Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
3
Replies

Wireless Security with ACS

jorge.s
Level 1
Level 1

‎12-14-2006 05:10 AM - edited ‎07-03-2021 01:22 PM

Hi,

We have an Wireless implementation with Aironet 1240 and 1200 AP's. The security is done with WEPkey 128bits, and Mac-Authentication against an Central ACS Server, but I've a problem with the timing of authentication. Every time we roaming from on AP to another, the authentication is going again to the Central ACS. Is there a possibility of keeping the authentication even when roaming? do you have any example of configs? I guess the possibility is Fast Secure Roaming, but could you help me out?

Best Regards,

Jorge Sousa

Labels:
0 Helpful
3 Replies 3

Rob Huffman
Hall of Fame
Hall of Fame

‎12-14-2006 09:38 AM

Hi Jorge,

You are right in thinking that using a WDS in conjunction with Fast Secure Roaming is probably the best way to go. Here are some startup docs;

Configuring WDS, Fast Secure Roaming, and Radio Management

Understanding WDS

When you configure Wireless Domain Services on your network, access points on your wireless LAN use the WDS device (either an access point or a switch configured as the WDS device) to provide fast, secure roaming for client devices and to participate in radio management. If you use a switch as the WDS device, the switch must be equipped with a Wireless LAN Services Module (WLSM). An access point configured as the WDS device supports up to 60 participating access points. A WLSM-equipped switch supports up to 300 participating access points.

Fast, secure roaming provides rapid reauthentication when a client device roams from one access point to another, preventing delays in voice and other time-sensitive applications.

Access points participating in radio management forward information about the radio environment (such as possible rogue access points and client associations and disassociations) to the WDS device. The WDS device aggregates the information and forwards it to a wireless LAN solution engine (WLSE) device on your network.

Role of the WDS Device

The WDS device performs several tasks on your wireless LAN:

Advertises its WDS capability and participates in electing the best WDS device for your wireless LAN. When you configure your wireless LAN for WDS, you set up one device as the main WDS candidate and one or more additional devices as backup WDS candidates. If the main WDS device goes off line, one of the backup WDS devices takes its place.

Authenticates all access points in the subnet and establishes a secure communication channel with each of them.

Collects radio data from access points in the subnet, aggregates the data, and forwards it to the WLSE device on your network.

Registers all client devices in the subnet, establishes session keys for them, and caches their security credentials. When a client roams to another access point, the WDS device forwards the client's security credentials to the new access point.

Participating Access Points Supported by WDS Devices

Access point that also serves client devices

30AP's

Access point with radio interfaces disabled

60AP's

WLSM-equipped switch

300AP's

Role of Access Points Using the WDS Device

The access points on your wireless LAN interact with the WDS device in these activities:

Discover and track the current WDS device and relay WDS advertisements to the wireless LAN.

Authenticate with the WDS device and establish a secure communication channel to the WDS device.

Register associated client devices with the WDS device.

Report radio data to the WDS device.

From this good doc;

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080341d2d.html#wp1035881

Wireless Domain Services Configuration

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml

Wireless Domain Services FAQ

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00804d4421.shtml

What is WDS and Why Do I Need It?

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/products_user_guide_chapter09186a008036524e.html#wp1617750

Hope this helps!

Rob

0 Helpful

jorge.s
Level 1
Level 1
In response to Rob Huffman

‎12-15-2006 01:47 AM

Do we really need to have WLSE?

0 Helpful

Rob Huffman
Hall of Fame
Hall of Fame
In response to jorge.s

‎12-15-2006 10:32 AM

Hi Jorge,

The WLSE is not a must, it is optional :)

http://cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a0080606d5a.html#wp1051848

Q. What is the role of Wireless LAN Solution Engine (WLSE) in a WDS-enabled wireless LAN (WLAN) network?

A. APs and, optionally, Cisco client devices or Cisco-compatible client devices take radio frequency (RF) measurements within a single subnetwork. Cisco SWAN WDS aggregates the measurements and forwards the measurements to CiscoWorks WLSE for analysis. With these measurements as a basis, CiscoWorks WLSE can:

Detect rogue APs and interference from other devices

Provide assisted site surveys

Support WLAN self-healing for optimal channel and power-level setting

Hope this helps!

Rob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card