Hi all I have just set up WDS on my ap's, the ap's authenticate to the wlse. Can anyone tell me where the fast roaming authentication is done? is it done on the master WDS ap or WLSE, if not what is the WLSE actually doing for the WDS ?
Authentication transactions flow through the WDS. When you are using 802.1x/EAP authentication, the WDS acts as your authenticator and the WDS caches the master key material for fast secure roaming.
The WLSE is not in the critical control or data plane. It is in the management plane. It's interaction with the WDS is for the collection of RM data that it uses for radio resource management and rogue AP detection.
Hope this helps. Any reason you're not looking at WLAN Controllers instead of WDS?
Think of WDS as an interim step in Cisco's WLAN architectural evolution between pure autonomous APs and WLAN controllers/LWAPP (today). WDS serves two purposes, centralizing authentication and client context for a L2 subnet (this allows fast secure L2 roaming), and aggregating RRM data from APs in it's "domain". The latter is used by the WLSE for rogue AP detection and radio resource management. This is optional, not mandatory for data service and fast secure roaming. But if you want radio resource management and rogue AP detection, you need the WLSE.
I know from some previous conversations here that you have been looking at the WDS/WLSE implementation for some time now. I think that you might be well served to follow along the path that Jake and Dennis have suggested. Nobody will probably "officially" say this, but the Autonomous AP/WDS/WLSE path is soon to be "End of Life" by Cisco. Most resources are being spent in the LWAPP Unified Wireless Network direction.
The nice thing about this migration is that your investment in Autonomous Architecture is not lost. Most AP's can be converted to LWAPP AP's and some WLSE Models can be converted to become WCS (Wireless Control System). Have a look;
CiscoWorks Wireless LAN Solution Engine (WLSE) End-of-Life and End-of-Sale Notices
Cisco is encouraging our customers to migrate to the Cisco Unified Wireless Network. This paper reviews the advantages of and reasons for migrating to the Cisco Unified Wireless Network.
Customers that have deployed a legacy wireless LAN or a Cisco wireless solution using Cisco Aironet standalone (autonomous) access points, the CiscoWorks Wireless LAN Solution Engine (WLSE), and the Cisco Catalyst 6500 Series Wireless LAN Services Module (WLSM) are encouraged to migrate to the Cisco Unified Wireless Network to reap numerous benefits including ease of management, scalability, advanced feature velocity, high performance, lowered total cost of ownership, and mobility services such as VoWLAN, guest access, location services, and enhanced security.
Converting Existing CiscoWorks WLSE to Cisco WCS Licenses
CiscoWorks WLSE (Models 1130-19 or 1133) can be converted into a server that runs Cisco WCS. This allows customers of CiscoWorks WLSE to migrate to the Cisco Unified Wireless Network architecture using their existing CiscoWorks WLSE platform. CiscoWorks WLSE conversion SKUs are price-adjusted to make transitioning from CiscoWorks WLSE to Cisco WCS cost-effective.
Once converted, a CiscoWorks WLSE is no longer a self-contained appliance; it becomes a server that runs Cisco WCS software using RedHat Linux ES v. 4.0. The converted CiscoWorks WLSE operates as a brand new Cisco WCS installation and supports only lightweight access points and wireless LAN controllers that are running Lightweight Access Point Protocol (LWAPP). Stand-Alone (autonomous) access points are not supported by a converted CiscoWorks WLSE.
I currently have fielded a few dozen autonomous AP's serving locations in a metropolitan region. Functionally, only three locations have significant service requirements. Thus far, this set up provides adequate open access for guests and reasonably secure access for a few tiers of internal users. We do not foresee any pressing demand for new wireless capabilities or performance.
Although we had a WCS/dual WLC's bundled with the AP's, we did not initially turn these up.
At this point I have to consider whether to convert to WCS/WLC/LWAPP, use WCS/autonomous AP's, or proceed with open source alternatives for management and access.
I have installed WCS 5.0.x and have added autonomous AP's: it does not appear to provide much useful detail or capabilities.
By the same token, converting to WCS/WLC/LWAPP seems to involve considerable complexity, restrictions (# ssid's/vlans), and again, for the size of my network, not much added value.
On the other hand, WLSE/WDS/autonomous AP's seem much more straightforward and useful. Can a WCS usefully monitor WDS/AP's?