Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
0
Helpful
1
Replies

WDS Issues with IAS and Local Radius on a 1130 AP

mcboda111
Level 1
Level 1

‎11-02-2007 05:38 AM - edited ‎07-03-2021 02:52 PM

Hello,

I have an issue where we are using 1130 autonomous APs throughout the office (all on the same subnet) with 802.1x EAP-TLS employed and users are authenticating to IAS (Radius with back end AD). There is an application that is on wireless tablets and users are dropped when they roam from AP to AP. So we needed to configure the APs for secure roaming.

I configured WDS on one of the 1130 APs with authentication to the IAS server. As you might have guessed, the authentication failed because WDS is using LEAP and the IAS server does not recognize LEAP.

I then tried to create a local radius server on the WDS configured AP but it is interfering with AD users being able to authenticate to the IAS. Also, the other APs were not properly regisering with the WDS (kept stating that AUTH-IN-PROG).

Is there a way for me to configure the WDS to authenticate to the IAS server with EAP instead of LEAP?

If not, is there a way to configure the WDS to send AD users to the IAS server, but send the WDS authentication account to the local Radius server? I do not see an area where you can specify that the WDS account use the local Radius server and everyone else use the IAS server.

Thanks,

Brian

Labels:
0 Helpful
1 Reply 1

irisrios
Level 6
Level 6

‎11-07-2007 12:47 PM

Check the options for EAP and LEAP in the WDS page. Initially make that sure all clients connecting to a access point authenticate either to WDS Local Radius or to IAS server . Then on each AP go to SSID manager under server priorities go to EAP authentication just choose only the priority 1 either the ip address of IAS or ip address Local Radius server

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card