How to configure AP as WDS device, check this link: Configure WDS via CLI
It’s the same procedure what we did in last post to configure the Infra AP to make as backup WDS device.
Steps:
- First we have to add the WDS-Client AP as a NAS on the primary AP’s radius server so it can request for authentication.
- Configure Radius and infrastructure server configure (Same as previous post).
Let’s start:
Only one line is needed on WDS-AP:
WDS-AP(config-radsrv)#nas 10.35.80.111 key cisco123
Then we have to configure Radius and wlccp parameters on WDS-Client AP.
aaa new-model ! aaa group server radius Infrastructure server 10.35.80.110 auth-port 1812 acct-port 1813 ! aaa authentication login method_Infra group Infrastructure ! radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 1511021F07257A767B ! wlccp ap username wds password 7 104D000A0618 wlccp authentication-server infrastructure method_Infra wlccp wds priority 250 interface BVI1
This WDS configured with a lower priority of 250 because we have other AP (WDS-AP) with 254. Now let’s take a look at the results.
Now check the WDS status on both AP:
WDS-AP:
WDS-AP#sh wlccp ap WDS = 588d.0903.e31c, 10.35.80.110 state = wlccp_ap_st_registered IN Authenticator = 10.35.80.110 MN Authenticator = 10.35.80.110 WDS-AP# WDS-AP#sh wlccp wds MAC: 588d.0903.e31c, IP-ADDR: 10.35.80.110 , Priority: 254 Interface BVI1, State: Administratively StandAlone - ACTIVE AP Count: 2 , MN Count: 0 WDS-AP# WDS-AP#sh wlccp wds ap HOSTNAME MAC-ADDR IP-ADDR STATE WDS-Client 2894.0fa8.a594 10.35.80.111 REGISTERED WDS-AP 588d.0903.e31c 10.35.80.110 REGISTERED WDS-AP#
WDS-Client AP:
WDS-Client#sh wlccp ap WDS = 588d.0903.e31c, 10.35.80.110 state = wlccp_ap_st_registered IN Authenticator = 10.35.80.110 MN Authenticator = 10.35.80.110 WDS-Client# WDS-Client#sh wlccp wds MAC: 2894.0fa8.a594, IP-ADDR: 10.35.80.111 , Priority: 250 Interface BVI1, State: BACKUP Currently ACTIVE WDS - MAC: 588d.0903.e31c, Priority: 254, IP-ADDR: 10.35.80.110 WDS-Client# WDS-Client#sh wlccp wds ap HOSTNAME MAC-ADDR IP-ADDR STATE WDS-Client#
Now we will configure both AP to provide service to clients.
WDS-AP Configuration:
hostname WDS-AP ! aaa new-model ! aaa group server radius Infra server 10.35.80.110 auth-port 1812 acct-port 1813 ! aaa group server radius Client server 10.35.80.110 auth-port 1812 acct-port 1813 ! aaa authentication login method_infra group Infra aaa authentication login method_client group Client ! dot11 ssid RSCCIEW authentication open eap method_client authentication key-management wpa version 2 guest-mode ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! ssid RSCCIEW ! station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! radius-server local no authentication eapfast no authentication mac nas 10.35.80.110 key 7 13061E010803557878 nas 10.35.80.111 key 7 1511021F07257A767B user wds nthash 7 09196D5149553143582D57090E7C7E1611704653462725027C0F00075F2641370B user test nthash 7 0251537E5D502D021B1C2D4C5042445C5D56780E017D676374325E4E2552050D0A ! radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 070C285F4D06485744 ! wlccp ap username wds password 7 05080F1C2243 wlccp authentication-server infrastructure method_infra wlccp authentication-server client any method_client ssid RSCCIEW wlccp wds priority 254 interface BVI1
WDS-Client Configuration:
hostname WDS-Client ! aaa new-model ! aaa group server radius Infrastructure server 10.35.80.110 auth-port 1812 acct-port 1813 ! aaa group server radius Client1 server 10.35.80.110 auth-port 1812 acct-port 1813 ! aaa authentication login method_Infra group Infrastructure aaa authentication login method_client1 group Client1 ! dot11 ssid RSCCIEW authentication open eap method_client1 authentication key-management wpa version 2 guest-mode ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! ssid RSCCIEW ! station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 121A0C0411045D5679 ! wlccp ap username wds password 7 104D000A0618 wlccp authentication-server infrastructure method_Infra wlccp authentication-server client any Client1 ssid RSCCIEW wlccp wds priority 250 interface BVI1
This is all we have to configure; now we can setup connection with client and test it.
See the client status: Client will authenticate from Primary WDS Device.
WDS-AP#sh dot11 associations 802.11 Client Stations on Dot11Radio0: SSID [RSCCIEW] : MAC Address IP address Device Name Parent State ac7b.a1d1.c289 10.35.80.106 ccx-client WDS-AP self EAP-Assoc WDS-AP# WDS-AP#sh dot11 associations ac7b.a1d1.c289 Address : ac7b.a1d1.c289 Name : WDS-AP IP Address : 10.35.80.106 Interface : Dot11Radio 0 Device : ccx-client Software Version : NONE CCX Version : 4 Client MFP : Off State : EAP-Assoc Parent : self SSID : RSCCIEW VLAN : 0 Hops to Infra : 1 Association Id : 1 Clients Associated: 0 Repeaters associated: 0 Tunnel Address : 0.0.0.0 Key Mgmt type : WPAv2 Encryption : AES-CCMP Current Rate : 54.0 Capability : WMM ShortHdr ShortSlot Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Voice Rates : disabled Bandwidth : 20 MHz Signal Strength : -45 dBm Connected for : 14 seconds Signal to Noise : 44 dB Activity Timeout : 50 seconds Power-save : Off Last Activity : 0 seconds ago Apsd DE AC(s) : BK BE VI VO Packets Input : 164 Packets Output : 45 Bytes Input : 32680 Bytes Output : 9901 Duplicates Rcvd : 0 Data Retries : 0 Decrypt Failed : 0 RTS Retries : 0 MIC Failed : 0 MIC Missing : 0 Packets Redirected: 0 Redirect Filtered: 0 PMKIDs: ED7B7F68446E643F622718DD96A73643 Session timeout : 0 seconds Reauthenticate in : never WDS-AP#