Cisco WDS Configuration

Configuring WDS is fairly straightforward, given an understanding of the concepts explained in my last post, Cisco WDS Overview.

First, configure one or multiple WDS master devices:
  1. Set the WDS client username and password (the master will authenticate itself as a client):
    wlccp ap username username password password

  2. Set the AAA method list to authenticate WDS client access points. The method list may include the local RADIUS server on the master access point, if enabled.
    wlccp authentication-server infrastructure aaa-method-list

  3. Set the AAA method list(s) to authenticate wireless clients. Multiple commands may be entered to specify different method lists depending on the authentication type used (EAP, LEAP), and SSIDs may optionally be specified under each list to restrict their application. If no SSIDs are specified under a list, then it applies to all SSIDs.
    wlccp authentication-server client { any | eap | leap } aaa-method-list
         [ ssid ssid-name ]

  4. Set the WDS master priority. The higher priority is elected as the active master. Values range from 1 - 255.
    wlccp wds priority value interface BVI1

  5. Optionally, set the wireless network management server of the WLSE:
    wlccp wnm ip address ip-address

  6. Optionally, set the WDS master to WDS only mode to prevent wireless client associations:
    wlccp wds mode wds-only

Second, configure the WDS client access points:
  1.  Set the WDS client username and password:
    wlccp ap username username password password

  2. Optionally, specify the WDS master address instead of waiting for multicast advertisements. If the specified WDS master does not respond, the WDS client reverts to listening for multicast advertisements.
    wlccp ap wds ip address ip-address

Verify WDS operation:
  •  Check the status of the WDS master, connected WDS client APs, and authenticated wireless clients (mobile nodes):
    show wlccp wds [ ap | mn ]

  • Check the status of the WDS client:
    show wlccp ap

Here is a simple WDS master configuration with two SSIDs. SSID "ccie" serves wireless clients using a central AAA server defined in the method list "eap_cisco". SSID "bridge" serves a non-root bridge using the local RADIUS server on the WDS master for authentication.

wlccp ap username wds password mysecret
wlccp authentication-server infrastructure eap_local
wlccp authentication-server client eap eap_cisco
  ssid ccie
wlccp authentication-server client leap eap_local
  ssid bridge
wlccp wds priority 250 interface BVI1
Verification of the WDS master:

Root#show dot11 associations

802.11 Client Stations on Dot11Radio0:

SSID [bridge] :

MAC Address    IP address  Device     Name    Parent State
0017.df96.0a50 11g-bridge Nonroot self   EAP-Assoc

Root#show wlccp wds ap
Nonroot  0017.df96.0a50 REGISTERED
Root     0016.c7d2.32be REGISTERED

Root#show wlccp wds mn
MAC-ADDR       IP-ADDR     Cur-AP         STATE
0017.df96.0a50 0016.c7d2.32be REGISTERED

Here is an example WDS client configuration:

wlccp ap username wds password mysecret

Verification on the WDS client:

Nonroot#show wlccp ap
WDS = 0016.c7d2.32be,
state = wlccp_ap_st_registered
IN Authenticator =
MN Authenticator =