12-29-2009 12:32 PM - edited 07-03-2021 06:23 PM
I have 6 access points and I am trying to get them to do fast roam. I also would like authentication for internal users against the Active Directory IAS server. I finally determined that I needed to configure and AP with Radius to get the APs to connect for WDS. I now have all the APs registered to the master AP for WDS.
What do I need to do next to get the rest working. I also have 2 vlans. One for public access and the other for internal.
Do I need to create a second connection to the IAS server with a shared key and does it have to be done on each AP
Do I need to setup the same SSID's on all the APs or just on one and it will propogate out?
Do the SSID's have to point to second Radius server for IAS if that is even needed.
Any help would be great.
12-29-2009 12:43 PM
Are you using a WLC? I notice you mentioned WDS and 1140 ? I dont think the 1140 can do autnomous yet ...
12-29-2009 01:02 PM
I am not that strong in the wireless area. Not sure what WLC is. I do have WDS and
it is up and running and all 5 other APs are registered to it. If there is a better way I am all ears. I am trying to get 2 wireless LANs working one private and one public. I have all the routing and ACLs working. I then need fast roaming between APs
Thanks
Todd
12-29-2009 01:11 PM
When you log into your WDS how do you do it GUI and CLI ? In either method do a show ver in the CLI or in the GUI when you log on does it say wireless lan controller ?
12-29-2009 01:15 PM
No I do not have a wireless lan controller. The client has 6 APs and
3560 switches and that is it. So I am trying to do it without WLC or ACS etc.
12-31-2009 08:04 AM
So, if you have aIOS APs set up with a WDS, then to successfully achieve Fast Secure Roaming (FSR), here are the bits you need:
aIOS WDS supports the following FSR flavors:
Now, the next trick is to find out what FSR method(s) if any your clients support, and make them do that. This depends on your clients. For example:
Some day, I suppose everyone will support the IEEE 802.11r "FT" standard, and all this mishegoss will be a thing of the past.
Cheers,
Aaron
12-31-2009 08:11 AM
Thank you for ther reply, I got it working yesterday.
Here was the solution.
I had to create a Radius server on one of the APs and point it at itself. Then I created user accounts for each ap and added them on the AP radius server using LEAP. I created the user accounts on the other APs and enabled SWAN. That at a high level allowed me to get all the APs registered on the WDS server. Seems IAS doesn't support LEAP. I also had to create a server group for infrastructure. One key in the Cisco do that I missed is the radius server need 1812 and 1823 ports not the usual.
Once that was working, I had to create a new server group for the clients and then tied it to my SSIDs. Then create a radius user on the IAS server so that the WDS server could connect. I then had a radius ploicy and set the clients to use EAP and CHAP v2 and they were able to login and authenticate against the Active Directory and roaming worked.
I know this is a high level, but let me know if you need any details. guess the Wireless Lan server would have been easier.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide