WDS is a part of the Cisco Structured Wireless Aware Network (SWAN). WDS is a collection of Cisco IOS Software features that enhance WLAN client mobility, and simplify WLAN deployment and management.
What is WDS?
A. WDS is a part of the Cisco Structured Wireless Aware Network (SWAN). WDS is a collection of Cisco IOS® Software features that enhance WLAN client mobility, and simplify WLAN deployment and management. WDS is a new feature for access points (APs) in Cisco IOS Software, and the basis of the Cisco Catalyst 6500 Series Wireless LAN Services Module (WLSM). WDS is a core function that enables other features, such as:
Fast secure roaming (FSR)
Wireless LAN Solution Engine (WLSE) interaction
Radio management (RM)
Before the operation of any other WDS-based features, you must establish relationships between the APs that participate in WDS and the device that is configured as the WDS. One of the main purposes of WDS is to cache the user credentials as soon as the authentication server authenticates the client for the first time. On subsequent attempts, WDS authenticates the client on the basis of the cached information.
When you configure Wireless Domain Services on your network, access points on your wireless LAN use the WDS device (either an access point, an Integrated Services Router, or a switch configured as the WDS device) to provide fast, secure roaming for client devices and to participate in radio management. If you use a switch as the WDS device, the switch must be equipped with a Wireless LAN Services Module (WLSM). An access point configured as the WDS device supports up to 60 participating access points, an Integrated Services Router (ISR) configured as the WDS devices supports up to 100 participating access points, and a WLSM-equipped switch supports up to 600 participating access points and up to 240 mobility groups.
Note A single access point supports up to 16 mobility groups.
Fast, secure roaming provides rapid reauthentication when a client device roams from one access point to another, preventing delays in voice and other time-sensitive applications.
Access points participating in radio management forward information about the radio environment (such as possible rogue access points and client associations and disassociations) to the WDS device. The WDS device aggregates the information and forwards it to a wireless LAN solution engine (WLSE) device on your network.
Role of the WDS Device
The WDS device performs several tasks on your wireless LAN:
Advertises its WDS capability and participates in electing the best WDS device for your wireless LAN. When you configure your wireless LAN for WDS, you set up one device as the main WDS candidate and one or more additional devices as backup WDS candidates. If the main WDS device goes off line, one of the backup WDS devices takes its place.
Authenticates all access points in the subnet and establishes a secure communication channel with each of them.
Collects radio data from access points in the subnet, aggregates the data, and forwards it to the WLSE device on your network.
Acts as a pass-through for all 802.1x-authenticated client devices associated to participating access points.
Registers all client devices in the subnet that use dynamic keying, establishes session keys for them, and caches their security credentials. When a client roams to another access point, the WDS device forwards the client's security credentials to the new access point.
Table 12-1 Participating Access Points Supported by WDS Devices
Unit Configured as WDS Device
Participating Access Points Supported
Access point that also serves client devices
Access point with radio interfaces disabled
Integrated Services Router (ISR)
100 (depending on ISR platform)
In order to use WDS, you must designate one AP or the WLSM as the WDS.
A WDS AP must use a WDS user name and password to establish a relationship with an authentication server.
Other APs, called infrastructure APs, communicate with the WDS. Before registration occurs, the infrastructure APs must authenticate themselves to the WDS. An infrastructure server group on the WDS defines this infrastructure authentication.
The infrastructure devices (WDS AP and the other APs which participate in WDS) authenticate using LEAP authentication. To authenticate the WDS AP and the infrastructure APs we need to use either the Cisco Secure ACS server or create a local Radius server on the WDS AP. Microsoft IAS server does not support LEAP and hence cannot be used to authenticate the WDS APs.
The document Wireless Domain Services Configuration provides a configuration example to configure WDS using Cisco Secure ACS for Infrastructure AP authentication and for Client Authentication.
Hello, Anyone can explain the picture of AP signal. The picture shows signals strength in different angles so that we can know how strong the signal is at different angle. Do you think the picture show signal strength at some distance away from the AP? Fo...
We currently have a Cisco WLC 4402 with approximately 50 Aironet 1142 APs . When we we provision an AP both our guest and secure wlans are automatically setup on the APs. Is there a way or configuration where we could have certain APs "not" have the secur...
Hello, I'm using network environment based on AIR-AP3802I-E-K9 with WLC 5529 220.127.116.11. Could someone please tell me why some client devices which are using 2.4Ghz associating with AP only based on 802.11g?I've in NIC requirements tha...
i have tried to search everywhere without been able to get a real answer, does the vWLC (Cisco Virtual Wireless Controller) support the 802.11ac Radio Module installed on the 3600 and 3700 Cisco AP´s ?i can see the M module mentioned on the compatibi...
Hi,We have Catalyst 9800-40 WLC , and we are facing the issue "Two Access Points with same name are not able to join controller "I tried to add new access points . Initially APs joined controller and their MAC ID was shown in Access point list. ...