Using WDS with Windows IAS

Unanswered Question
Oct 8th, 2009
User Badges:

We have an autonomous wireless network that is using WPA/TKIP, and authenticating back to a Windows 2003 IAS Server.


We are going to be adding wireless to other offices, and are looking at implementing WDS. I have found documenation on Cisco's site regarding WDS, but none of the documents refer using WDS with IAS. Has anyone been able to implement this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Lucien Avramov Thu, 10/08/2009 - 14:07
User Badges:
  • Red, 2250 points or more

Per the doc:

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_7_JA/configuration/guide/s37auth.html



Some Microsoft IAS servers do not support the authenticate-only service-type attribute. Changing the service-type attribute to login-only ensures that Microsoft IAS servers recognize reauthentication requests from the access point. Use the dot11 aaa authentication attributes service-type login-only global configuration command to set the service-type attribute in reauthentication requests to login-only.

cnj_bucks Fri, 10/09/2009 - 07:58
User Badges:

What I don't understand is in the configuration process of WDS. When adding an access point to WDS, it mentions entering in a username and password. Do I set this username and password as a local account on the IAS server?


http://www.cisco.com/en/US/docs/wireless/access_point/12.3_7_JA/configuration/guide/s37roamg.html#wp1052310


I think I failed to mention this, but on the client side, the EAP type is PEAP that we are using. I also noticed that in order to enable 802.11N, I had to change the encryption type to WPA2/AES in order to enable the N speeds.

Peter Nugent Mon, 10/12/2009 - 08:23
User Badges:
  • Cisco Employee,

Thats the username and password to authenticate the aps to the WDS access point/device

cnj_bucks Tue, 10/13/2009 - 07:37
User Badges:

I don't know where to create that account on the WDS AP. I enabled WDS on one AP, and added the server group for RADIUS authentication. I then went to another AP, enabled it to be a part of the SWAN. On that portion of the gui, I have to put in a username and password. I don't know where to create that account on my WDS AP.

dancampb Tue, 10/13/2009 - 08:27
User Badges:
  • Cisco Employee,

You need to create a local Radius server on the WDS and add the user/pwd in there. Make sure your AAA server group and aaa auth statements for WDS infrastructure point to the local radius server.

cnj_bucks Tue, 10/13/2009 - 09:09
User Badges:

Thank you for the clarification about using a local server on the AP.


Is is possible to use WDS and have it authenticate it back to a Windows IAS server? Our current configuration is that we have several AP's that authenticate back to a IAS server. We are starting to roll out wireless to our branch offices so we thought WDS would be good for that. But now it looks as if we can't use WDS to authenticate back to our IAS servers, would that be correct?


We were hoping for a design where at each site we would have an access point set up as a WDS server which would then authenticate back to our IAS server at the corporate office.

dancampb Tue, 10/13/2009 - 09:32
User Badges:
  • Cisco Employee,

You can point the client authentications to the IAS server but not the infrastructure devices. The infrastructure devices authenticate to the WDS using LEAP which IAS doesn't support.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode