Hello Alona,
There is the root AP conf example:
!
! Configuration of AP7131 version 5.8.4.0-034R
!
!
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos smurf
no ip dos twinge
no ip dos invalid-protocol
no ip dos router-advt
no ip dos router-solicit
no ip dos option-route
no ip dos ascend
no ip dos chargen
no ip dos fraggle
no ip dos snork
no ip dos ftp-bounce
no ip dos tcp-intercept
no ip dos broadcast-multicast-icmp
no ip dos land
no ip dos tcp-xmas-scan
no ip dos tcp-null-scan
no ip dos winnuke
no ip dos tcp-fin-scan
no ip dos udp-short-hdr
no ip dos tcp-post-syn
no ip dos tcphdrfrag
no ip dos ip-ttl-zero
no ip dos ipspoof
no ip dos tcp-bad-sequence
no ip dos tcp-sequence-past-window
no ip-mac conflict
no ip-mac routing conflict
dhcp-offer-convert
no stateful-packet-inspection-l2
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
wlan TEST
ssid TEST
vlan 1
bridging-mode local
encryption-type tkip-ccmp
authentication-type none
no broadcast-ssid
no answer-broadcast-probes
wpa-wpa2 psk 0 XXXXXXXXXX
use ip-access-list out BROADCAST-MULTICAST-CONTROL
use mac-access-list out PERMIT-ARP-AND-IPv4
shutdown on-primary-port-link-loss
!
meshpoint mesh1
meshid mesh1
beacon-format mesh-point
control-vlan 1
allowed-vlans 1
security-mode psk
wpa2 psk 0 XXXXXXXXXX
root
!
!
management-policy default
telnet
no http server
https server
ssh
user admin password 1 82728d2cd05b08c2855b163cb0484fed7237a89c0691557d43b5a6c77e68b4fd role superuser access all
no snmp-server manager v3
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
l2tpv3 policy default
!
profile ap71xx default-ap71xx
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
interface radio2
interface radio3
interface ge1
interface ge2
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
!
rf-domain default
timezone Etc/GMT+2
country-code il
!
ap71xx XX-XX-XX-XX-XX-XX
radio-count 2
use profile default-ap71xx
use rf-domain default
hostname AP2-root
license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
no adoption-site
ip default-gateway 172.XX.XX.254
interface radio1
wlan TEST bss 1 primary
meshpoint mesh1 bss 2
interface radio2
interface vlan1
ip address 172.XX.XX.202/24
ip address zeroconf secondary
no logging console
meshpoint-device mesh1
monitor primary-port-link action no-root
service meshpoint loop-prevention-port ge1
!
!
end
On the other side is the non root AP.
Can you point me what may improve the stability of the mint links?
Thanks,
Aviv