Cisco Systems 0L-11350-01 Understanding WDS

12-2

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-11350-01

Chapter12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wi reless Intrusion Detection

Understanding WDS

Understanding WDS

When you configure Wireless Domain Services on your network, access points on your wireless LAN

use the WDS device (either an access point, an Integrated Services Router, or a switch configured as the

WDS device) to provide fast, secure roaming for client devices and to participate in radio management.

If you use a switch as the WDS device, the switch must be equipped with a Wireless LAN Services

Module (WLSM). An access point configured as the WDS device supports up to 60 participating access

points, an Integrated Services Router (ISR) configured as the WDS devices supports up to 100

participating access points, and a WLSM-equipped switch supports up to 600 participating access points

and up to 240 mobility groups.

Note A single access point supports up to 16 mobility groups.

Fast, secure roaming provides rapid reauthentication when a client device roams from one access point

to another, preventing delays in voice and other time-sensitive applications.

Access points participating in radio management forward information about the radio environment (such

as possible rogue access points and client associations and disassociations) to the WDS device. The

WDS device aggregates the information and forwards it to a wireless LAN solution engine (WLSE)

device on your network.

The WDS device performs several tasks on your wireless LAN:

•Advertises its WDS capability and participates in electing the best WDS device for your wireless

LAN. When you configure your wireless LAN for WDS, you set up one device as the main WDS

candidate and one or more additional devices as backup WDS candidates. If the main WDS device

goes off line, one of the backup WDS devices takes its place.

•Authenticates all access points in the subnet and establishes a secure communication channel with

each of them.

•Collects radio data from access points in the subnet, aggregates the data, and forwards it to the

WLSE device on your network.

•Acts as a pass-through for all 802.1x-authenticated client devices associated to participating access

points.

•Registers all client devices in the subnet that use dynamic keying, establishes session keys for them,

and caches their security credentials. When a client roams to another access point, the WDS device

forwards the client’s security credentials to the new access point.

Table12-1 lists the number of participating access points supported by the platforms that can be

configured as a WDS device: an access point, an ISR, or a WLSM-equipped switch.

Table12-1 Participating Access Points Supported by WDS Devices

Unit Configured as WDS Device Participating Access Points Supported

Access point that also serves client devices 30

Access point with radio interfaces disabled 60