09-01-2005 05:51 AM - edited 07-04-2021 11:05 AM
Hi all..
Ok, i've been trying to get WDS working with my WLSE.
I'm not sure if I understand correctly.. our laptop clients currently authenticate via another system but I have a WLSE which I want to use to manage the radio network, signal strength/stats/etc.
Am I right in thinking that the main WDS AP needs to authenticate with Radius via the WLSE before all the AP's will start sending data to the WDS and then to the WLSE? :((
I've got my Radius server configured on the WDS access point and the other APs are seeing it, as when I issue the "show wlccp wds ap" command I get the following:
WIG-ap01#sh wlccp wds ap
MAC-ADDR IP-ADDR STATE LIFETIME
0013.6086.2ced 192.168.94.3 AUTH IN PROGRESS -
0012.80fd.0790 192.168.94.14 AUTH IN PROGRESS -
0013.6086.2cb2 192.168.94.2 AUTH IN PROGRESS -
0012.d922.a237 192.168.94.11 AUTH IN PROGRESS -
I cannot get it any further than "AUTH IN PROGRESS"
Here is some of the Radius config on the WDS AP
aaa group server radius iauth01
server <IP ADD REMOVED> auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap
!
aaa group server radius rad_acct
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login method_iauth01 group iauth01
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 network-map
negated
radius-server host <IP removed> auth-port 1645 acct-port 1646 key xxxx
radius-server timeout 30
radius-server attribute 32 include-in-access-req format %h
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
bridge 1 route ip
!
wlccp authentication-server infrastructure method_iauth01
wlccp wds priority 128 interface BVI1
wlccp wnm ip address <ip removed>
Please help, I know im a n00b.. but the lack of documentation with this is really screwing me.
Thanks
Tim
09-01-2005 02:13 PM
Tim,
Each AP needs to authenticate to the WDS to operate.
You need to add the following on the AP's to get them to connect to the WDS via the radius server:-
Create a user on your radius server say WDS_AP.
Next add the following to all AP's including the WDS:-
wlccp ap username WDS_AP password *****
If you need to authenticate EAP clients you will need additional commands.
09-01-2005 04:14 PM
Yes, the main WDS AP need to be authenticated via the radius server to WLSE, before RM related things can be used in WLSE. Are you using local radius server on the AP or external CiscoSecure ACS?. What IOS version is running on the WDS AP?.
09-06-2005 12:14 AM
Thanks for the replies guys..
I've managed to get it to send stuff to the radius server which also authenticates with the AD, however the radius server is rejecting me because im using a "unknown authentication type" its windows radius server.
My friend has double checked my config on my AP's and Radius and WDS is setup fine.. we are wondering if you use a standard radius server? or does it have to be a Cisco ACS or a AP with the local radius server running...
Many thanks
Tim
09-06-2005 04:46 AM
Sorted!
Didn't realise you couldn't use any Radius server,,, got an AP configured with the Local radius server and all the APs authenticated to the WDS no problem!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide