Configuring the Wireless Distribution System (WDS)
The Devicescape Enterprise-Managed AP lets you connect multiple access points using a Wireless Distribution System (WDS). WDS allows access points to communicate with one another wirelessly in a standardized way. This capability is critical in providing a seamless experience for roaming clients and for managing multiple wireless networks. It can also simplify the network infrastructure by reducing the amount of cabling required.
The following sections describe how to configure the WDS on the Devicescape Enterprise-Managed AP:
Understanding the Wireless Distribution System
A Wireless Distribution System (WDS) is an 802.11f technology that wirelessly connects access points, known as Basic Service Sets (BSS), to form what is known as an Extended Service Set (ESS).
|
Note
|
A BSS generally equates to an access point (deployed as a single-AP wireless "network"), except in cases where multi-BSSID features make a single access point look like two or more access points to the network. In such cases, the access point has multiple unique BSSIDs.
|
Using WDS to Bridge Distant Wired LANs
In an ESS, a network of multiple access points, each access point serves part of an area which is too large for a single access point to cover. You can use WDS to bridge distant Ethernets to create a single LAN. For example, suppose you have one access point which is connected to the network by Ethernet and serving multiple client stations in the Conference Room (LAN Segment 1), and another Ethernet-wired access point serving stations in the West Wing offices (LAN Segment 2). You can bridge the Conference Room and West Wing access points with a WDS link to create a single network for clients in both areas.
Using WDS to Extend the Network Beyond the Wired Coverage Area
An ESS can extend the reach of the network into areas where cabling would be difficult, costly, or inefficient.
For example, suppose you have an access point which is connected to the network by Ethernet and serving multiple client stations in one area ("East Wing" in our example) but cannot reach others which are out of range. Suppose also that it is too difficult or too costly to wire the distant area with Ethernet cabling. You can solve this problem by placing a second access point closer to second group of stations ("Poolside" in our example) and bridge the two APs with a WDS link. This extends your network wirelessly by providing an extra hop to get to distant stations.
Backup Links and Unwanted Loops in WDS Bridges
Another use for WDS bridging, the creation of backup links, is not supported in this release of the Devicescape Enterprise-Managed AP. The topic is included here to emphasize that you should not try to use WDS in this way; backup links will result in unwanted, endless loops of data traffic
If an access point provides Spanning Tree Protocol (STP), WDS can be used to configure backup paths between access points across the network. For example, between two access points you could have both a primary path via Ethernet and a secondary (backup) wireless path via a WDS link. If the Ethernet connection goes down, STP would reconfigure its map of the network and effectively fix the down network segment by activating the backup wireless path.
The Devicescape Enterprise-Managed AP does not provide STP for this release. Without STP, it is possible that both connections (paths) may be active at the same time, and result in an endless loop of traffic on the LAN.
Therefore, be sure not create loops with either WDS bridges or combinations of Wired (Ethernet) connections and WDS bridges.
For more information, see the "Do not create loops" note under Configuring WDS Settings.
Security Considerations Related to WDS Bridges
Static Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks. Both access points in a given WDS link must be configured with the same security settings. For static WEP, either a static 64-bit (40-bit secret key + 24-bit initialization vector (IV)) or 128-bit (104-bit secret key + 24-bit IV) Shared Key is specified for data encryption.
You can enable Static WEP on the WDS link (bridge). When WEP is enabled, all data exchanged between the two access points in a WDS link is encrypted using a fixed WEP key that you provide.
Static WEP is the only security mode available for the WDS link, and it does not provide effective data protection to the level of other security modes available for service to client stations. If you use WDS on a LAN intended for secure wireless traffic you are putting your network at risk. Therefore, we recommend using WDS to bridge the Guest network only for this release. Do not use WDS to bridge access points on the Internal network unless you are not concerned about the security risk for data traffic on that network.
For more information about the effectiveness of different security modes, see Configuring Security. This topic also covers use of plain text security mode for AP-to-station traffic on the Guest network, which is intended for less sensitive data traffic.
Navigating to WDS Settings
To specify the details of traffic exchange from this access point to others, navigate to the
Advanced > Wireless Distribution System tab, and update the fields as described below.
|
Note
|
The following figure shows the WDS settings page for the two-radio AP. The Administration Web page for the one-radio AP will look slightly different.
|
Configuring WDS Settings
The following notes summarize some critical guidelines regarding WDS configuration. Please read all the notes before proceeding with WDS configuration.
|
Notes
|
- The only security mode available on the WDS link is Static WEP, which is not particularly secure. Therefore, we recommend using WDS to bridge the Guest network only for this release. Do not use WDS to bridge access points on the Internal network unless you are not concerned about the security risk for data traffic on that network.
- When using WDS, be sure to configure WDS settings on both access points participating in the WDS link.
- You can have only one WDS link between any pair of access points. That is, a remote MAC address may appear only once on the WDS page for a particular access point.
- Both access points participating in a WDS link must be on the same Radio channel and using the same IEEE 802.11 mode. (See Configuring Radio Settings for information on configuring the Radio mode and channel.)
- Do not create loops with either WDS bridges or combinations of Wired (Ethernet) connections and WDS bridges. Spanning Tree Protocol (STP), which manages path redundancy and prevent unwanted loops, is not enabled for this release. Keep these rules in mind when working with WDS on this release of the Devicescape Enterprise-Managed AP:
Any two access points can be connected by only a single path; either a WDS bridge (wireless) or an Ethernet connection (wired), but not both.
Do not create "backup" links.
If you can trace more than one path between any pair of APs going through any combination of Ethernet or WDS links, you have a loop.
You can only extend or bridge either the Internal or Guest network but not both.
|
To configure WDS on this access point, describe each AP intended to receive hand-offs and send information to this AP. Each destination AP needs the following description
|
Field
|
Description
|
|
Radio
|
The Devicescape Enterprise-Managed AP is available as a one-radio or two-radio access point.
One-Radio AP:
On the one-radio version of the Devicescape Enterprise-Managed AP, this field is not included on the WDS tab.
Two-Radio AP:
For each WDS link on a two-radio AP, select Radio One or Radio Two. The rest of the settings for the link apply to the radio selected in this field. The read-only "Local Address" will change depending on which Radio you select here.
|
|
Local Address
|
Indicates the Media Access Control ( MAC) addresses for this access point.
A MAC address is a permanent, unique hardware address for any device that represents an interface to the network. The MAC address is assigned by the manufacturer. You cannot change the MAC address. It is provided here for informational purposes as a unique identifier for the access point or interface.
One-Radio AP:
On a one-radio access point, a single MAC address is shown at the top of the WDS settings page. The address shown for the one-radio AP is the MAC address for the bridge (br0). This is the address by which the AP is known externally to other networks.
Two-Radio AP:
For each WDS link on a two-radio AP, the Local Address reflects the MAC address for the Internal interface on the selected radio (Radio One on WLAN0 or Radio Two WLAN1).
|
|
Remote Address
|
Specify the MAC address of the destination access point; that is, the access point to which data will be sent or "handed-off" and from which data will be received.
|
|
Bridge with
|
The Devicescape Enterprise-Managed AP provides the capability of setting up guest and internal networks on the same access point. (See Setting up Guest Access.)
The guest network typically provides internet access but isolates guest clients from more sensitive areas of your internal network. It is common to have security disabled on the guest network to provide open access.
Alternatively, the internal network provides full access to protected information behind a firewall and requires secure logins or certificates for access.
When using WDS to link up one access point to another, you need to identify within which of these networks you want the data exchange to occur.
Specify the network to which you want to bridge this access point:
- Internal Network
- Guest Network
|
|
WEP
|
Specify whether you want Wired Equivalent Privacy ( WEP) encryption enabled for the WDS link.
Wired Equivalent Privacy ( WEP) is a data encryption protocol for 802.11 wireless networks. Both access points on the WDS link must be configured with the same security settings. For static WEP, a static 64-bit (40-bit secret key + 24-bit initialization vector (IV)) or 128-bit (104-bit secret key + 24-bit IV) Shared Key for data encryption.
|
|
Key Length
|
If WEP is enabled, specify the length of the WEP key:
|
|
Key Type
|
If WEP is enabled, specify the WEP key type:
|
|
Characters Required
|
Indicates the number of characters required in the WEP key.
The number of characters required updates automatically based on how you set Key Length and Key Type.
|
|
WEP Key
|
Enter a string of characters. If you selected "ASCII", enter any combination of 0-9, a-z, and A-Z. If you selected "HEX", enter hexadecimal digits (any combination of 0-9 and a-f or A-F). These are the RC4 encryption keys shared with the stations using the access point.
|
Example of Configuring a WDS Link
When using WDS, be sure to configure WDS settings on both access points on the WDS link.
For example, to create a WDS link between a pair of access points "MyAP1" and "MyAP2" do the following:
- Open the Administration Web pages for MyAP1, by entering the IP address for MyAP1 as a URL in the Web browser address bar in the following form:
http://IPAddressOfAccessPoint
where IPAddressOfAccessPoint is the address of MyAP1.
- Navigate to the WDS tab on MyAP1 Administration Web pages.
The MAC address for MyAP1 (the access point you are currently viewing) will show as the "Local Address" at the top of the page.
- Configure a WDS interface for data exchange with MyAP2.
Start by entering the MAC address for MyAP2 as the "Remote Address" and fill in the rest of the fields to specify the network (guest or internal), security, and so on. Save the settings (click Update).
- Navigate to the radio settings on the Administration Web pages (Advanced->Radio ) to verify or set the mode and the radio channel on which you want MyAP1 to broadcast.
Remember that the two access points participating in the link, MyAP1 and MyAP2, must be set to the same Mode and be transmitting on the same channel.
For our example, let's say we're using IEEE 802.11b Mode and broadcasting on Channel 6. (We'd choose Mode and Channel from the drop-down menus on the Radio tab.)
- Now repeat the same steps for MyAP2:
- Open Administration Web pages for MyAP2 by using MyAP2's IP address in a URL.
- Navigate to the WDS tab on MyAP2 Administration Web pages. (MyAP2's MAC address will show as the "Local Address".)
- Configure a WDS interface for data exchange with MyAP1, starting with the MAC address for MyAP1.
- Navigate to the radio settings for MyAP2 to verify that it is using the same mode and broadcasting on the same channel as MyAP1. (For our example Mode is 802.11b and the channel is 6.)
- Be sure to save the settings by clicking Update.
Updating Settings
To apply your changes, click Update.
