Friday, June 15, 2012

How To Configure A Brocade 7131 Portal/Client Wireless (Mesh) Bridge In CLI

I always prefer CLI over GUIs any day.  When it comes to Brocade wireless, I have had one really great teaching resource somewhat in my area that has really helped me out a lot.  That is something I really appreciate. So, I wanted to post two CLI configs of a wireless bridge using 7131s, and highlight some important pieces of the config.  In this config, I have a bridge configured.  Also, wireless devices can connect to both of the APs, the portal and the client.
The items highlighted in YELLOW is the config for the wireless devices to connect to the AP.
The items highlighted in RED is the config for the bridge config on the AP.
First, here is the client side:
sh run
!
! Configuration of BR7131 version 5.2.0.0-069R
!
!
version 2.1
!
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 no stateful-packet-inspection-l2
!
igmp-snoop-policy default
 no igmp-snooping
 no querier
 unknown-multicast-fwd
!
!
mint-policy global-default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
wlan BOE       
 ssid BOE        
 vlan 1             
 bridging-mode local   
 encryption-type tkip-ccmp
 authentication-type none
 wpa-wpa2 psk 0 WIRELESSCLIENTPASSKEY    
!
wlan bridge-Bridge
 ssid bridge-Bridge
 vlan 1
 bridging-mode tunnel
 encryption-type tkip
 authentication-type none
 no client-client-communication
 wpa-wpa2 psk 0 PASSWORD
!
!
management-policy default
 no http server
 https server
 ssh
 user admin password  role superuser access all
 user operator password  role monitor access all
 no snmp-server manager v2
 snmp-server community public ro
 snmp-server community private rw
 snmp-server user snmpoperator v3 encrypted des auth md5 0 operator
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
 banner motd Brocade Mobility Wireless
!
profile br71xx default-br71xx
 autoinstall configuration
 autoinstall firmware
 interface radio1
 interface radio2
 interface radio3
 interface ge1
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface ge2
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface wwan1
 use firewall-policy default
 service pm sys-restart
!
rf-domain default
 timezone America/Chicago
 country-code us
!
br71xx XX-XX-XX-XX-XX-XX
 use profile default-br71xx
 use rf-domain default
 hostname br7131-XXXXX
 bridge vlan 1
  no edge-vlan
  bridging-mode tunnel
  ip arp trust
 interface radio1    
  power 27
  wlan BOE bss 1 primary
  preamble-short
  aggregation amsdu tx-rx
  rifs tx-rx
 interface radio2
  rf-mode 5GHz-wlan
  channel 60
  power 27
  data-rates default
  placement outdoor
  mesh client         <----- This command says that this AP is the 'client'
  mesh psk PASSWORD   
  wlan bridge-Bridge bss 1 primary
  no preamble-short
  antenna-mode 1x1
 interface ge1
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1,20
 interface ge2
 interface vlan1
  ip address 172.16.2.252/24
  ip dhcp client request options all
 logging on
 logging console warnings
 logging buffered warnings
!
!
end
br7131-XXXXX#

-------------------------

Now for the config of the 7131 portal side of the bridge.  Again, wireless devices do connect to this as well.
h run
!
! Configuration of BR7131 version 5.2.0.0-069R
!
!
version 2.1
!
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 no stateful-packet-inspection-l2
!
igmp-snoop-policy default
 no igmp-snooping
 no querier
 unknown-multicast-fwd
!
!
mint-policy global-default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
wlan BOE
 description BOE
 ssid BOE
 vlan 1
 bridging-mode local
 encryption-type tkip-ccmp
 authentication-type none
 wpa-wpa2 psk 0 WIRELESSCLIENTPASSKEY    
!
wlan bridge-Bridge
 ssid bridge-Bridge
 vlan 1
 bridging-mode tunnel
 encryption-type tkip
 authentication-type none
 no client-client-communication
 wpa-wpa2 psk 0 PASSWORD
!
!
management-policy default
 no http server
 https server
 ssh
 user admin password  role superuser access all
 user operator password  role monitor access all
 no snmp-server manager v2
 snmp-server community public ro
 snmp-server community private rw
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpoperator v3 encrypted des auth md5 0 operator
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
 banner motd Brocade Mobility Wireless
!
profile br71xx default-br71xx
 autoinstall configuration
 autoinstall firmware
 interface radio1
 interface radio2
 interface radio3
 interface ge1
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface ge2
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface wwan1
 use firewall-policy default
 service pm sys-restart
!
rf-domain default
 timezone America/Chicago
 country-code us
!
br71xx XX-XX-XX-XX-XX-XX
 use profile default-br71xx
 use rf-domain default
 hostname br7131-XXXXXX
 bridge vlan 1
  no edge-vlan
  bridging-mode tunnel
  ip arp trust
 interface radio1
  power 27
  wlan BOE bss 1 primary
  preamble-short
  aggregation amsdu tx-rx
  rifs tx-rx
 interface radio2
  description Mesh
  rf-mode 5GHz-wlan
  channel 60
  power 27
  data-rates default
  placement outdoor
  mesh portal     <----- This command says that this AP is the 'portal'
  mesh psk PASSWORD     
  wlan bridge-Bridge bss 1 primary
  no preamble-short
  antenna-mode 1x1
 interface ge1
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1,20
 interface vlan1
  ip address 172.16.2.251/24
  ip dhcp client request options all
 logging on
 logging console warnings
 logging buffered warnings
!
!
end
    br7131-XXXXXX#
Posted by

2 comments:

  1. JoeAugust 25, 2013 at 10:03 PM

    hello Shane,

    big fan of your site here. i like reading your posts. This one though i am in the process of using. I have a few 7131 i am testing a bridge on. We have a bridge running at customers site, setup by one of our other engineers, running on 802.11g trying to pass 8 IP cameras. Lets just say its not working so well. im using your config here on the 7131's and i am able to get the mesh link up, but not able to pass any packets.

    anything im missing?

    ReplyDelete
    Replies
    1. ShaneAugust 25, 2013 at 10:42 PM

      Hey Joe, thanks for reading the blog. I appreciate it. First thing I would do is double check the config on both sides. Make sure one side is the client and one side is the portal. If the config looks like the above, then double check the antennas, and make sure they are 1. plugged into the right radio side and 2. lined up appropriately according to the type of antenna. Keep in mind how that spreads out the signal, if its omnidirectional or unidirectional. Also, if the antennas are at two different heights, make sure you make the signal overlap with each other.
      If you feel like its an antenna issue, then run a constant ping with your laptop from the client side to the portal side. Once you get it lined up, to the best your eyesight can line it up, then you should see some pings.
      If you want to send me the configs, Ill be happy to give it a second lookover. Just send to shane.killen@gmail.com if you would like me to look it over. Thanks Joe.

      Delete

Your comment will be reviewed for approval. Thank you for submitting your comments.

Subscribe to: Post Comments (Atom)