This was a slightly different configuration that the posts I have done before on point-to-point bridges between to APs. I think I actually prefer this config better, as I had no problems with this config at all. Below, you can see my line of sight from where my antenna was on my side (right on the outside wall from where I am) to the other side (in the top window in the left corner). The trees would have posed a problem if they were directly in between, but as you can see, its a clear shot. See below my configs for this mesh point-to-point bridge.
Portal Side:
! Configuration of BR7131 version 5.4.1.0-020R
!
!
version 2.1
!
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
firewall-policy default
no ip dos tcp-sequence-past-window
no stateful-packet-inspection-l2
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
wlan none
ssid none
vlan 1
bridging-mode tunnel
encryption-type tkip
authentication-type none
no broadcast-ssid
no answer-broadcast-probes
wpa-wpa2 psk 0 Passkey
wireless-client count-per-radio 0
!
wlan turnonradio
ssid turnonradio
vlan 1
bridging-mode tunnel
encryption-type tkip
authentication-type none
no broadcast-ssid
no answer-broadcast-probes
wpa-wpa2 psk 0 Passkey
wireless-client count-per-radio 0
!
smart-rf-policy mcx
smart-ocs-monitoring meshpoint 5GHz MPACS
smart-ocs-monitoring meshpoint 2.4GHz MPACS
!
!
management-policy default
no http server
https server
ssh
user admin password 1 4f88cdf3042d08b499b95e6954408123adfe65046bc95eee761ca0b631a2d433 role superuser access all
no snmp-server manager v2
snmp-server community 0 public ro
snmp-server community 0 private rw
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
banner motd Brocade Mobility Wireless
!
l2tpv3 policy default
!
profile br71xx default-br71xx
bridge vlan 1
bridging-mode tunnel
ip igmp snooping
ip igmp snooping querier
bridge vlan 500
bridging-mode tunnel
ip igmp snooping
ip igmp snooping querier
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
interface radio1
wlan none bss 1 primary
interface radio2
power 30
placement outdoor
mesh portal
mesh psk 0 Passkey
wlan turnonradio bss 1 primary
interface radio3
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,500
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface ge2
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface vlan1
ip address 192.168.1.4/24
ip address zeroconf secondary
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
service pm sys-restart
router ospf
!
rf-domain mcx
location somewhere
timezone Etc/GMT-6
country-code us
!
br71xx 74-8E-F8-88-39-9C
use profile default-br71xx
use rf-domain mcx
hostname PortalAP
country-code us
ip default-gateway 192.168.1.1
interface radio1
rf-mode 2.4GHz-wlan
channel smart
power smart
data-rates default
placement indoor
no mesh
mesh psk 0 default-mesh-psk
no preamble-short
interface radio2
rf-mode 5GHz-wlan
channel 60
power 30
placement outdoor
mesh portal
mesh psk 0 Passkey
no preamble-short
antenna-mode default
interface ge1
interface ge2
interface vlan1
ip address 192.168.1.4/24
logging on
logging console warnings
logging buffered warnings
!
!
end
PortalAP#
========================================================================
Client Side:
! Configuration of BR7131 version 5.4.1.0-020R
!
!
version 2.1
!
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
firewall-policy default
no ip dos tcp-sequence-past-window
no stateful-packet-inspection-l2
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
wlan turnonradio
ssid turnonradio
vlan 1
bridging-mode tunnel
encryption-type tkip
authentication-type none
no broadcast-ssid
no answer-broadcast-probes
wpa-wpa2 psk 0 Passkey
wireless-client count-per-radio 0
!
smart-rf-policy mcx
smart-ocs-monitoring meshpoint 5GHz MPBridge-Bridge
smart-ocs-monitoring meshpoint 2.4GHz MPBridge-Bridge
!
!
management-policy default
no http server
https server
ssh
user admin password 1 6c6333d2e71a9d96b882955c615bde8a34a589307f522ee1652d7ddcd192fb1d role superuser access all
no snmp-server manager v2
snmp-server community 0 public ro
snmp-server community 0 private rw
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
banner motd Brocade Mobility Wireless
!
l2tpv3 policy default
!
profile br71xx default-br71xx
bridge vlan 1
bridging-mode tunnel
ip igmp snooping
ip igmp snooping querier
bridge vlan 500
bridging-mode tunnel
ip igmp snooping
ip igmp snooping querier
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
interface radio1
interface radio2
power 30
mesh client
mesh psk 0 Passkey
wlan turnonradio bss 1 primary
interface radio3
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,500
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface ge2
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface vlan1
ip address 192.168.1.8/24
ip address zeroconf secondary
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
service pm sys-restart
router ospf
!
rf-domain mcx
location somewhereelse
timezone Etc/GMT-6
country-code us
use smart-rf-policy mcx
!
br71xx 74-8E-F8-88-34-CC
use profile default-br71xx
use rf-domain mcx
hostname ClientAP
country-code us
ip default-gateway 192.168.1.1
interface radio1
rf-mode 2.4GHz-wlan
channel smart
power smart
data-rates default
placement indoor
no mesh
mesh psk 0 default-mesh-psk
no preamble-short
antenna-mode default
interface radio2
rf-mode 5GHz-wlan
channel 60
power 27
placement outdoor
mesh client
mesh psk 0 Passkey
interface ge1
interface ge2
interface vlan1
ip address 192.168.1.8/24
logging on
logging console warnings
logging buffered warnings
!
!
end
ClientAP#
This is the retired Shane Killen personal blog, an IT technical blog about configs and topics related to the Network and Security Engineer working with Cisco, Brocade, Check Point, and Palo Alto and Sonicwall. I hope this blog serves you well. -- May The Lord bless you and keep you. May He shine His face upon you, and bring you peace.
Subscribe to:
Post Comments (Atom)
Forgive me but how is it Mesh-less if they are in Portal-Client mode?
ReplyDeleteYou are right. It is a mesh. Im going to change this now. Thanks for pointing that out.
Delete