Is it possible to secure the configuration of wds ?
I have configured two ap´s with wds. Priority is set to 200/199. So the AP with priority of 200 will be the wds master. What happens if a new ap will be installed configured with wds and priority of 255. I think this ap will be wds master. How can I prevent this ? The best way would be a passwort like the configuration of vtp. Thanks for any suggests.
Is it possible for you to manually change the priority of the new ap to be as something lesser than the current wds master priority?. If yes, then I think this would be the recommended option to sustain your existing wds master.
ScottMac is correct. I believe the the person configuring the WDS priority would also have to know the user/pass for authenticating the AP to WDS. This might be a form of security for you. Without this the AP will not be recognized by WDS.
Another way to secure WDS is to use a management VLAN (out of band management). Create a management VLAN to use to manage your APs.Configure an 802.1Q trunk to each AP and add your management VLAN over the trunks. The APs should have their management IPs in the mgmt VLAN. Make sure the management VLAN isn't tied to a SSID. Make sure to only explicitly enable the management VLAN on the switch ports or trunks you need it.
The AP-AP WDS traffic (WLCCP) will only happen on the management VLAN. Since it isn't possible to get access to your management VLAN, it isn't possible for a 3rd party to inject a new AP that could potentially take over as WDS primary.