cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1621
Views
3
Helpful
7
Replies

Deploy OfficeExtend solition question...

aukhadiev
Level 1
Level 1

Hello,

Let it be for example the following configuration:

1) we use WISM2 for service LAP within the organization...

2) for the guest access we use WLC 5508 acting as the "anchor" controller in the enterprise DMZ for "foreign" WISM2 controller...

Suppose we want to deploy OfficeExtend solition for our teleworkers...

Can we use one and the same WLC 5508 (acting as the "anchor" controller in the enterprise DMZ for guest access) as the "foreign" remote controller for joining OfficeExtend Access Points and use the same WISM2 as "anchor" for teleworkers?

Which controller should support DTLS in this case?

I think that only 5508... In this case 5508 service LAP and WISM2 terminate EoIP tunnels only...

Or am I mistaken?

Thanks in advance...

7 Replies 7

George Stefanick
VIP Alumni
VIP Alumni

Hello Aukhadiev,

You are correct. The 5508 in the DMZ and do both roles. It can serve intrenal wireless guest and anchor their traffic in to the DMZ. AND he can also terminate officeextends. You will need to give the 5508 managments ip address an outside address OR nat it to the outside.

If you find this helpful or any post on CSC helpful please support the rating system! Thanks!

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George Stefanick
VIP Alumni
VIP Alumni

BTW -- You are correct DTLS is on the 5508 and this is where the CAPWAP tunnels get terminated. Then from the 5508 to the inside controller this is where the EoIP comes into play.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Thanks George...

And what better to choose as OfficeExtend APs -  OEAP 600 or LAP 1040, if you do not take into account the price?

And yet, as far as a bad idea to deploy OfficeExtend Solution with manufacturing installed certificates (MIC) for mutual authentication OfficeExtend APs and WLC?

We have a number of the OE600's deployed. These work nice and you dont have to convert to HREAP mode, as you do the other access point models. So it saves you time. Get a 600 from your cisco se on demo and test it out!

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George...And yet, as far as a bad idea to deploy OfficeExtend Solution with manufacturing installed certificates (MIC) for mutual authentication OfficeExtend APs and WLC?

You will want to do a mac authentication on the WLC or use a radius server. Other wise anyone can connect a OE ap to your outside intreface ... So yes, you will want some authentication in PLAY.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Vinay Sharma
Level 7
Level 7

Hello,

For More information on OEAP-600, please watch the "Community Tech-Talk Series" Cisco Office Extend Access Point OEAP-600

https://supportforums.cisco.com/community/netpro/wireless-mobility/begin-wireless/blog/2012/02/24/cisco-office-extend-access-point-oeap-600

Thanks,

Vinay Sharma

Community Manager - Wireless

Thanks & Regards
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: