Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
4180
Views
10
Helpful
1
Comments

Configuring WDS via CLI - Configuration Example

Rajan Parmar
Cisco Employee
Cisco Employee

‎10-13-2011 02:22 PM - edited ‎11-18-2020 02:55 AM

 

 

Introduction

 

 

Following is the step by step procedure to register an Infrastructure AP with the WDS AP.

 

Example

 

In this Example the same AP is the Infrastructure AP and the WDS AP. After completion of these steps, you should have an Infra AP registered with the WDS AP.

 

These steps do not do anything for the clients.

 

 

Define a Radius Server

-----------------------

radius-server host 192.168.28.22 auth-port 1812 acct-port 1813 key 7 111A1C0605171F

 

Set the Priority for the Radius Server

--------------------------------------

aaa authentication login eap_methods group rad_eap

 

aaa group server radius rad_eap

server 192.168.28.22 auth-port 1812 acct-port 1813

 

Create a username and password for the Infrastructure AP

---------------------------------------------------------

wlccp ap username infra password 7 030D550D140E

 

Make the AP as the WDS Server with priority as 254

---------------------------------------------------

wlccp wds priority 254 interface BVI1

 

Create the Authentication Profile for Infrastructure APs

---------------------------------------------------------

wlccp authentication-server infrastructure method_AuthenticationProfileForInfraAPs

aaa authentication login method_AuthenticationProfileFor group AuthenticationProfileForInfraAPs

aaa group server radius AuthenticationProfileForInfraAPs server 192.168.28.22 auth-port 1812 acct-port 1813

 

 

Inform the Local Radius Server

that he may get authentication request from a NAS

(that we know will be the InfraAP. The InfraAP is within this AP. IP of this AP is 192.168.28.22)

-------------------------------------------------------------------------------------------------

radius-server local

  nas 192.168.28.22 key 7 111A1C0605171F

 

Enter the username sent by the Infra AP

in the Local Radius Server, that the Infra AP will send , in its authentication request

--------------------------------------------------------------------------------------------------------------------------------

radius-server local

user infra text 7 password

 

 

Create an SSID

titled, 'SSID'. Set it for Open Authentication, and map it to VLAN 1

------------------------------------------------------------------------------------

dot11 ssid SSID

   vlan 1

   authentication open

 

authenticated via a flavor of EAP

 

You want the clients using SSID to get authenticated via a flavor of EAP

-------------------------------------------------------------------------

 

dot11 ssid SSID

   vlan 1

   authentication open eap eap_methods

 

authenticated via a MAC Authentication

 

You want the clients using SSID to get authenticated via a MAC Authentication:

------------------------------------------------------------------------------

 

dot11 ssid SSID

   vlan 1

   authentication open mac-address mac_methods

 

authenticated via a EAP and MAC Authentication

 

You want the clients using SSID to get authenticated via a EAP and MAC Authentication:

--------------------------------------------------------------------------------------

dot11 ssid SSID

   vlan 1

   authentication open mac-address mac_methods eap eap_methods

 

authenticated via a EAP or MAC Authentication

 

You want the clients using SSID to get authenticated via a EAP or MAC Authentication:

--------------------------------------------------------------------------------------

dot11 ssid SSID

   vlan 1

   authentication open mac-address mac_methods alternate eap eap_methods

 

SSID to be marked as an Infrastructure SSID

 

You want the SSID to be marked as an Infrastructure SSID, and to force the infrastructure clients to associate only to this SSID:

---------------------------------------------------------------------------------------------------------------------------------

 

dot11 ssid SSID

   infrastructure-ssid

 

Configure username for the Infrastructure Device

-------------------------------------------------

dot11 ssid SSID

    authentication client username EAPClient password 7 105E080A16001D1908

 

authenticated via network eap

 

You want the clients using SSID to get authenticated via network eap:

---------------------------------------------------------------------

dot11 ssid SSID

    authentication network-eap eap_methods

 

data to be encrypted via WPA authenticated Key Management

 

You want the client's data to be encrypted via WPA authenticated Key Management:

--------------------------------------------------------------------------------

dot11 ssid SSID

   authentication key-management wpa

 

client's to be authenticated via WPA-PSK

 

You want the client's to be authenticated via WPA-PSK:

------------------------------------------------------

dot11 ssid SSID

   wpa-psk ascii 7 06575D72181B5F4E5D

 

Setting Encryption as TKIP on VLAN 1

-------------------------------------

interface Dot11Radio0

   encryption vlan 1 mode ciphers tkip

 

Reference

 

Configuring WDS, Fast Secure Roaming, and Radio Management

Comments
Vinay Sharma
Level 7
Level 7
‎11-01-2011 05:09 AM

thanks for sharing this useful info.

Vinay Sharma

Community Manager- Wireles

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents