Monitoring, Management & Location Tracking

Master WDS setup for device and rogue discovery using local radius server

Aruba Employee

Setting up a Cisco AP to be a WDS Master

The following config can be cut and pasted directly into your Telnet/SSH session to configure a Cisco AP running 12.3(7)JA1 (or 12.2(13)JA4) as a WDS master. Change the priority level to from 255 to 254 to make a backup WDS server. The !s in the document are comments in Cisco IOS, so it is possible to cut and past all the lines below into a Telnet/SSH session to configure the AP without having to manually type all the lines below.


! This next line enables the AAA settings
aaa new-model

!The next couple of lines sets up the local RADIUS server. User=wdsuser password=wdspassword
radius-server local
user wdsuser password 0 wdspassword
! The wdssecret on the next line is the shared RADIUS secret
nas 192.168.10.63 key 0 wdssecret
exit

! This next line sets up the radius AAA client on the AP. wdssecret is the shared secret
radius-server host 192.168.10.63 auth-port 1812 acct-port 1813 key 0 wdssecret

! This sets this AP up as the WDS Master
wlccp wds priority 255 interface BVI 1

! This next line sets up what group WDS should use for authentication
wlccp authentication-server infrastructure method_WDS

! This set of lines configures the WDS authentication profile
aaa group server radius WDS
server 192.168.10.63 auth-port 1812 acct-port 1813
exit
aaa authentication login method_WDS group WDS

! This line enables the AP radio(s) to act as a WDS client (this is the line thatll be on all the other client APs)
! username=wdsuser and password=wdspassword
wlccp ap username wdsuser password wdspassword

! This line sets up the WLSE as a destination point to send the rogue and other WDS info to WLSE
wlccp wnm ip address 5.1.4.99
Setting up a Cisco AP to be a WDS Master

The following config can be cut and pasted directly into your Telnet/SSH session to configure a Cisco AP running 12.3(7)JA1 (or 12.2(13)JA4) as a WDS master. Change the priority level to from 255 to 254 to make a backup WDS server. The !s in the document are comments in Cisco IOS, so it is possible to cut and past all the lines below into a Telnet/SSH session to configure the AP without having to manually type all the lines below.


! This next line enables the AAA settings
aaa new-model

!The next couple of lines sets up the local RADIUS server. User=wdsuser password=wdspassword
radius-server local
user wdsuser password 0 wdspassword
! The wdssecret on the next line is the shared RADIUS secret
nas 192.168.10.63 key 0 wdssecret
exit

! This next line sets up the radius AAA client on the AP. wdssecret is the shared secret
radius-server host 192.168.10.63 auth-port 1812 acct-port 1813 key 0 wdssecret

! This sets this AP up as the WDS Master
wlccp wds priority 255 interface BVI 1

! This next line sets up what group WDS should use for authentication
wlccp authentication-server infrastructure method_WDS

! This set of lines configures the WDS authentication profile
aaa group server radius WDS
server 192.168.10.63 auth-port 1812 acct-port 1813
exit
aaa authentication login method_WDS group WDS

! This line enables the AP radio(s) to act as a WDS client (this is the line thatll be on all the other client APs)
! username=wdsuser and password=wdspassword
wlccp ap username wdsuser password wdspassword

! This line sets up the WLSE as a destination point to send the rogue and other WDS info to WLSE
wlccp wnm ip address 5.1.4.99

Version history
Revision #:
1 of 1
Last update:
‎06-09-2014 08:57 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.