Configuring WDS via CLI

In this post we will learn how to setup an AP as WDS device with AAA server locally.

My Topology:

I have two cisco AP models 1142.

AAP1:  AS WDS device: 10.35.80.110
AAP2: AS Infrastructure AP: 10.35.80.111

***I will only use 2.4 Ghz (Dot11radio 0 Interface) for this post. You can use both or any one.

Steps to proceed:

  1. We will setup main AP (WDS-AP) as WDS device.
  2. WDS device will also participate as iNfrastructure AP.
  3. Configure the other Infrastructure AP(WDS-Client) to connect to WDS device.

 

Setup main AP (WDS-AP) as WDS device
Configure the AP to point the radius server:
aaa new-model
aaa group server radius Infra
  server 10.35.80.110 auth-port 1812 acct-port 1813
aaa authentication login method_infra group Infra

radius-server local
<Configure AP for local radius server>
<Here we can use three type of authentication, eapfast, leap and mac authentication, by default its leap>

nas 10.35.80.110 key cisco123
<Define AP as AAA client>

no authentication mac
<Disable mac authentication>

no authentication eapfast
<Disable eapfast authentication>

User wds password cisco –> This will be used for other AP to join WDS

User test password rscciew123 –> This is for clients to authenticate

Radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key test12345
<Define the radius server to AP itself>

Enable the WDS on AP:

Wlccp wds priority 254 interface BVI1
<This sets the WDS priority. Between 1 and 255 where higher numbers are more likely to become WDS.>

Wlccp authentication-server infrastructure method_infra
<Enable Infrastructure authentication.>

WDS device will also participate as iNfrastructure AP

To join this AP as infra AP to itself, we will see this message:

WDS-AP(config)#wlccp ap username wds password cisco
WDS-AP(config)#
 *Oct  2 12:50:32.274: %WLCCP_AP-6-INFRA: WLCCP Infrastructure Authenticated

Check the WDS status:

WDS-AP#sh wlccp wds
 MAC: 588d.0903.e31c, IP-ADDR: 10.35.80.110   , Priority: 254
 Interface BVI1, State: Administratively StandAlone - ACTIVE
 AP Count: 1   , MN Count: 0
WDS-AP#
WDS-AP#sh wlccp wds ap
 HOSTNAME                           MAC-ADDR      IP-ADDR          STATE
WDS-AP                           588d.0903.e31c  10.35.80.110    REGISTERED
WDS-AP#
WDS-AP#sh wlccp ap
 WDS = 588d.0903.e31c, 10.35.80.110
 state = wlccp_ap_st_registered
 IN Authenticator = 10.35.80.110
 MN Authenticator = 10.35.80.110
 WDS-AP#

Our First AP is ready to act as WDS device and this AP is also participating as infrastructure device in it.

Other Infrastructure AP(WDS-Client) to connect to WDS device

On this AP we just need to configure the username and password to participate in WDS:

WDS-Client(config)#wlccp ap username wds password cisco

*** Configuring WDS suggest that the other AP (WDS-Client) in same subnet will be authenticated  through the first AP. In this case, the authentication occurs over the cable(Not through any inter-AP wireless Link.)

Now check the status on WDS AP again:

WDS-AP#sh wlccp  wds
 MAC: 588d.0903.e31c, IP-ADDR: 10.35.80.110   , Priority: 254
 Interface BVI1, State: Administratively StandAlone - ACTIVE
 AP Count: 2   , MN Count: 0
WDS-AP#
WDS-AP#sh wlccp  wds ap
 HOSTNAME                           MAC-ADDR      IP-ADDR          STATE
 WDS-Client                       2894.0fa8.a594  10.35.80.111    REGISTERED
 WDS-AP                           588d.0903.e31c  10.35.80.110    REGISTERED
WDS-AP#
WDS-AP#sh wlccp  ap
WDS = 588d.0903.e31c, 10.35.80.110
 state = wlccp_ap_st_registered
 IN Authenticator = 10.35.80.110
 MN Authenticator = 10.35.80.110
WDS-AP#

Here is the complete configuration:

WDS Device Configuration:

hostname WDS-AP
 !
 aaa new-model
 !
 aaa group server radius Infra
  server 10.35.80.110 auth-port 1812 acct-port 1813
 !
 aaa authentication login method_infra group Infra
 !
 radius-server local
   no authentication eapfast
   no authentication mac
   nas 10.35.80.110 key 7 13061E010803557878
   user wds nthash 7 09196D5149553143582D57090E7C7E1611704653462725027C0F00075F2641370B
   user test nthash 7 0251537E5D502D021B1C2D4C5042445C5D56780E017D676374325E4E2552050D0A
 !
 radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 070C285F4D06485744
 !
 wlccp ap username wds password 7 05080F1C2243
 wlccp authentication-server infrastructure method_infra
 wlccp wds priority 254 interface BVI1

Infrastructure AP Configuration (WDS-Client):

hostname WDS-Client
wlccp ap username wds password 7 05080F1C2243

In next post we will configure the 2nd AP (WDS-Client) to also act as redundant WDS device in case of primary fails.

Upgrade IOS on Cisco autonomous AP

In this post we will see the software upgrade on Autonomous AP.

Normally upgrade is performed in order to take advantage of the new features or if there bug in old IOS or this is the standard from company side to upgrade to the latest version of IOS on AP…there can be many reason to up-gradation.

IOS upgrade on standalone AP can be done by two ways:

  • GUI
  • CLI

Via CLI:

Step1: Download a new IOS image from cisco.com for respective AP model.

Step2: Open TFTP server on a notebook.

Step3: Put this new image on TFTP root directory.

Step4: Here come two things:

      1. Do you want to overwrite the old image?
      2. Do you want to keep the old image and also want to install new one. ?

Step5: Let’s say: we want to overwrite the old IOS, then we must use this command:

 AP#archive download-sw /overwrite /reload tftp://location/image-name

overwrite option overwrites the software image in flash with the downloaded image.

reload option reloads the system after you download the image unless the configuration is changed and not saved.

 location, specify the IP address of the TFTP server.

image name, specify the Cisco IOS filename that you plan to use to upgrade the access point

Step6: Let’s say: We want to keep the old IOS and install the new one on AP, then issue this command:

AP#archive download-sw /leave-old-sw /reload tftp://location/image-name

*** If there not so much space then in between download process a error message will be displayed and it will stop the download.

Step7: After download a new IOS, AP will reload or you have to manually reload the AP.

Step8: Verify with show version command about the new software version.

Via GUI:

Step1: Download the new IOS from cisco.com by your CCO id.

Step2: Open TFTP server and put the new image in TFTP root directory.

Step3: Login to AP GUI, click on the System Software menu from the left hand side. Choose the Software Upgrade option. (On this page we can see the present system software version)

Step4: From the software upgrade page, choose TFTP upgrade.

Step5: Enter the IP of TFTP server and the image name.

Step6: Click upgrade.