I am setting up officeexten. jsut have a few queries regarding the setup.
I have placed the officeextend wlc in the dmz with an mgmt ip of 192.168.10.2. in the process of anchoring this to the internal wlc. Also the ip on the firewall for this interface is 192.168.10.1
1. does the mobility group need to match the same on the internal wlc ?
2. Now do i need a NAT trasnaltion on the firewall for the external WAN ip (AP primed address say 184.108.40.206) to NAT back to 192.168.10.2 ?
3. The 5508 WLC is running on ver220.127.116.11 (license level base) - will this support officeextend?
The mobility group name doesn't have to match. As long as you have 6.0 or newer, you are fine. For NAT translation, you need to NAT udp 5246 & 5247 from your public to your dmz management interface. On the ap, the primary wlc should have the wlc host name (case sensitive) and the NAT ip address that you also specify in the management interface.
Sent from my iPhone
You need to specify both udp 5246 and 5247 or else the officeextend ap will not join the wlc.
I may be reading this wrong, but your anchor DMZ is also being used for guest access, no ? If so, then a mobility group should be used on the anchor which joins the internal controllers (foreign) for guest roaming.
But I cold be reading your question wrong. Am I off base Scott?
Now that I think about it, if you want to anchor your OE ssid to a foreign WLC, it does need to be in a mob group.
The dmz wlc is only for officeextend that is anchroed back to internal wlc. I thought of the same as it should be in the same mob group but when scott said mobility group does not have to match, then i thought i was wrong !!
If you are roaming from one ap to another ap on a different wlc, then the mobility nae should be the same. But even for a dmz guest anchor for example... I never use the same mobilty group name as the internal wlc, but it works either way. So this would be the same for OfficeExtend. Since your dmz wlc is only for OfficeExtend, it really doens't matter if you put it on the same mobility group as your internal wlc. You will not be doing any intercontroller roaming anyways.
Yeah... keep us posted and also let us know what code you have on both.... don't know if you upgraded or not.
It does matter if the names are the same. The DMZ should ALWAYS be named different than an internal WLC. If the name is the same and your APs do not have primary/secondary specified your APs will attempt to join the DMZ WLC instead of the internal WLC because it will be seen as the least utilized.
I always put a different mobility group name on the DMZ WLC hosting my OEAPs.
tried this but the tunnel didnt come up until the Mobility group name was same. Once the Mobility group name was same i could mping and eping and the control and data came up so i think its a must
Thanks for the follow up. It shouldn't matter, but your testing proves otherwise. Might just be an OfficExtend thing:) Thanks for the info though.