Unanswered Question
May 11th, 2010

What are the requeriments to implement "OfficeExtended", infomation more technical that "Solutions Overview -Office Extended".


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Leo Laohoo Tue, 05/11/2010 - 18:28

From the top of my head, you need the following:

1.  WLC 5508 with OfficeExtend license;
2.  1140 AP

tysonhall Wed, 05/12/2010 - 07:23

1. 5500 Series Controller--no licenses required, it's part of the base license feature.

2. 1130 or 1142 series AP's

3. or greater software version.

ricardorojas123 Wed, 05/12/2010 - 15:27


I understand the Wireless Requeriments.

My doubt is about the LAN and Security requeriments in the corporative LAN (main) and  LAN and Security in the remote office.

I need Cisco ASA in the main site ?? or Public Address in my WLC ?? or install the WLC in a DMZ zone ??

You do not need an ASA in the main office; any firewall will work.  You have to open UDP ports 5246 & 5247 in your firewall.  you do need to assign a NAT address to the controller and allow traffic on those ports from the NAT address to the private IP.

On the controller managment interface, you have to enable NAT address and enter the public IP.  There is a bug in the software that when this is enabled, the internal AP's are not able to connect to the controller.  This is not a problem if you have multiple controlers.  The work around is to only enable the NAT on the controller interface when you need the OEAP AP to join.  It is suppose to be resolved in the 7.0 release.

There is some security stuff to set up on the controller to allow only authorized AP's to connect.

Here is a link to the official Cisco config guide:

Drawing looks good.

Things to keep in mind for OEAP:

1. WLAN cannot be set up for Local Switching because the client must get an IP address from the Office network not the home network.  This menas if you have remote WAN offices using HREAP AP's, then you will need to configure multiple WLAN's.  Create AP Groups and assign the appropriate WLAN's and AP's to the groups.

2. It is not a split tunnel.  So the internet traffic does not go throught the local home connection; but instread goes back the office and out.

3. There is a bug in the current WLC that enabling the NAT will prevent the offices AP from connecting to the controller.  It is best to only enable NAT on the controller when you need an OEAP to connect.  Otherwise leave it disabled.

Sorry for the late response.  We are implementing SAP and it just got really insane around here.

jruffins_2 Wed, 11/17/2010 - 13:15

Bill, I am running ver. on a WLC 5508.  Will I have this feature on the Base License?


This Discussion