We recently bought WLSE 2.5. I would like to implement WDS for RF scanning (rouge access-point detection). One of the prequists of WDS is LEAP (please correct me if i am wrong). Do we have to BUY a Cisco ACS server. I was under the impression that i could use the RADIUS services built into the windows 2000 server. will that work? anyother way to get round buying a ACS server? My budget is limited, so i am looking for alternatives.
ALSO, i have heard that LEAP does not work with non-cisco client adapter cards? many companies like dell and IBM have come out with drivers that let their inbuilt wirelss cards support LEAP. Any suggestions?
You are right, LEAP is needed to enable WDS. Here is the reason :
WDS needs to talk to all the AP in the Wireless Domain. In order to do so, we establish a secured connection beetwen APs and WDS. For that we are using the LEAP supplicant available in the AP.
This does not impact the client kind of authentication. A client end-device can still use any EAP authentication (with the corresponding RADIUS).
So in order to establish the WDS architecture (called SWAN) we need LEAP but only for the infra. Not the client.
To enable LEAP authentication you need a LEAP compliant RADIUS. However the aironet AP-1100 or 1200 supports an embedded LEAP RADIUS mini-server. This mini-server can be used for the infra authentication.
So with Cisco Aironet AP + WLSE you have all the feature for eanbling the SWAN architecture.
Using an external ACS can be a good idea for large WLAN network, for perf reason.
WDS Infrastructure authentication uses LEAP. So you are correct on it. However, there are two things to be corrected/noted based on your description.
1) LEAP requires a radius server. Cisco ACS is certainly a good candidate. However, the IOS AP1200/1100 themselves can be configured as a radius server, i.e. a radius server on IOS AP. Here is the config example. Refer to the "LEAP Authentication with Local RADIUS Server" link.
2) You are also correct that nonCisco client adapters do not support LEAP. However, in case of WDS, only the APs are doing LEAP authtication, no clients are involved. Do not confuse the client authentication with infrastructure authentication. These are the two different authentication going independently.
Thanks a ton for all the useful info. I have a question pertaining the posts. If I want to use LEAP for client authentication and AP authentication as well, can you just use the MINI radius server built into the 1100 and 1200 series cisco aironet access points or would i necessaryly would have to buy an ACS server.
one of my other clients only pesently has 10 access points and would like to use RF scanning feature of WLSE for rouge access point detection and would not like to spend money in purchasing ACS as he only has 10 access-points and 30 users, would it be possible?
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...