Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

officeextend

hi,

I am setting up officeexten. jsut have a few queries regarding the setup.

I have placed the officeextend wlc in the dmz with an mgmt ip of 192.168.10.2. in the process of anchoring this to the internal wlc. Also the ip on the firewall for this interface is 192.168.10.1

1. does the mobility group need to match the same on the internal wlc ?

2. Now do i need a NAT trasnaltion on the firewall for the external WAN ip (AP primed address say 66.10.10.10) to NAT back to 192.168.10.2 ?

3. The 5508 WLC is running on ver6.0.199.4 (license level base) - will this support officeextend?


Thanks

14 REPLIES
Hall of Fame Super Silver

Re: officeextend

The mobility group name doesn't have to match. As long as you have 6.0 or newer, you are fine. For NAT translation, you need to NAT udp 5246 & 5247 from your public to your dmz management interface. On the ap, the primary wlc should have the wlc host name (case sensitive) and the NAT ip address that you also specify in the management interface.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
Community Member

Re: officeextend

Thanks Scott,

Can i NAT ip or do i sepcifically need to tie down to port 5246 and 5247?

Thanks

Hall of Fame Super Silver

Re: officeextend

You need to specify both udp 5246 and 5247 or else the officeextend ap will not join the wlc.

-Scott
*** Please rate helpful posts ***
Community Member

Re: officeextend

Thanks again scott:) i will try this and update you on how it went

Re: officeextend

I may be reading this wrong, but your anchor DMZ is also being used for guest access, no ? If so, then a mobility group should be used on the anchor which joins the internal controllers (foreign) for guest roaming.

But I cold be reading your question wrong. Am I off base Scott?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Re: officeextend

Now that I think about it, if you want to anchor your OE ssid to a foreign WLC, it does need to be in a mob group.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Community Member

officeextend

The dmz wlc is only for officeextend that is anchroed back to internal wlc. I thought of the same as it should be in the same mob group but when scott said mobility group does not have to match, then i thought i was wrong !!

Hall of Fame Super Silver

officeextend

If you are roaming from one ap to another ap on a different wlc, then the mobility nae should be the same.  But even for a dmz guest anchor for example... I never use the same mobilty group name as the internal wlc, but it works either way.  So this would be the same for OfficeExtend.  Since your dmz wlc is only for OfficeExtend, it really doens't matter if you put it on the same mobility group as your internal wlc.  You will not be doing any intercontroller roaming anyways. 

-Scott
*** Please rate helpful posts ***
Community Member

officeextend

oh ok i will try this on Monday and see how it goes (with same mobilty name and with different ones)

Hall of Fame Super Silver

officeextend

Yeah... keep us posted and also let us know what code you have on both.... don't know if you upgraded or not.

-Scott
*** Please rate helpful posts ***
Silver

officeextend

It does matter if the names are the same. The DMZ should ALWAYS be named different than an internal WLC. If the name is the same and your APs do not have primary/secondary specified your APs will attempt to join the DMZ WLC instead of the internal WLC because it will be seen as the least utilized.

I always put a different mobility group name on the DMZ WLC hosting my OEAPs.

Hall of Fame Super Silver

officeextend

I  agree.... I keep it different, but others like to keep it the same.

-Scott
*** Please rate helpful posts ***
Community Member

officeextend

tried this but the tunnel didnt come up until the Mobility group name was same. Once the Mobility group name was same i could mping and eping and the control and data came up so i think its a must

Thanks

Hall of Fame Super Silver

officeextend

Thanks for the follow up.  It shouldn't matter, but your testing proves otherwise.  Might just be an OfficExtend thing:)  Thanks for the info though.

-Scott
*** Please rate helpful posts ***
541
Views
0
Helpful
14
Replies
CreatePlease to create content