Dear All, we have a Cisco WDS infrastructure with an ACS Radius Server. Do we have to add all infrastructure APs as AAA-Clients in ACS or should we only define the WDS Master AP and the WDS Backup AP as AAA-Clients ?
We thought it's better to add all APs as AAA-Clients for the Case the WDS devices should fail. Then the APs can authenticate against ACS directly. Is that reasoning correct ? Thanks.
You will only have to add the WDS devices themselves and not the infrastructure AP's. Basically the infrastructure AP's are authenticating to the WDS as clients, same as a wireless client would authenticate to the AP. The active WDS will be the only AP that will talk directly to the Radius server. All client authentications will be forwarded from the infrastructure AP to the WDS and then sent on to the Radius server.
thanks for your reply. Just one more question on this:
Suppose the WDS AP fails (and no backup WDS device exists)- then the complete WLAN would be dead because all the other APs can't forward AAA-requests to the Radius Server. Is that correct ?
Wouldn't it make sense to additionally define the APs as AAA-Clients on the Radius Server and enable AP Authentication to make sure that the APs will be authenticated as well either way (either through WDS or directly by the Radius Server in case WDS fails) ? Thanks to all for your appreciated feedback in this conceptional matter.
This tool is essentially used to generate basic and best practice configurations for the 9800 Controller. The basic configurations include Day 0 Config, Central and Local Webauth, Dot1x, PSK etc. The tool uses a GUI format to take input variables for the ...
The Workplace, Reimagined: Secure Network Solutions for Business Resiliency
Network Insider Live Webinar
Tuesday, August 18, 202010:00 am Pacific Time(San Francisco, GMT-08:00)
Where and how your employees work is changing—your workforce can...
Do you have hands-on experience with wireless network management?
If yes, please participate in this quick online survey. We'd like to understand your wireless network management and job roles that partake in this task. Your feedback will be reviewed a...
This event had place on Thursday 11, June 2020 at 10hrs PDT
In this session, the Cisco expert covered single image orchestration changes with the Cisco IOS XE Software Release 17.2.1r for Cisco IOS XE and Cisco IOS XE SD-WAN use cases. Duri...
This is a two-step process.
Step 1: Need to add the FlexConnect AP to a FlexConnect Group.Step 2: Need to configure a FlexConnect ACL (to specify the local traffic-of-interest), and map it to that FlexConnect Group.
For step 1----------As in the i...