We have an Wireless implementation with Aironet 1240 and 1200 AP's. The security is done with WEPkey 128bits, and Mac-Authentication against an Central ACS Server, but I've a problem with the timing of authentication. Every time we roaming from on AP to another, the authentication is going again to the Central ACS. Is there a possibility of keeping the authentication even when roaming? do you have any example of configs? I guess the possibility is Fast Secure Roaming, but could you help me out?
You are right in thinking that using a WDS in conjunction with Fast Secure Roaming is probably the best way to go. Here are some startup docs;
Configuring WDS, Fast Secure Roaming, and Radio Management
When you configure Wireless Domain Services on your network, access points on your wireless LAN use the WDS device (either an access point or a switch configured as the WDS device) to provide fast, secure roaming for client devices and to participate in radio management. If you use a switch as the WDS device, the switch must be equipped with a Wireless LAN Services Module (WLSM). An access point configured as the WDS device supports up to 60 participating access points. A WLSM-equipped switch supports up to 300 participating access points.
Fast, secure roaming provides rapid reauthentication when a client device roams from one access point to another, preventing delays in voice and other time-sensitive applications.
Access points participating in radio management forward information about the radio environment (such as possible rogue access points and client associations and disassociations) to the WDS device. The WDS device aggregates the information and forwards it to a wireless LAN solution engine (WLSE) device on your network.
Role of the WDS Device
The WDS device performs several tasks on your wireless LAN:
Advertises its WDS capability and participates in electing the best WDS device for your wireless LAN. When you configure your wireless LAN for WDS, you set up one device as the main WDS candidate and one or more additional devices as backup WDS candidates. If the main WDS device goes off line, one of the backup WDS devices takes its place.
Authenticates all access points in the subnet and establishes a secure communication channel with each of them.
Collects radio data from access points in the subnet, aggregates the data, and forwards it to the WLSE device on your network.
Registers all client devices in the subnet, establishes session keys for them, and caches their security credentials. When a client roams to another access point, the WDS device forwards the client's security credentials to the new access point.
Participating Access Points Supported by WDS Devices
Access point that also serves client devices
Access point with radio interfaces disabled
Role of Access Points Using the WDS Device
The access points on your wireless LAN interact with the WDS device in these activities:
Discover and track the current WDS device and relay WDS advertisements to the wireless LAN.
Authenticate with the WDS device and establish a secure communication channel to the WDS device.
Register associated client devices with the WDS device.
Q. What is the role of Wireless LAN Solution Engine (WLSE) in a WDS-enabled wireless LAN (WLAN) network?
A. APs and, optionally, Cisco client devices or Cisco-compatible client devices take radio frequency (RF) measurements within a single subnetwork. Cisco SWAN WDS aggregates the measurements and forwards the measurements to CiscoWorks WLSE for analysis. With these measurements as a basis, CiscoWorks WLSE can:
Detect rogue APs and interference from other devices
Provide assisted site surveys
Support WLAN self-healing for optimal channel and power-level setting
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...