cisco WDS master

Unanswered Question
Aug 6th, 2007

Hi all, I am configuring wds on my access points, I have configured the master wds with priority 255, my question is I can see that there is a username and password set on each access point, what does this need to match up to on the master WDS? does the passwords on the other access points need to be the same as the master WDS?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.6 (5 ratings)
Rob Huffman Wed, 08/08/2007 - 05:14

Hi Carl,

Check out Step 5 & 6

Configuring Access Points to use the WDS Device

Follow these steps to configure an access point to authenticate through the WDS device and participate in CCKM:


Step 1 Browse to the Wireless Services Summary page.

Step 2 Click AP to browse to the Wireless Services AP page.

Step 3 Click Enable for the Participate in SWAN Infrastructure setting.

Step 4 (Optional) If you use one main WDS device on your network, select Specified Discovery and enter the IP address of the WDS device in the entry field. When you enable Specified Discovery, the access point immediately authenticates with the WDS device instead of waiting for WDS advertisements. If the WDS device that you specify does not respond, the access point waits for WDS advertisements.

Step 5 In the Username field, enter a username for the access point. This username must match the username that you create for the access point on your authentication server.

Step 6 In the Password field, enter a password for the access point, and enter the password again in the Confirm Password field. This password must match the password that you create for the access point on your authentication server.

Step 7 Click Apply.


The access points that you configure to interact with the WDS automatically perform these steps:

Discover and track the current WDS device and relay WDS advertisements to the wireless LAN.

Authenticate with the WDS device and establish a secure communication channel to the WDS device.

Register associated client devices with the WDS device.

From this good doc;


wlccp ap username XXXXXX password YYYYYYY

This LEAP Username/Password must exist on RADIUS Server that the WDS Server points to for WDS Client authentication ( could be local Radius on the WDS AP or remote Radius Server).

Hope this helps!


mcnaz-yeo Wed, 12/26/2007 - 20:29


Thanks, Question .How would u handle WDS with by disable the radio which it is capable to support 60 AP. if let say U have more then 80 how would U deploy ? With the AP ip range 102.168.22.x . how do U subnet it? all are vlan 1.


Rob Huffman Wed, 08/08/2007 - 05:15

Hi Ricardo,

Here is some info on the role of WDS.

Configuring WDS, Fast Secure Roaming, and Radio Management

Understanding WDS

When you configure Wireless Domain Services on your network, access points on your wireless LAN use the WDS device (either an access point or a switch configured as the WDS device) to provide fast, secure roaming for client devices and to participate in radio management. If you use a switch as the WDS device, the switch must be equipped with a Wireless LAN Services Module (WLSM). An access point configured as the WDS device supports up to 60 participating access points. A WLSM-equipped switch supports up to 300 participating access points.

Fast, secure roaming provides rapid reauthentication when a client device roams from one access point to another, preventing delays in voice and other time-sensitive applications.

Access points participating in radio management forward information about the radio environment (such as possible rogue access points and client associations and disassociations) to the WDS device. The WDS device aggregates the information and forwards it to a wireless LAN solution engine (WLSE) device on your network.

Role of the WDS Device

The WDS device performs several tasks on your wireless LAN:

Advertises its WDS capability and participates in electing the best WDS device for your wireless LAN. When you configure your wireless LAN for WDS, you set up one device as the main WDS candidate and one or more additional devices as backup WDS candidates. If the main WDS device goes off line, one of the backup WDS devices takes its place.

Authenticates all access points in the subnet and establishes a secure communication channel with each of them.

Collects radio data from access points in the subnet, aggregates the data, and forwards it to the WLSE device on your network.

Registers all client devices in the subnet, establishes session keys for them, and caches their security credentials. When a client roams to another access point, the WDS device forwards the client's security credentials to the new access point.

Participating Access Points Supported by WDS Devices

Access point that also serves client devices


Access point with radio interfaces disabled


WLSM-equipped switch


Role of Access Points Using the WDS Device

The access points on your wireless LAN interact with the WDS device in these activities:

Discover and track the current WDS device and relay WDS advertisements to the wireless LAN.

Authenticate with the WDS device and establish a secure communication channel to the WDS device.

Register associated client devices with the WDS device.

Report radio data to the WDS device.

Here are some good getting started type docs;

Wireless Domain Services Configuration

Wireless Domain Services FAQ

What is WDS and Why Do I Need It?

Hope this helps!


carl_townshend Thu, 08/09/2007 - 03:00

so when i put in the username and password in the ap, do you have to add all of these to the WLSE ? and will ap wishing to be in the WDS need to authenticate with the WLSE first ?? i thought you could still use WDS without the WLSE??

jakew Mon, 08/20/2007 - 00:03

The username/password credentials are used to authenticate the member APs to the WDS process on the WDS master AP. The authentication is done through a RADIUS server such as ACS or the one running locally on the AP.

Like this:

Member AP <--uname/pwd-->WDS<-->RADIUS Server.

Details are here:

One "gotcha" to be aware of is that the WDS AP is also a member AP, so the AP must authenticate with the WDS process too.

carl_townshend Tue, 01/29/2008 - 06:36


when you say the other client ap's authenticate to the radius or one running on the ap? where is the authentication setup list on the wds master to add the usernames ? can this be done ? or can you not use wds without a radius/wlse device ?


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode