Redundant WDS devices

How to configure AP as WDS device, check this link: Configure WDS via CLI

It’s the same procedure what we did in last post to configure the Infra AP to make as backup WDS device.

Steps:

  1. First we have to add the WDS-Client AP as a NAS on the primary AP’s radius server so it can request for authentication.
  2. Configure Radius and infrastructure server configure (Same as previous post).

Let’s start:

Only one line is needed on WDS-AP:

WDS-AP(config-radsrv)#nas 10.35.80.111 key cisco123

Then we have to configure Radius and wlccp parameters on WDS-Client AP.

aaa new-model
 !
 aaa group server radius Infrastructure
 server 10.35.80.110 auth-port 1812 acct-port 1813
 !
 aaa authentication login method_Infra group Infrastructure
 !
 radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 1511021F07257A767B
 !
 wlccp ap username wds password 7 104D000A0618
 wlccp authentication-server infrastructure method_Infra
 wlccp wds priority 250 interface BVI1

This WDS configured with a lower priority of 250 because we have other AP (WDS-AP) with 254.  Now let’s take a look at the results.

Now check the WDS status on both AP:

WDS-AP:

WDS-AP#sh wlccp ap
 WDS = 588d.0903.e31c, 10.35.80.110
 state = wlccp_ap_st_registered
 IN Authenticator = 10.35.80.110
 MN Authenticator = 10.35.80.110
WDS-AP#
WDS-AP#sh wlccp wds
 MAC: 588d.0903.e31c, IP-ADDR: 10.35.80.110   , Priority: 254
 Interface BVI1, State: Administratively StandAlone - ACTIVE
 AP Count: 2   , MN Count: 0
WDS-AP#
WDS-AP#sh wlccp wds ap
 HOSTNAME                           MAC-ADDR      IP-ADDR          STATE
WDS-Client                       2894.0fa8.a594  10.35.80.111    REGISTERED
WDS-AP                           588d.0903.e31c  10.35.80.110    REGISTERED
WDS-AP#

 

WDS-Client AP:

WDS-Client#sh wlccp ap
 WDS = 588d.0903.e31c, 10.35.80.110
 state = wlccp_ap_st_registered
 IN Authenticator = 10.35.80.110
 MN Authenticator = 10.35.80.110
 WDS-Client#
 WDS-Client#sh wlccp wds
 MAC: 2894.0fa8.a594, IP-ADDR: 10.35.80.111   , Priority: 250
 Interface BVI1, State: BACKUP
 Currently ACTIVE WDS - MAC: 588d.0903.e31c, Priority: 254, IP-ADDR: 10.35.80.110
 WDS-Client#
 WDS-Client#sh wlccp wds ap
 HOSTNAME                           MAC-ADDR      IP-ADDR          STATE
 WDS-Client#

Now we will configure both AP to provide service to clients.

WDS-AP Configuration:

hostname WDS-AP
 !
 aaa new-model
 !
 aaa group server radius Infra
 server 10.35.80.110 auth-port 1812 acct-port 1813
 !
 aaa group server radius Client
 server 10.35.80.110 auth-port 1812 acct-port 1813
 !
 aaa authentication login method_infra group Infra
 aaa authentication login method_client group Client
 !
 dot11 ssid RSCCIEW
 authentication open eap method_client
 authentication key-management wpa version 2
 guest-mode
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm
 !
 ssid RSCCIEW
 !
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
 !
 radius-server local
 no authentication eapfast
 no authentication mac
 nas 10.35.80.110 key 7 13061E010803557878
 nas 10.35.80.111 key 7 1511021F07257A767B
 user wds nthash 7 09196D5149553143582D57090E7C7E1611704653462725027C0F00075F2641370B
 user test nthash 7 0251537E5D502D021B1C2D4C5042445C5D56780E017D676374325E4E2552050D0A
 !
 radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 070C285F4D06485744
 !
 wlccp ap username wds password 7 05080F1C2243
 wlccp authentication-server infrastructure method_infra
 wlccp authentication-server client any method_client
 ssid RSCCIEW
 wlccp wds priority 254 interface BVI1

WDS-Client Configuration:

hostname WDS-Client
 !
 aaa new-model
 !
 aaa group server radius Infrastructure
 server 10.35.80.110 auth-port 1812 acct-port 1813
 !
 aaa group server radius Client1
 server 10.35.80.110 auth-port 1812 acct-port 1813
 !
 aaa authentication login method_Infra group Infrastructure
 aaa authentication login method_client1 group Client1
 !
 dot11 ssid RSCCIEW
 authentication open eap method_client1
 authentication key-management wpa version 2
 guest-mode
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm
 !
 ssid RSCCIEW
 !
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
 !
 radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 121A0C0411045D5679 
 !
 wlccp ap username wds password 7 104D000A0618
 wlccp authentication-server infrastructure method_Infra
 wlccp authentication-server client any Client1
 ssid RSCCIEW
 wlccp wds priority 250 interface BVI1

This is all we have to configure; now we can setup connection with client and test it.

See the client status: Client will authenticate from Primary WDS Device.

WDS-AP#sh dot11 associations
 802.11 Client Stations on Dot11Radio0:
 SSID [RSCCIEW] :
 MAC Address    IP address      Device        Name            Parent         State
 ac7b.a1d1.c289 10.35.80.106    ccx-client    WDS-AP          self           EAP-Assoc
WDS-AP#
WDS-AP#sh dot11 associations  ac7b.a1d1.c289
 Address           : ac7b.a1d1.c289     Name             : WDS-AP
 IP Address        : 10.35.80.106       Interface        : Dot11Radio 0
 Device            : ccx-client         Software Version : NONE
 CCX Version       : 4                  Client MFP       : Off
 State             : EAP-Assoc          Parent           : self
 SSID              : RSCCIEW
 VLAN              : 0
 Hops to Infra     : 1                  Association Id   : 1
 Clients Associated: 0                  Repeaters associated: 0
 Tunnel Address    : 0.0.0.0
 Key Mgmt type     : WPAv2              Encryption       : AES-CCMP
 Current Rate      : 54.0               Capability       : WMM ShortHdr ShortSlot
 Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 Voice Rates       : disabled           Bandwidth        : 20 MHz
 Signal Strength   : -45  dBm           Connected for    : 14 seconds
 Signal to Noise   : 44  dB            Activity Timeout : 50 seconds
 Power-save        : Off                Last Activity    : 0 seconds ago
 Apsd DE AC(s)     : BK BE VI VO
 Packets Input     : 164                Packets Output   : 45
 Bytes Input       : 32680              Bytes Output     : 9901
 Duplicates Rcvd   : 0                  Data Retries     : 0
 Decrypt Failed    : 0                  RTS Retries      : 0
 MIC Failed        : 0                  MIC Missing      : 0
 Packets Redirected: 0                  Redirect Filtered: 0
 PMKIDs:
 ED7B7F68446E643F622718DD96A73643
 Session timeout   : 0 seconds
 Reauthenticate in : never
WDS-AP#
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s