Configuring WDS via CLI

In this post we will learn how to setup an AP as WDS device with AAA server locally.

My Topology:

I have two cisco AP models 1142.

AAP1:  AS WDS device: 10.35.80.110
AAP2: AS Infrastructure AP: 10.35.80.111

***I will only use 2.4 Ghz (Dot11radio 0 Interface) for this post. You can use both or any one.

Steps to proceed:

  1. We will setup main AP (WDS-AP) as WDS device.
  2. WDS device will also participate as iNfrastructure AP.
  3. Configure the other Infrastructure AP(WDS-Client) to connect to WDS device.

 

Setup main AP (WDS-AP) as WDS device
Configure the AP to point the radius server:
aaa new-model
aaa group server radius Infra
  server 10.35.80.110 auth-port 1812 acct-port 1813
aaa authentication login method_infra group Infra

radius-server local
<Configure AP for local radius server>
<Here we can use three type of authentication, eapfast, leap and mac authentication, by default its leap>

nas 10.35.80.110 key cisco123
<Define AP as AAA client>

no authentication mac
<Disable mac authentication>

no authentication eapfast
<Disable eapfast authentication>

User wds password cisco –> This will be used for other AP to join WDS

User test password rscciew123 –> This is for clients to authenticate

Radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key test12345
<Define the radius server to AP itself>

Enable the WDS on AP:

Wlccp wds priority 254 interface BVI1
<This sets the WDS priority. Between 1 and 255 where higher numbers are more likely to become WDS.>

Wlccp authentication-server infrastructure method_infra
<Enable Infrastructure authentication.>

WDS device will also participate as iNfrastructure AP

To join this AP as infra AP to itself, we will see this message:

WDS-AP(config)#wlccp ap username wds password cisco
WDS-AP(config)#
 *Oct  2 12:50:32.274: %WLCCP_AP-6-INFRA: WLCCP Infrastructure Authenticated

Check the WDS status:

WDS-AP#sh wlccp wds
 MAC: 588d.0903.e31c, IP-ADDR: 10.35.80.110   , Priority: 254
 Interface BVI1, State: Administratively StandAlone - ACTIVE
 AP Count: 1   , MN Count: 0
WDS-AP#
WDS-AP#sh wlccp wds ap
 HOSTNAME                           MAC-ADDR      IP-ADDR          STATE
WDS-AP                           588d.0903.e31c  10.35.80.110    REGISTERED
WDS-AP#
WDS-AP#sh wlccp ap
 WDS = 588d.0903.e31c, 10.35.80.110
 state = wlccp_ap_st_registered
 IN Authenticator = 10.35.80.110
 MN Authenticator = 10.35.80.110
 WDS-AP#

Our First AP is ready to act as WDS device and this AP is also participating as infrastructure device in it.

Other Infrastructure AP(WDS-Client) to connect to WDS device

On this AP we just need to configure the username and password to participate in WDS:

WDS-Client(config)#wlccp ap username wds password cisco

*** Configuring WDS suggest that the other AP (WDS-Client) in same subnet will be authenticated  through the first AP. In this case, the authentication occurs over the cable(Not through any inter-AP wireless Link.)

Now check the status on WDS AP again:

WDS-AP#sh wlccp  wds
 MAC: 588d.0903.e31c, IP-ADDR: 10.35.80.110   , Priority: 254
 Interface BVI1, State: Administratively StandAlone - ACTIVE
 AP Count: 2   , MN Count: 0
WDS-AP#
WDS-AP#sh wlccp  wds ap
 HOSTNAME                           MAC-ADDR      IP-ADDR          STATE
 WDS-Client                       2894.0fa8.a594  10.35.80.111    REGISTERED
 WDS-AP                           588d.0903.e31c  10.35.80.110    REGISTERED
WDS-AP#
WDS-AP#sh wlccp  ap
WDS = 588d.0903.e31c, 10.35.80.110
 state = wlccp_ap_st_registered
 IN Authenticator = 10.35.80.110
 MN Authenticator = 10.35.80.110
WDS-AP#

Here is the complete configuration:

WDS Device Configuration:

hostname WDS-AP
 !
 aaa new-model
 !
 aaa group server radius Infra
  server 10.35.80.110 auth-port 1812 acct-port 1813
 !
 aaa authentication login method_infra group Infra
 !
 radius-server local
   no authentication eapfast
   no authentication mac
   nas 10.35.80.110 key 7 13061E010803557878
   user wds nthash 7 09196D5149553143582D57090E7C7E1611704653462725027C0F00075F2641370B
   user test nthash 7 0251537E5D502D021B1C2D4C5042445C5D56780E017D676374325E4E2552050D0A
 !
 radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 070C285F4D06485744
 !
 wlccp ap username wds password 7 05080F1C2243
 wlccp authentication-server infrastructure method_infra
 wlccp wds priority 254 interface BVI1

Infrastructure AP Configuration (WDS-Client):

hostname WDS-Client
wlccp ap username wds password 7 05080F1C2243

In next post we will configure the 2nd AP (WDS-Client) to also act as redundant WDS device in case of primary fails.

Advertisements

2 Comments

  1. Pingback: WDS(Wireless Domain Service) Overview | Towards CCIE Wireless

  2. Pingback: Redundant WDS devices | Towards CCIE Wireless

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s