WDS and Windows IAS

cmtadmin · ‎08-16-2005

I have a number of 1130 AP that are using EAP-TLS to log users onto the wireless network. I would like to move to using WDS but I am having issues with the access points authenticating with windows IAS server. I am receiving this error AP Authentication to the WDS failed on the non WDS server AP's all of hte access points can see the WDS server but they cannot authenticate with them

Any thoughts would be appreciated

cmtadmin

a-vazquez · ‎08-22-2005

It appears that the WDS and Infrastructure AP configs may beincorrect. Here's the way it's supposed to work:

1. Only 1 WDS Master (set using highest priority) per vlan or subnet.

2. Maximum of 2 backup WDS servers (each with lower priority than the WDS

master).

3. WDS Master should not have Radio enabled, but if you need it for cell

coverage (i.e. clients to associate to it), then it should be in an area

where few users will associate to it.

4. Only the WDS Master (and backups if you have them) should be configured

with the Infrastructure and Client groups to send EAP authentication to the

Radius server. Infrastructure APs will forward EAP requests to the WDS

Master to handle.

5. If using multiple Radius servers, you need to enable the dead server list

in the Global server manager properties.

So to fix your configs, you need to decide which AP will be the WDS master

and set it's priority to be higher than any Infrastructure APs that may act

as a backup WDS. Then on the WDS Master you need to configure an

Infrastructure Group to forward Infrastructure AP authentication requests to

your Radius server. Then on the WDS Master you need to configure a Client

group to forward client requests coming from the Infrastructure APs to the

Radius server. If you have multiple Radius servers, then you need to enable

the "Dead Server List" under Global Properties in Server Manager. Set the

Dead Timer to 2 or 3 minutes.