Cisco Systems 0L-11350-01

12-13

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-11350-01

Chapter12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

Configuring WDS

Step14 Configure the list of servers to be used for 802.1x authentication for client devices. You can specify a

separate list for clients using a certain type of authentication, such as EAP, LEAP, PEAP, or

MAC-based, or specify a list for client devices using any type of authentication. Enter a group name for

the server or servers in the Server Group Name field.

The LEAP Authentication checkbox is present specifically for the Cisco clients identified below:

•Cisco Aironet 350 series cards using LEAP and EAP-FAST

•Cisco 7920, 7921, and 7925 phones using LEAP, EAP-FAST, PEAP, & EAP-TLS

•ADU using LEAP

Unchecking the LEAP Authentication checkbox prevents these client devices from connecting to a

wireless network, but does not prevent other client cards or supplicant combinations from connecting

because these clients use network-EAP for authentication under the various EAP types identified above.

All other clients use the 802.1x standard for open authentication.

The information above does not apply to non-Cisco clients.

Step15 Select the primary server from the Priority 1 drop-down menu. (If a server that you need to add to the

group does not appear in the Priority drop-down menus, click Define Servers to browse to the Server

Manager page. Configure the server there, and then return to the WDS Server Groups page.)

Step16 (Optional) Select backup servers from the Priority 2 and 3 drop-down menus.

Step17 (Optional) Select Restrict SSIDs to limit use of the server group to client devices using specific SSIDs.

Enter an SSID in the SSID field and click Add. To remove an SSID, highlight it in the SSID list and

click Remove.

Step18 Click Apply.

Step19 Configure the WDS access point for LEAP authentication. See Chapter11, “Configuring Authentication

Types ,” for instructions on configuring LEAP.

Note If your WDS access point serves client devices, follow the instructions in the “Configuring Access Points

to use the WDS Device” section on page12-14 to configure the WDS access point to use the WDS.

CLI Configuration Example

This example shows the CLI commands that are equivalent to the steps listed in the “Configuring Access

Points as Potential WDS Devices” section on page12-9:

AP# configure terminal

AP(config)# aaa new-model

AP(config)# wlccp wds priority 200 interface bvi1

AP(config)# wlccp authentication-server infrastructure infra_devices

AP(config)# wlccp authentication-server client any client_devices

AP(config-wlccp-auth)# ssid fred

AP(config-wlccp-auth)# ssid ginger

AP(config)# end

In this example, infrastructure devices are authenticated using server group infra_devices; client devices

using SSIDs fred or ginger are authenticated using server group client_devices.

For complete descriptions of the commands used in this example, consult the Cisco IOS Command

Reference for Cisco Aironet Access Points and Bridges.