2
     guest-mode
     wpa-psk ascii 7 01100F175804575D72
  interface Dot11Radio0
  encryption vlan 10 mode ciphers aes-ccm
  ssid Private
  infrastructure-client ( on Root AP)
  station-role root bridge wireless-clients ( on Root AP)
  Few debugs:
  *Mar  2 09:57:30.554: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  9c02.986d.9675 Reassociated KEY_MGMT[WPAv2 PSK]
  *Mar  2 09:57:30.938: dot11_auth_client_abort: Received abort request for client 9c02.986d.9675
  *Mar  2 09:57:30.938: dot11_auth_client_abort: No client entry to abort: 9c02.986d.9675 for application 0x1
  *Mar  2 09:57:30.938: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 9c02.986d.9675 Reason: Sending station has left the BSS
  *Mar  2 09:57:30.986: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  9c02.986d.9675 Reassociated KEY_MGMT[WPAv2 PSK]
  *Mar  2 09:57:31.350: dot11_auth_client_abort: Received abort request for client 9c02.986d.9675
  *Mar  2 09:57:31.350: dot11_auth_client_abort: No client entry to abort: 9c02.986d.9675 for application 0x1
  *Mar  2 09:57:31.350: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 9c02.986d.9675 Reason: Sending station has left the BSS
  *Mar  2 09:57:31.398: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  9c02.986d.9675 Reassociated KEY_MGMT[WPAv2 PSK]
  *Mar  2 09:57:31.766: dot11_auth_client_abort: Received abort request for client 9c02.986d.9675
  Everything works with android device and WPA2 if I change configuration to this:
  dot11 ssid Private
     vlan 10
     authentication open
     authentication key-management wpa version 2
     mbssid guest-mode
     wpa-psk ascii 7 01100F175804575D72
  interface Dot11Radio0
  encryption vlan 10 mode ciphers aes-ccm
  ssid Private
  station-role root
  mbssid

• Configuring Root Bridge Primary and Secondary on a Switch Stack

  Hi, Consider a small LAN using a collapsed core design with two Catalyst 3650 switches in a stack as the core/distribution layer. There are several 2960X switches with cross-stack EtherChannels to the 3650's. After enabling Rapid-PVST, best practice would be to configure the root bridge. The question is, would it be sufficient to configure the stack to be the Root Primary and not configure a secondary, based on a failure of the stack master switch would elect the slave to become the stack master and effectively become the root bridge?
  Thanks
  Tony

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  BTW, don't know if issue also applies to 3650 stacks, but on 3750 stacks, if stack master fails, I believe your port channels will reset because, by default, stack's MAC changes.  However (again at least for 3750s), the stack can be configured to retain the original master MAC.

• Access Point Bridge Configuration

  I have two 1262N access points with 5Ghz antennas, and I have configured one of them as a root bridge and the other as a non-root bridge; both using the same ssid.  I have enble both dott11Radio interfaces on each access point.  The problem I am having is that they do not associate.  I have not configured them for any encryption or security.  I just want to make sure the connect before I add any other configuration.  Is there anything else that I need to configure to make them associate.

  Wrong forum, post in "wireless". You can move your post using the actions panel on the right.

• 1300 Root-Bridge and Non-Root Bridge setup

  I have two 1300s that I am trying to set up as Root Bridge and Non-Root Bridge, however, everytime i specify one of them as a Non-Root bridge, the radio0 interface becomes disabled. The only option that i am able to pick that enables the radio0 interface is "Access Point", which is what am trying to avoid it being.
  Can anybody help me figure out how to go about this

  A non-root's radio will show as disabled if it cannot find the root AP to associate to. Make sure you have "infrastructure-ssid" configured under the SSID on both the root and non-root bridges. Also depending on code versions you may have to configure the distance command under the radio interface on the root.

• AIRONET 1310 BRIDGE CONFIGURATION

  Hi I desperately need help. I am trying to configure 2 Aironet 1310s as Root bridge and non-Root bridge. When I configure the root bridge the wireless interface remains up.When I try to configure the non-root bridge the AP/Bridge will assume the role of non-root bridge and immediately disable the wireless interface with line potocol down .I tried swapping the roles and still get the same proble. I am running IOS version 12.4(10b)JA

  Hi
  I finally made a breakthrough. The issue here is the internal antannae. It seems it does not work well. I tried to use the antannae from the linksys wireless router and enabled them, I one time got the radios associate. I connected to the network and was able to ping the Pcs on each end of the network.
  Now what I am interested in finding out is why those radios cannot work with the internal antannae. The model I have is AIR-BR-1310-E-K9-R.Is this designed to come with an internal antanna. I was able to pick one bar from my laptop from within 5 metres from the bridge. so what is the issue with these radios.

• Can one Root Bridge support multiple non-root bridges?

  Hey gang,
  I have a pretty simple question here I think
  I have a wireless bridge currently setup to support a separate office building on our property about 200 yards away from the main building.  The wireless bridge has been working great and was a much cheaper solution when compared to the cost of making a fiber drop to this building.  The needs of our business have changed (go figure), to include a warehouse building also on the backside of the property.  It's not feasible to run a cable between these two building either.  So I need to create another wireless bridge to this back warehouse as well.  My question is can I just use another non-root bridge to link to the root bridge already in place, or does each wireless bridge require one root bridge and one non-root bridge?
  I have good LoS to both buildings from where the current root bridge is, so if two non-root bridges can talk to one root bridge I should be able to just an additional non-root bridge and be good to go.  But if wireless bridges are meant to be a one to one setup, then I'll need to setup an additional root bridge to link to the new non-root bridge?
  It seems like you should be able to have one root bridge link to multiple non-root bridges but I haven't been able to find any clear examples of this being done.
  Thanks in advance for the help!

  That was just too easy.
  I copied the configuration from the working non-root bridge to my laptop.  I changed out the ip address of the BVI interface.  I uploaded the configuration to the new 1300 bridge.  I plugged it in and pointed the yagi antenna in the general direction of the original root bridge and started pinging the new 1300.  Success!
  I'll use my spare 1300 to get service up and running in the warehouse by the end of the week and I'll just need to order one more 1300 to make sure I have spare on hand if needed.
  Thanks again!

• Two root bridge in same network

  Dear Team,
  As I checked, there are two root bridge in the same LAN.
  We have 6500 which is manually configured as root bridge and this is showing root for all the vlans in the network. Once switch connected to 6500 through 4500 is showing root for the vlans that not assigned to any of the port. Please help to clear it.
  Setup
  Cisco 6500 -- Cisco 4500 -- Cisco3560 -- Cisco 3560
  Cisco 6500
  CORE_SW#show spanning-tree root detail
  VLAN0001
    Root ID    Priority    24577
               Address     0025.84d9.ac80
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  VLAN0002
    Root ID    Priority    24578
               Address     0025.84d9.ac80
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  Cisco 3560 Second
  Access#show spanning-tree root de
  VLAN0001
    Root ID    Priority    24577
               Address     0025.84d9.ac80
               Cost        16
               Port        28 (GigabitEthernet0/4)
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  VLAN0002
    Root ID    Priority    32770
               Address     000a.b8ff.be00
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  Here, I have not assigned any port in vlan 2 and this is showing root bridge for vlan 2. In which cases such thing can happen?
  Thank You,
  Abhisar.

  By default, Cisco switches run one spanning tree instance per VLAN and negotiate the topology with other connected switches. If your 3560 believes it is the root for VLAN 2 and there are no ports using VLAN 2, it will consider itself the to be the root because it hasn't been able to negotiate a topology for this VLAN with any other devices. This is normal. Once ports are connected to VLAN 2 and the 3560 can talk to the other switches, the spanning tree will be renegotiated and should behave as you expect.
  If you want to have a single spanning tree topology for all VLANs and avoid this behaviour, consider moving to a single-instance MSTP configuration.

• Root Bridge vs. AP

  I presently have a point to multi-point wireless network using an AP350 at the wired central connection point. I would like to upgrade the access point with a BR1310. Should I configure the BR1310 as an AP or as a root Bridge? There are about a dozen client locations which use both BR1310s (presently in WGB mode) and WGB350s to connect to the central AP. I beleive that the 1310's and the WGB350s are all compatible with the central BR1310 as either an AP or a Root Bridge. Is there any advantage to using the central BR1310 configured as a root bridge versus an AP? The path length from the central point to the clients is about 12 miles. Thanks.

  this link answers some questions about the WGB
  http://www.cisco.com/warp/public/102/wlan/workgroup-bridge-faq.pdf
  which the following is one.
  With which devices can a Workgroup Bridge associate?
  Workgroup Bridge to Access Point (AP)
  Workgroup Bridge to Bridge (in AP mode)
  Workgroup Bridge to Base Station (in AP mode)
  Workgroup Bridge to AP in repeater mode, if the repeater is associated with a root AP
  hope this helps.
  Bill

• 1230AG non-root bridge not associating

  Hello everyone,
  I am new at setting up root and non-root bridges. I am trying to set-up three 1230ag devices.
  One as the root and the othe two as non-root, I copied the config txt from the root and
  copied that into the two I am going to use for the non-root. That way the ssid's are the
  same. When I set the role to non-root the radio is not enabled and I get a message saying
  Interface Dot11Radio0,cannot associate:No Response
  Does any know what I am doing wrong, and how to fix it
  Thanks

  The radio interface will go down in response to being configured as a non-root bridge, so that much is working.  But there must be a configuration error if it won't associate.  Can you post the configs so we can review them?
  Are the bridges mounted, or are they on your desk?

• Using root bridge as a fallback radius server for WPA and EAP

  From reading the different documentation out there, it seems that one should be able to configure a root bridge as a fallback radius server in case a primary radius server were to be unreachable. Has anyone encountered this situation? And could they share the steps and configuration statements to apply the bridges (1310 or 1410) in order to make this happen?
  Many Thanks and Regards,
  Giles -

  Yes, you have to first configure a root bridge as a fallback radius server in case a primary radius server were to be unreachable

• Root Bridge can see NonRoot Bridges but does not Associate

  This is a point-to-multipoint bridging LAN for networking eight serial devices (air quality monitors) to a central Windows box for real-time wireless data acquisition.  Thus far, I have configured a single Aironet 1310 as the root bridge (RB:  150.100.0.2, 255.255.0.0) at the Windows box (PC: 150.100.0.1, 255.255.0.0) and three Aironet 1310s as non-root bridges (NRB1:  150.100.0.3; NRB2:  150.100.0.4; NRB3:  150.100.0.5).  When the system's working, each of the NRBs will connect to an ethernet-to-serial device server with its own IP, and the serial devices will connect to the device servers as COM2-COM9, respectively.  Each node in this network has an external antenna, an omni at the RB and directional/Yagi antennae at the NRBs.  Distances are short, hundreds of meters, so power will not be the limiting factor.  (We could have done this with Zigbee but decided to overdesign for reliability.)
  After assigning IP addresses to all four bridges using the command-line interface, and with the RB connected to an ethernet hub/switch, we configured each of the NRBs by connecting them to the same hub/switch and using the browser interface.  We used the document at
  http://www.cisco.com/application/pdf/paws/68087/bridges_pt_to_pt.pdf
  and followed it to the letter to configure first the RB, then the NRBs.
  After configuring all four bridges, and while all four were still hard-wired together through the hub/switch, all four bridges showed the proper associations in the "State" column of the web interface under "Association."  To test the wireless links we disconnected the three NRBs from the hub/switch by removing the ethernet cables, leaving the RB connected to the hub/switch (naturally) to maintain connection to the host PC.  We then refreshed all associations.
  On the RB web interface, all three NRBs showed up with the proper IP addresses, but the "State" fields showed "Attempting Association" or something like that rather than "EAP-Associated."
  All three NRB web interfaces disappeared because the links were lost.  I tried to PING each of the IP addresses using a DOS command, but all three timed out.
  So, in short, the RB can "see" all three NRBs and "knows" they're there; but the association does not complete.  What are my options for diagnosing the problem?
  Thanks in advance...
  Brent Auvermann
  Amarillo, TX

  Chieu Dinh,
  For the non-root bridge, is there a way to set the scan? I can see in the log file shows that the scan is starting when I changed from Install to non-root bridge. Once I am on the non-root bridge role, I don't see any more the log for scanning.
  I don't know about any command that controls the scanning interval when the bridge is in non-root mode. I also don't think it logs every time it goes into a scan cycle because I think they're pretty close together, maybe at most a few seconds.
  My question is "is there some ways that I can initiate the scan on the non-root bridge?
  You can shut/no-shut the non-root bridge radio interface. Every time you do this it intiates a new scan immediately.
  can I use the "parent" command on the point-to-multipoint environment?
  As far as I know, yes. I think the only mode parent doesn't work in is repeater mode. For repeaters, you don't configure a list of parents, you only configure one single MAC peer.
  An added thought: if you are having trouble with the bridge link coming up, then there is likely either a signal or a configuration issue (and chasing the scan interval probably won't net you any solutions). I've found that a great way to narrow the troubleshooting is to configure the bridges on the ground at close range (maybe 50-100 feet apart, not right up against each other) to control for signal. Once you have a working configuration and you know for sure that the bridges will come up, then install them in your outdoor locations. Keep in mind that when outdoors, a lot of factors can play into signal claritiy and usability (trees/foliage, distance, LOS/fresnel, earth curvature, weather, noise and interference, etc.). Also, unfortunately for the 1310s, the 2.4GHz space is really congested in most populated areas so they are not a reliable solution unless you're out in the country. Always survey first.
  Justin

• AP1242G Point-to-Point Bridge Configuration

  Hi,
  I have two Cisco AP 1242G and i'm trying to configurate a Point-to-Point Bridge Configuration to connect two wired LAN. Figure 1.8
  http://www.cisco.com/en/US/docs/wireless/access_point/1300/installation/guide/130h_c1.html
  I would connect two wired networks.
  I tryed two configurations:
  Root and Non-Root AP. This way every wired PC on the Root AP can connect to the Access points, but cannot connect to the wired PC on the Non-Root AP.
  AP and WGB. Even this way the wired computers on one AP cannot connect to the wired PC on the WGB. This way only the wireless client can connect to the wired network.
  Any advise? This is my network:
  Root Bridge                                 Non Root Bridge
  10.0.0.1                                      10.0.0.2
  Wired clients on the RB                Wired clients on the Non RB
  10.0.0.100                                   10.0.0.200

  Thank you for the answer.
  Root bridge:
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap1
  enable secret 5 $1$z4Wo$o9KqD9KSFmKFg62JiPVPU/
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 syslog
  dot11 ssid Bridge
     authentication open
     guest-mode
     infrastructure-ssid
  dot11 network-map
  username Cisco password 7 13261E010803
  username 003a999f3dc0 password 7 15425B5F0573727D2E60312143
  username 003a999f3dc0 autocommand exit
  username c89c1ddac8cc password 7 13064F4B085D002E2A27703036
  username c89c1ddac8cc autocommand exit
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid Bridge
  antenna gain 6
  speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
  channel 2422
  station-role root bridge
  distance 1
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.0.0.1 255.255.255.0
  no ip route-cache
  ip default-gateway 10.0.0.1
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server local
    no authentication eapfast
    no authentication leap
  radius-server attribute 32 include-in-access-req format %h
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 0 4
  end
  Non-root Bridge:
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap2
  enable secret 5 $1$z4Wo$o9KqD9KSFmKFg62JiPVPU/
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 syslog
  dot11 ssid Bridge
     authentication open
     guest-mode
     infrastructure-ssid
  dot11 network-map
  username Cisco password 7 13261E010803
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid Bridge
  antenna gain 6
  speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
  station-role non-root bridge
  mobile station scan 2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467 2472
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.0.0.2 255.255.255.0
  no ip route-cache
  ip default-gateway 10.0.0.2
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server attribute 32 include-in-access-req format %h
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 0 4
  end

• Non-root bridges associating with each other.

  We have a point to multi-point bridge setup with 3 BR1310s. One is set to be a root bridge and the other two are set to be non-root bridges. From past experience (not to mention Cisco documentation) I would expect the 2 non-roots to associate to the root. What is happening is that one of the non-roots associates with the root and the other non-root associates with the first non-root. The good bit is that everything still works, the puzzling bit is why this is happening, the bridges are physically in a V pattern so there's no reason for the second non-root to behave as it is, even if we force it off the first non-root it just jumps right back in there again. Bridges are all running 12.3.4-JA.

  Configurations of both non-root bridges attached. I've just found out that the customer has mounted the second non-root bridge in such a way that there is probably no line of site to the root bridge (failing to follow clear instructions!) which explains why we can't get it to associate with the root bridge but doesn't explain how it can associate with the other non-root. The only thing I can think of is that both are "non-root with clients" and the second bridge is being accepted as a client rather than a bridge.

• Set Up of Backup Root Bridge (for resilience purpose)

  Hi,
  I've a wireless link with 2 Aironet 1240, one as Root Bridge connected to backbone network, the other one as Non Root Bridge.
  I would like to setup another Aironet 1240 as Root Bridge with backbone network connection for resilience purpose, any special parameters need to be taken care of?
  Will I need to configure the 'Root Parent Timeout Value' & 'Root Parent MAC'?
  Thanks.

  Yes you can configure parent in this and you are right.. Configure parent with the MAC address.. your Parent Number will decide which one is promary and which one is backup..
  Example..
  parent 1 1111.1111.1111
  parent 2 3333.3333.3333
  In this case.. the Non Root will try to associate to Parent 1 , if this fails then this goes to parent 2..
  Lemme know if htis answered your question
  Regards
  Surendra