Deploy OfficeExtend solition question...

Unanswered Question
Sep 22nd, 2011

Hello,

Let it be for example the following configuration:

1) we use WISM2 for service LAP within the organization...

2) for the guest access we use WLC 5508 acting as the "anchor" controller in the enterprise DMZ for "foreign" WISM2 controller...

Suppose we want to deploy OfficeExtend solition for our teleworkers...

Can we use one and the same WLC 5508 (acting as the "anchor" controller in the enterprise DMZ for guest access) as the "foreign" remote controller for joining OfficeExtend Access Points and use the same WISM2 as "anchor" for teleworkers?

Which controller should support DTLS in this case?

I think that only 5508... In this case 5508 service LAP and WISM2 terminate EoIP tunnels only...

Or am I mistaken?

Thanks in advance...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
George Stefanick Thu, 09/22/2011 - 07:36

Hello Aukhadiev,

You are correct. The 5508 in the DMZ and do both roles. It can serve intrenal wireless guest and anchor their traffic in to the DMZ. AND he can also terminate officeextends. You will need to give the 5508 managments ip address an outside address OR nat it to the outside.

If you find this helpful or any post on CSC helpful please support the rating system! Thanks!

George Stefanick Thu, 09/22/2011 - 07:37

BTW -- You are correct DTLS is on the 5508 and this is where the CAPWAP tunnels get terminated. Then from the 5508 to the inside controller this is where the EoIP comes into play.

aukhadiev Thu, 09/22/2011 - 08:52

Thanks George...

And what better to choose as OfficeExtend APs -  OEAP 600 or LAP 1040, if you do not take into account the price?

And yet, as far as a bad idea to deploy OfficeExtend Solution with manufacturing installed certificates (MIC) for mutual authentication OfficeExtend APs and WLC?

George Stefanick Thu, 09/22/2011 - 09:06

We have a number of the OE600's deployed. These work nice and you dont have to convert to HREAP mode, as you do the other access point models. So it saves you time. Get a 600 from your cisco se on demo and test it out!

aukhadiev Thu, 09/22/2011 - 09:08

George...And yet, as far as a bad idea to deploy OfficeExtend Solution with manufacturing installed certificates (MIC) for mutual authentication OfficeExtend APs and WLC?

George Stefanick Thu, 09/22/2011 - 09:31

You will want to do a mac authentication on the WLC or use a radius server. Other wise anyone can connect a OE ap to your outside intreface ... So yes, you will want some authentication in PLAY.

Vinay Sharma Sat, 03/31/2012 - 21:18

Hello,

For More information on OEAP-600, please watch the "Community Tech-Talk Series" Cisco Office Extend Access Point OEAP-600

https://supportforums.cisco.com/community/netpro/wireless-mobility/begin-wireless/blog/2012/02/24/cisco-office-extend-access-point-oeap-600

Thanks,

Vinay Sharma

Community Manager - Wireless

Actions

Login or Register to take actions

This Discussion

Posted September 22, 2011 at 5:19 AM
Updated September 22, 2011 at 5:27 AM
Stats:
Replies:7 Overall Rating:3
Views:1115 Votes:0
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1
Scott Fella
5,205
2
rob.huffman
2,211
3
Leo Laohoo
2,190
4
Stephen Rodriguez
1,695
5
George Stefanick
1,511
Rank Username Points
Freerk Terpstra
39
Leo Laohoo
38
Manannalage ras...
35
George Stefanick
35
Scott Fella
25

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode