In this post we will learn how to setup an AP as WDS device with AAA server locally.
My Topology:
I have two cisco AP models 1142.
AAP1: AS WDS device: 10.35.80.110
AAP2: AS Infrastructure AP: 10.35.80.111
***I will only use 2.4 Ghz (Dot11radio 0 Interface) for this post. You can use both or any one.
Steps to proceed:
- We will setup main AP (WDS-AP) as WDS device.
- WDS device will also participate as iNfrastructure AP.
- Configure the other Infrastructure AP(WDS-Client) to connect to WDS device.
Setup main AP (WDS-AP) as WDS device
Configure the AP to point the radius server:
aaa new-model
aaa group server radius Infra
server 10.35.80.110 auth-port 1812 acct-port 1813
aaa authentication login method_infra group Infra
radius-server local
<Configure AP for local radius server>
<Here we can use three type of authentication, eapfast, leap and mac authentication, by default its leap>
nas 10.35.80.110 key cisco123
<Define AP as AAA client>
no authentication mac
<Disable mac authentication>
no authentication eapfast
<Disable eapfast authentication>
User wds password cisco –> This will be used for other AP to join WDS
User test password rscciew123 –> This is for clients to authenticate
Radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key test12345
<Define the radius server to AP itself>
Enable the WDS on AP:
Wlccp wds priority 254 interface BVI1
<This sets the WDS priority. Between 1 and 255 where higher numbers are more likely to become WDS.>
Wlccp authentication-server infrastructure method_infra
<Enable Infrastructure authentication.>
WDS device will also participate as iNfrastructure AP
To join this AP as infra AP to itself, we will see this message:
WDS-AP(config)#wlccp ap username wds password cisco WDS-AP(config)# *Oct 2 12:50:32.274: %WLCCP_AP-6-INFRA: WLCCP Infrastructure Authenticated
Check the WDS status:
WDS-AP#sh wlccp wds MAC: 588d.0903.e31c, IP-ADDR: 10.35.80.110 , Priority: 254 Interface BVI1, State: Administratively StandAlone - ACTIVE AP Count: 1 , MN Count: 0 WDS-AP# WDS-AP#sh wlccp wds ap HOSTNAME MAC-ADDR IP-ADDR STATE WDS-AP 588d.0903.e31c 10.35.80.110 REGISTERED WDS-AP# WDS-AP#sh wlccp ap WDS = 588d.0903.e31c, 10.35.80.110 state = wlccp_ap_st_registered IN Authenticator = 10.35.80.110 MN Authenticator = 10.35.80.110 WDS-AP#
Our First AP is ready to act as WDS device and this AP is also participating as infrastructure device in it.
Other Infrastructure AP(WDS-Client) to connect to WDS device
On this AP we just need to configure the username and password to participate in WDS:
WDS-Client(config)#wlccp ap username wds password cisco
*** Configuring WDS suggest that the other AP (WDS-Client) in same subnet will be authenticated through the first AP. In this case, the authentication occurs over the cable(Not through any inter-AP wireless Link.)
Now check the status on WDS AP again:
WDS-AP#sh wlccp wds MAC: 588d.0903.e31c, IP-ADDR: 10.35.80.110 , Priority: 254 Interface BVI1, State: Administratively StandAlone - ACTIVE AP Count: 2 , MN Count: 0 WDS-AP# WDS-AP#sh wlccp wds ap HOSTNAME MAC-ADDR IP-ADDR STATE WDS-Client 2894.0fa8.a594 10.35.80.111 REGISTERED WDS-AP 588d.0903.e31c 10.35.80.110 REGISTERED WDS-AP# WDS-AP#sh wlccp ap WDS = 588d.0903.e31c, 10.35.80.110 state = wlccp_ap_st_registered IN Authenticator = 10.35.80.110 MN Authenticator = 10.35.80.110 WDS-AP#
Here is the complete configuration:
WDS Device Configuration:
hostname WDS-AP
!
aaa new-model
!
aaa group server radius Infra
server 10.35.80.110 auth-port 1812 acct-port 1813
!
aaa authentication login method_infra group Infra
!
radius-server local
no authentication eapfast
no authentication mac
nas 10.35.80.110 key 7 13061E010803557878
user wds nthash 7 09196D5149553143582D57090E7C7E1611704653462725027C0F00075F2641370B
user test nthash 7 0251537E5D502D021B1C2D4C5042445C5D56780E017D676374325E4E2552050D0A
!
radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 070C285F4D06485744
!
wlccp ap username wds password 7 05080F1C2243
wlccp authentication-server infrastructure method_infra
wlccp wds priority 254 interface BVI1
Infrastructure AP Configuration (WDS-Client):
hostname WDS-Client wlccp ap username wds password 7 05080F1C2243
In next post we will configure the 2nd AP (WDS-Client) to also act as redundant WDS device in case of primary fails.
2 thoughts on “Configuring WDS via CLI”