This document describes How to configure a Cisco IOS AP to operate as a "WDS Master AP" which authenticates infrastructure AP's using LEAP authentication, via a local RADIUS server configuration. This document does not cover using a WLAN Service Module or using the WDS for radio management; only AP and Client authentication.
We will start by preparing the AP for a local RADIUS server role, adding applicable radius “clients”, such as the WDS master and other participating infrastructure APs. We will also tell our AP's, including the master, what radius server hosts it needs to communicate with and necessary attributes. If you are authenticating Clients to an external server, we can designate that in the configuration since the IOS AP local RADIUS is limited to MAC, LEAP, or EAP-FAST authentication. We will also specify a username used for LEAP authentication that will be added to all AP's, master and infrastructure, for performing local EAP authentication at the WDS Master.
AP with Cisco IOS Software Release 12.3(2)JA2 or later.
For external client authentication: Cisco ACS, Microsoft 2003 running IAS or 2008 R2 running NPS.
Current Configuraiton on AP
We are presuming for the AP(s) the following current config...
External NPS Server
WDS Master Configuration
[Turn on AAA feature set]
(config)# aaa new-model
[Create AAA server groups for Infrastructure and Client authentication. These will be referenced by our AAA login lists]
(config)# aaa group server radius Infrastructure
(config-sg-radius)# server 10.10.10.xx auth-port 1812 acct-port 1813
(config)# aaa group server radius Client
(config-sg-radius)# server 10.10.20.yy auth-port 1812 acct-port 1813
[Set AAA login lists, infrastructure and client, to use groups created above. These lists will be referred to by the SSID for the open and network-eap authentication]
(config)# aaa authentication login method_Infrastructure group Infrastructure
(config)# aaa authentication login method_Client group Client
[Configure AP for local RADIUS server to authenticate other WDS infrastructure AP's via LEAP]
(config)# radius-server local
[Remove other authentication methods as we will use LEAP for our infrastructure authentication and NPS will be handling our client's authentication]
(config-radius)# no authentication eapfast
(config-radius)# no authentication mac
[Define RADIUS client devices and shared secret: External RADIUS server, WDS Infrastructure APs and the local WDS Master AP. We are using the shared secret of “Cisco” for the WDS side]
(config-radius)# nas 10.10.10.xx key 0 Cisco
(config-radius)# nas 10.10.20.yy key 0 Cisco
[Create username/password for LEAP authentication f WDS APs. Username: Cisco / Password: TEST]
(config-radius)# user Cisco password TEST
[Define RADIUS server hosts, ports, and shared secret that the WDS master will use]
Hello, My AP02 is configured as repeater, and my device/iphone is associated on that AP02#show dot11 associationsMAC Address IP address IPV6 address Device Name Parent State3c2e.ffb5.d20c 192.168.1.20 2A01:E34:EC08:8F70:FF0B:A1FF:FE16:13EE unknown - ...
Hi everyone, Recently i got to implement Catalyst 9800 wireless controller and facing a lot of configuration difference with aireos based WLC. One of them is the difference for configurating Local Device Mac Filtering. In the old Aireos based WLC you...
JQUERY <3.5Our security team has informed us that the 3504 running 8.10.130 is showing as vulnerable for the issue identified in CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sour...
Hello!After long thinking I really want to understand the reason for behavior bellow. Many times when I test wireless speed I notice that download speed to client slower than upload from client to Access Point.Most of the time I try it in Cisco infra...
HelloI have only one access point outdoor with 4 antenne omnidirectionnel and near c two GSM antenna ...So throughput is not stable and Always low !!!I want to know what's paramater (s) that allow increase throughput ( débit) .Power level , width Channel ...