08-06-2005 07:40 AM - edited 07-04-2021 11:01 AM
I understand that the local radius server supports up to 50 users.
Question: Is 50 users synonymous with 50 NASs? I only need one username/pw, but have 54 access points that need to authenticate.
In this scenario, is the AP still a NAS, or just a RADIUS client?
I have WLSE 2.11, 54 1200 series access points that need to run WDS, but no ACS server to authenticate.
Can I get by with 54 access points authenticating to the local RADIUS server, or is it a hard limit on the number of NASs that can be defined?
Also, do I really need to define an AP as the WDS, shutting down it's radios?
I read somewhere that there was a limit to the number of access points in a WDS domain that a WDS AP could support with it's radios on...
Thanks in advance!
08-06-2005 01:55 PM
I don't know if the 50 unit limit applies to NAS, but I suspect it does.
Regardless, it would not be a good idea or good design to use the AP for this level of activity. The Local RADIUS process in the AP is to provide higher-level authentication/authorization to smaller setups.
Regarding having to shut down the radios for the WDS controller AP: With the radios off, the AP can support 60 member APs; with the radio on, it can support 30.
I would also consider both of those numbers much higher than the practical limit (think "Marketing"). Those numbers are likely to be for networks with minimal auth/auth & roaming (clients that authenticate, associate, and stay put for most of their connected life).
You would be much better off using a "real" RADIUS server (or MS IAS) and, depending on your networking traffic patterns and usage, using a WLSM (which also requires a 6500 series switch with a Sup720). Cisco offers a "bundle" switch specifically for WLSM and, in terms of network quality and troubleshooting frustration, is well worth the price.
If, for whatever reason, you can't use the Microsoft RADIUS, there's freeRADIUS, which can run under Unix or Linux (I don't think it's been ported to DOS or Windows yet). It's not too hard to set up, supports certificates ... it's a full-blown RADIUS, and it's free. You can put Linux on an older PC and be much better off than trying to add an additional 16 tons of load to the (already pretty busy) AP microcontroller.
Good Luck
Scott
08-07-2005 03:31 AM
Thanks, I appreciate the reply. I was also under the understanding that MS IAS didn't support LEAP authentication, which is required for WDS auth?
If you search for "WDS IAS" in the discussion forums, you will find a message stasting that IAS doesn't support LEAP.
That doesn't mean it's a valid statement, but it led me to believe it was.
The customer does have an IAS server running, authenticating WLAN clients VIA PEAP/MS-CHAP V2...
Thanks!
Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide