12-9
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services
Configuring WDS
Step12 Configure the list of servers to be used for 802.1x authentication for wireless client devices. You can
specify a separate list for clients using a certain type of authentication, such as EAP, LEAP, other EAP
types, or MAC-based, or specify a list for client devices using any type of authentication. Enter a group
name for the server or servers in the Server Group Name field.
The LEAP Authentication check box is present specifically for the Cisco clients identified below:
•Cisco 7920, 7921, and 7925 phones using LEAP
•Autonomous APs configured as wireless clients (workgroup bridge or non-root bridge) and using
LEAP authentication
Unchecking the LEAP authentication check box prevents these client devices from authenticating to the
wireless network using LEAP and the WDS service. The clients can connect using any other form of
EAP authentication if the EAP option is selected. However, this does not prevent other client cards or
supplicant combinations from connecting, because these clients use the 802.1X standard for all form of
EAP authentications, including LEAP. This information does not apply to non-Cisco clients.
Step13 Select the primary server from the Priority 1 drop-down list. (If a server that you need to add to the group
does not appear in the Priority drop-down lists, click Define Servers to browse to the Server Manager
page. Configure the server there, and then return to the WDS Server Groups page.)
Step14 (Optional) Select backup servers from the Priority 2 and 3 drop-down lists.
Step15 (Optional) Select Restrict SSIDs to limit use of the server group to client devices using specific SSIDs.
Enter an SSID in the SSID field and click Add. To remove an SSID, highlight it in the SSID list and
click Remove.
Step16 Click Apply.
Step17 Configure the WDS access point for EAP authentication. See Chapter11, “Configuring Authentication
Types ,” for instructions on configuring EAP.
Note This authentication uses LEAP by default. Infrastructure access points using the WDS service need to
be authenticated through the WDS device. If your WDS access point serves client devices, follow the
instructions in the “Configuring Access Points to use the WDS Device” section on page12-10 to
configure the WDS access point to use the WDS.
CLI Configuration Example
This example shows the CLI commands that are equivalent to the steps listed in the “Configuring Access
Points as Potential WDS Devices” section on page12-7:
AP# configure terminal
AP(config)# aaa new-model
AP(config)# wlccp wds priority 200 interface bvi1
AP(config)# wlccp authentication-server infrastructure infra_devices
AP(config)# wlccp authentication-server client any client_devices
AP(config-wlccp-auth)# ssid fred
AP(config-wlccp-auth)# ssid ginger
AP(config)# end
In this example, infrastructure devices are authenticated using server group infra_devices; client devices
using SSIDs fred or ginger are authenticated using server group client_devices. If you do not specify the
SSID list, all SSIDs are included.