Cisco 802.11 Wireless Networking Quick Reference - page 56

You must begin in Privileged Exec mode on the AP that you wish to configure.

Step 1: Configure Your APs or Switches as WDS Devices

You can enable WDS on either the WLSM-enabled switch or the AP. When you set up WDS on an AP, here are some tips to keep in mind:

• If you use an AP as the WDS device, disable the radio or use an AP that serves a small volume of clients. Client devices that associate to the WDS AP when it starts might take several minutes to authenticate.

• If the WDS AP serves client devices, it can serve 30 other APs. However, if the radio is disabled, it can serve up to 60 APs.

• APs that serve as repeaters cannot be used as WDS devices.

Use the following command-line instructions to configure APs as WDS devices.

AP#

configure terminal

AP(config)#

aaa new-model


AP(config)#

wlccp wds priority 200 interface bvi1


AP(config)#

wlccp authentication-server infrastructure MI5


AP(config)#

wlccp authentication-server client any fieldops


AP(config-wlccp-auth)#

ssid FelixLeiter

AP(config-wlccp-auth)#

ssid Quarrel

AP(config)#

end

This series of instructions specifies that infrastructure devices are authenticated from server group MI5. CCKM-enabled clients that use the SSIDs of FelixLeiter and Quarrel are authenticated with the server group fieldops.

The third line of code requires some explanation. Priority 200 is used to set the priority of this WDS candidate. You can configure multiple APs as WDS candidates, and when the candidate with the highest priority is taken out of service, the candidate with the next highest priority is elected. This number is a value between 1 and 255.

The fifth line allows you to specify what type of authentication to use. In this case, any has been specified. However, you could also put in EAP or LEAP, or specify your own list of authentication methods .

Step 2: Configure Your APs to Use the WDS Device

Next, you must configure the APs to use the WDS device. To do this, see the following instructions:

AP#

configure terminal

AP(config)#

wlccp ap wds ip address 10.10.10.1


AP(config)#

wlccp ap username JamesBond password 7 a$t1nm@rt1n


AP(config)#

end

Here, the AP is configured to authenticate with a specific WDS-enabled device, and it uses the username JamesBond and the password a$t1nm@rt1n. The 7 before the password means that the AP's password is encrypted. This value could be set to 0, and means the password is unencrypted.

You must use the same username and password on the AP as a client to the authentication server.

Step 3: Enable Layer 3 Mobility to an SSID

The next step is to map an SSID to a specific mobility network ID. Follow these commands:

AP#

configure terminal

AP(config)#

interface dot11radio 0

AP(config-if)#

ssid MobileNet


AP(config-if-ssid)#

mobility network-id 7


AP(config-if-ssid)#

end

Here, the SSID MobileNet is mapped to mobility network ID 7.

Step 4: Configure the Authentication Server to Support Fast, Secure Roaming

Though the action seems to take place between the clients and the APs, don't forget that your WDS device and APs must also authenticate to the authentication server. Set up the server with usernames and passwords for the APs, along with username and password for the WDS device.

Your authentication server is similar to Access Control Server (ACS) (though the AP can also act as an authentication server for up to 50 clients), and it requires you to log into ACS, and then add the name , password, and IP address of each WDS device candidate.

You would also create user entries and passwords for the APs that use the WDS candidates.