|
Wireless Domain Services for IEEE 802.1X Local Authentication Service and Fast Secure Roaming Support
Dec 10,2006 00:00
by
admin
Wireless domain services (WDS) is another new offering from Cisco that is part of their wireless-aware framework. WDS is basically a batch of Cisco IOS software features that help enhance client mobility in the WLAN and simplify the WLAN deployment and management. All Cisco APs in a subnet register themselves with the WDS and work together to monitor the WLAN. Some of the features offered as part of this are rogue AP detection, interference detection, and assisted site surveys. Each of these features are discussed in the next section, but first, let’s cover a couple of additional feature sets provided by the WDS—fast secure roaming and IEEE 802.1X local authentication. Fast secure roaming is a new feature that Cisco has included as part of the WDS.Typically in a WLAN, switching between wireless APs requires either a configuration change on the client side or a long delay in communication as the client is authenticated with the new AP. Fast, secure roaming eliminates this configuration change or delay by allowing Cisco wireless client adapters or Cisco compatible client adapters to quickly switch between APs on the same subnet.The delay in switching between APs has been narrowed down to less than 150ms. Though it is not yet available, Cisco is also working on introducing the same fast secure roaming features when going between subnets.This feature will be released with or soon after Cisco’s release of wireless-aware LAN features for Cisco switches and routers. Roaming is covered in more detail in Chapter 3 of this book. Another feature of the WDS is IEEE 802.1X local authentication.With this feature, Cisco Aironet APs can be configured to act as a local Remote Authentication Dial-In User Service (RADIUS) server. Using an AP as a RADIUS server in this manner allows clients to authenticate to the WLAN even when the Cisco Secure Access Control Server (ACS) is unavailable. Using RADIUS, the end user is able to authenticate and gain access to normal network resources such as file shares or shared printers. The RADIUS authentication features of Cisco Aironet APs can be configured and managed through the Cisco WLSE software. From this central point of management, you can configure the APs to act as RADIUS servers and manage RADIUS accounts. Keep in mind that if an AP is configured to act as a RADIUS server, it still provides functionality as an AP.These features are in no way mutually exclusive. |