Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

WDS Issues with IAS and Local Radius on a 1130 AP


I have an issue where we are using 1130 autonomous APs throughout the office (all on the same subnet) with 802.1x EAP-TLS employed and users are authenticating to IAS (Radius with back end AD). There is an application that is on wireless tablets and users are dropped when they roam from AP to AP. So we needed to configure the APs for secure roaming.

I configured WDS on one of the 1130 APs with authentication to the IAS server. As you might have guessed, the authentication failed because WDS is using LEAP and the IAS server does not recognize LEAP.

I then tried to create a local radius server on the WDS configured AP but it is interfering with AD users being able to authenticate to the IAS. Also, the other APs were not properly regisering with the WDS (kept stating that AUTH-IN-PROG).

Is there a way for me to configure the WDS to authenticate to the IAS server with EAP instead of LEAP?

If not, is there a way to configure the WDS to send AD users to the IAS server, but send the WDS authentication account to the local Radius server? I do not see an area where you can specify that the WDS account use the local Radius server and everyone else use the IAS server.




Re: WDS Issues with IAS and Local Radius on a 1130 AP

Check the options for EAP and LEAP in the WDS page. Initially make that sure all clients connecting to a access point authenticate either to WDS Local Radius or to IAS server . Then on each AP go to SSID manager under server priorities go to EAP authentication just choose only the priority 1 either the ip address of IAS or ip address Local Radius server

CreatePlease to create content