Configurare un workgroup bridge

In questo esempio andremo a vedere come si configura un link wi-fi per fornire connettività ad un sito remoto che ad esempio per problemi di distanza non può essere collegato via fibra o rame.
Lo scenario è il seguente:

Gli access point utilizzati sono Cisco Aironet serie 1230 autonomi (con IOS).

L'access point connesso alla rete della sede principale sarà configurato come Root Bridge mentre quello connesso alla sede periferica sarà configurato come non-root bridge.

In questo esempio farò transitare anche alcune vlan sul link in quanto è lo scenario più plausibile, tralascerò la parte di configurazione inerente gli switch.

• ROOT BRIDGE:

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ROOT_AP

!

enable secret 5 $1$6RKg$Q3uLeehEPwAbW3hTCEJvF/

!

ip subnet-zero

ip name-server 8.8.8.8

!

!

no aaa new-model

!

dot11 ssid bridge

   vlan 1

   authentication open 

   authentication key-management wpa

   infrastructure-ssid

   wpa-psk ascii RadioGaGa

!

!

!

username Cisco password system

!

bridge irb

!

!

interface Dot11Radio0

 no ip address

 no ip route-cache

 !

 encryption mode ciphers tkip 

 !

 encryption vlan 1 mode ciphers tkip 

 !

 ssid bridge

 !

 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

 channel 2412

 station-role root bridge

# in this example I used a yagi antenna, so the transmit-receive is the right connector

 antenna receive right

 antenna transmit right

!

interface Dot11Radio0.1

 encapsulation dot1Q 1 native

 no ip route-cache

 bridge-group 1

 bridge-group 1 spanning-disabled

!

interface Dot11Radio0.182

 encapsulation dot1Q 182

 no ip route-cache

 bridge-group 182

 bridge-group 182 spanning-disabled

!

interface Dot11Radio0.199

 encapsulation dot1Q 199

 no ip route-cache

 bridge-group 199

 bridge-group 199 spanning-disabled

!

interface FastEthernet0

 no ip address

 no ip route-cache

 duplex auto

 speed auto

 no keepalive

 hold-queue 160 in

!

interface FastEthernet0.1

 encapsulation dot1Q 1 native

 ip address 192.168.1.100 255.255.255.0

 no ip route-cache

 bridge-group 1

 bridge-group 1 spanning-disabled

!

interface FastEthernet0.182

 encapsulation dot1Q 182

 no ip route-cache

 bridge-group 182

 bridge-group 182 spanning-disabled

!

interface FastEthernet0.199

 encapsulation dot1Q 199

 no ip route-cache

 bridge-group 199

 bridge-group 199 spanning-disabled

!

interface BVI1

 no ip address

 no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

login local

line vty 0 4

 login local

!

end       

• NON-ROOT BRIDGE

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname NONROOT_AP

!

enable secret 5 $1$h/2F$7ozWBC.X9QPnSx1G2kRu3/

!

ip subnet-zero

ip name-server 8.8.8.8

!

!

no aaa new-model

!

dot11 ssid bridge

   vlan 1

   authentication open 

   authentication key-management wpa

   infrastructure-ssid

   wpa-psk ascii RagioGaGa

!

!

!

username Cisco password system

!

bridge irb

!

!

interface Dot11Radio0

 no ip address

 no ip route-cache

 !

 encryption mode ciphers tkip 

 !

 encryption vlan 1 mode ciphers tkip 

 !

 ssid bridge

 !

 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

 station-role non-root bridge

!

interface Dot11Radio0.1

 encapsulation dot1Q 1 native

 no ip route-cache

 bridge-group 1

 bridge-group 1 spanning-disabled

!

interface Dot11Radio0.182

 encapsulation dot1Q 182

 no ip route-cache

 bridge-group 182

 bridge-group 182 spanning-disabled

!

interface Dot11Radio0.199

 encapsulation dot1Q 199

 no ip route-cache

 bridge-group 199

 bridge-group 199 spanning-disabled

!

interface FastEthernet0

 no ip address

 no ip route-cache

 duplex auto

 speed auto

!

interface FastEthernet0.1

 encapsulation dot1Q 1 native

 ip address 192.168.1.200 255.255.255.0

 no ip route-cache

 bridge-group 1

 bridge-group 1 spanning-disabled

!

interface FastEthernet0.182

 encapsulation dot1Q 182

 no ip route-cache

 bridge-group 182

 bridge-group 182 spanning-disabled

!

interface FastEthernet0.199

 encapsulation dot1Q 199

 no ip route-cache

 bridge-group 199

 bridge-group 199 spanning-disabled

!

interface BVI1

 no ip addressip address 

 no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

login local

!

line vty 0 4

 login local

end

E' importante ricordare che i parametri fondamentali affinché avvenga l'associazione sono : la cifratura, il canale , il ruolo dell'access point e l'SSID.

Un utile comando per verificare l'autenticazione è: show dot11 associations

ROOT_AP#show dot11 associations 

802.11 Client Stations on Dot11Radio0: 

SSID [test] : 

MAC Address    IP address              Device        Name                    Parent         State     

0013.c49b.f860 192.168.1.200     11g-bridge    NONROOT_AP       self           Assoc