Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using WDS with Windows IAS

We have an autonomous wireless network that is using WPA/TKIP, and authenticating back to a Windows 2003 IAS Server.

We are going to be adding wireless to other offices, and are looking at implementing WDS. I have found documenation on Cisco's site regarding WDS, but none of the documents refer using WDS with IAS. Has anyone been able to implement this?

8 REPLIES

Re: Using WDS with Windows IAS

Per the doc:

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_7_JA/configuration/guide/s37auth.html

Some Microsoft IAS servers do not support the authenticate-only service-type attribute. Changing the service-type attribute to login-only ensures that Microsoft IAS servers recognize reauthentication requests from the access point. Use the dot11 aaa authentication attributes service-type login-only global configuration command to set the service-type attribute in reauthentication requests to login-only.

New Member

Re: Using WDS with Windows IAS

What I don't understand is in the configuration process of WDS. When adding an access point to WDS, it mentions entering in a username and password. Do I set this username and password as a local account on the IAS server?

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_7_JA/configuration/guide/s37roamg.html#wp1052310

I think I failed to mention this, but on the client side, the EAP type is PEAP that we are using. I also noticed that in order to enable 802.11N, I had to change the encryption type to WPA2/AES in order to enable the N speeds.

Cisco Employee

Re: Using WDS with Windows IAS

Thats the username and password to authenticate the aps to the WDS access point/device

New Member

Re: Using WDS with Windows IAS

I don't know where to create that account on the WDS AP. I enabled WDS on one AP, and added the server group for RADIUS authentication. I then went to another AP, enabled it to be a part of the SWAN. On that portion of the gui, I have to put in a username and password. I don't know where to create that account on my WDS AP.

Gold

Re: Using WDS with Windows IAS

You need to create a local Radius server on the WDS and add the user/pwd in there. Make sure your AAA server group and aaa auth statements for WDS infrastructure point to the local radius server.

New Member

Re: Using WDS with Windows IAS

Thank you for the clarification about using a local server on the AP.

Is is possible to use WDS and have it authenticate it back to a Windows IAS server? Our current configuration is that we have several AP's that authenticate back to a IAS server. We are starting to roll out wireless to our branch offices so we thought WDS would be good for that. But now it looks as if we can't use WDS to authenticate back to our IAS servers, would that be correct?

We were hoping for a design where at each site we would have an access point set up as a WDS server which would then authenticate back to our IAS server at the corporate office.

Gold

Re: Using WDS with Windows IAS

You can point the client authentications to the IAS server but not the infrastructure devices. The infrastructure devices authenticate to the WDS using LEAP which IAS doesn't support.

New Member

Re: Using WDS with Windows IAS

Thanks for your help. I guess leveraging our existing configuration isn't going to work then.

I'll have to re-read some of the documentation since it seems like from Figure 12-4 in the attached link made it look like our current configuration would work.

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_7_JA/configuration/guide/s37roamg.html#wp1073033

919
Views
0
Helpful
8
Replies
CreatePlease login to create content