Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
0
Helpful
4
Replies

WDS infrastructure only

herminator
Level 1
Level 1

‎05-11-2004 04:47 AM - edited ‎07-04-2021 09:37 AM

Folks,

We have a couple of G and B radios access-points (1200 series) in 2 buildings. I want to use WDS only for the infrastructure and will have the clients to authenticate the way they do now. They authenticate directly against a radius server (eap-ttls).

I have configured a standalone WDS also with a local radius server and the use of infrastructure method.

When I configure an ap1200 to use WDS, it seems to use the WDS also for his clients to authenticate.

If I look at the WDS, I see that the AP is registered.

When I look at the wireless services summary page of the ap1200, It has his 'WDS ip address' his 'IN authenticator' and his 'MN authenticator' all to the WDS’s ip-address. The state is 'Infrastructure'.

I want to use an other 'MN authenticator' for my clients to authenticate. I don’t want accesspoints be dependent on the WDS to authenticate my clients.

Is it possible to fill in an other 'MN authenticator'?

Labels:
0 Helpful
4 Replies 4

walruspro
Level 1
Level 1

‎05-12-2004 03:29 AM

I have the same dilemma. We´re using PEAP as client auth. One result is that in our ACS 3.2, logs -> passed/failed authentications, the "acces-divice" + "NAS-IP adress" is always the WDS-AP even though the client has connected to some other AP.

It would be nice to separate the client auth and infrastructure authentication. I have tried but WDS seem to override this and pass the authentications thru the WDS-AP.

Any suggestions?

/F

0 Helpful

bruce.johnson
Level 1
Level 1
In response to walruspro

‎05-14-2004 05:34 PM

Isn't the Mobile Node authentictor responsible for Fast-Reauthentication, and shouldn't it handle re-authentication for roaming nodes only? Doesn't the initially-associated AP still handle the first EAP auth?

0 Helpful

kevin_miller
Level 1
Level 1

‎05-19-2004 07:53 PM

I have exactly the same problem using LEAP. WDS works, but slows down the authentication process. It works, but is noticably slower. I see no benefit for me using WDS for client authentication since I don't have roaming problems now and don't use realtime applications over wireless.

I've tried the following, but it doesn't work:

aaa group server radius wlccp_rad_infra

server 1.1.1.1 auth-port 1645 acct-port 1646

aaa authentication login wlccp_infra group wlccp_rad_infra

wlccp authentication-server infrastructure wlccp_infra

wlccp wds priority 200 interface BVI1

wlccp ap username xxx password xxx

wlccp wnm ip address 3.3.3.3

0 Helpful

walruspro
Level 1
Level 1
In response to kevin_miller

‎05-19-2004 09:18 PM

I also notice that authentication with my PEAP-clients take more time via wds.

Lets hope that Cisco make the client-authentication a module that can be detached from the wds-concept if there is a need - like in our cases. Can´t be too hard.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card