Deploy OfficeExtend solition question...

Unanswered Question
Sep 22nd, 2011

Hello,

Let it be for example the following configuration:

1) we use WISM2 for service LAP within the organization...

2) for the guest access we use WLC 5508 acting as the "anchor" controller in the enterprise DMZ for "foreign" WISM2 controller...

Suppose we want to deploy OfficeExtend solition for our teleworkers...

Can we use one and the same WLC 5508 (acting as the "anchor" controller in the enterprise DMZ for guest access) as the "foreign" remote controller for joining OfficeExtend Access Points and use the same WISM2 as "anchor" for teleworkers?

Which controller should support DTLS in this case?

I think that only 5508... In this case 5508 service LAP and WISM2 terminate EoIP tunnels only...

Or am I mistaken?

Thanks in advance...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 3 (1 ratings)
George Stefanick Thu, 09/22/2011 - 07:36

Hello Aukhadiev,

You are correct. The 5508 in the DMZ and do both roles. It can serve intrenal wireless guest and anchor their traffic in to the DMZ. AND he can also terminate officeextends. You will need to give the 5508 managments ip address an outside address OR nat it to the outside.

If you find this helpful or any post on CSC helpful please support the rating system! Thanks!

George Stefanick Thu, 09/22/2011 - 07:37

BTW -- You are correct DTLS is on the 5508 and this is where the CAPWAP tunnels get terminated. Then from the 5508 to the inside controller this is where the EoIP comes into play.

aukhadiev Thu, 09/22/2011 - 08:52

Thanks George...

And what better to choose as OfficeExtend APs -  OEAP 600 or LAP 1040, if you do not take into account the price?

And yet, as far as a bad idea to deploy OfficeExtend Solution with manufacturing installed certificates (MIC) for mutual authentication OfficeExtend APs and WLC?

George Stefanick Thu, 09/22/2011 - 09:06

We have a number of the OE600's deployed. These work nice and you dont have to convert to HREAP mode, as you do the other access point models. So it saves you time. Get a 600 from your cisco se on demo and test it out!

aukhadiev Thu, 09/22/2011 - 09:08

George...And yet, as far as a bad idea to deploy OfficeExtend Solution with manufacturing installed certificates (MIC) for mutual authentication OfficeExtend APs and WLC?

George Stefanick Thu, 09/22/2011 - 09:31

You will want to do a mac authentication on the WLC or use a radius server. Other wise anyone can connect a OE ap to your outside intreface ... So yes, you will want some authentication in PLAY.

Actions

Login or Register to take actions

This Discussion

Posted September 22, 2011 at 5:19 AM
Stats:
Replies:7 Avg. Rating:3
Views:1113 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard