Aironet 600 OEAP

Similar Messages

• OfficeExtend with Aironet 600

  Hello,
  I need information about the Aironet 600 access point.
  I got a customer who want to deploy a guest WLAN on branch office with an authentication with a  captive portal that is centralized. I would like to use the OfficeExtend functionnality with Aironet 600 Acces point & WLC 5508 or 2504 to centralize the traffic from all access points on the controller.
  On those branch offices, there were a few "free access desktops" that need a copper link. I want those devices to be also authenticated by captive portal, so I want to connect them on the four 10/100 port of the access point. But it seems that we can only use one port as "corporate remote LAN", the threee others are just for "home LAN". Is it correct ?
  Is there any solution to configure the four ports as remote LAN interface ?
  Thanks a lot for your help

  Hi, I'd actually go after HREAP instead of Office Extend.  OE is designed for a home user, so you can plug in a phone, or one machine.
  HREAP will give you centralized wireless for the guest with the webauth page, and can drop the local traffic to the wire as well.
  For the wired guest, I would recommend using 802.1x with fallback to guest.  Look here
  http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_8021x.html
  This allows the port to be put in a "Guest VLAN" that you can then direct to a authpage.  This would require a tertiary device for the wired guests.
  it may be more than you are really looking for, but IMO is the best answer to the situation.
  HTH,
  Steve

• Aironet 600 Series Access Points

  Hello all.
  I am wanting to setup a wireless environment in my small chuch (obviously on a small budget ) and I was thinking about using 8 Aironet 600 APs with a 2504 controller.  Does anyone see any problem with that?  I am not looking to setup a secure tunnel/VPN anywhere, I just want wifi to be available for anyone on enterprise level equipment throughout the facility.
  Thank you.
  Jay               

  The AP 600's are for OfficeExtend and will not work for you. I would look at the AP 1602 or the lower end AP 702. Those will work for you.
  http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps12555/data_sheet_c78-715702.html
  http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps12968/data_sheet_c78-726725.html
  Sent from Cisco Technical Support iPhone App

• Aironet 600 with Mac Filtering and a switch..

  How does the Aironet 600 handle Mac Filtering if I were to connect a switch to port 4 on the back ("Secured" network port). Does it authenticate each MAC or does it do somthing similar to how 802.1x with multi-host works, the first mac authenticates and then the port's wide open? My use-case here is a printer at a remote home-office. The printer doesn't have a supplicant in it so I need to use mac filtering. Thanks.

  MAC authentication is all I use for my OutStationed workers.  No wifi, just the rlan.  Since the rlan is configured for DHCP only, no IP gets passed until MAC auth occurs.
  When Cisco packaged this up, they said 4 is enough..  IF you use an un-managed (non-cisco) switch. 
  I had a need for 2 workstations and 2 digiports..  SOP sys a managed switch..  oops.  the switch consumed 2 MAC's right off the top.. 1 for itself and 1 for each vlan.
  After enablilng 2 rlans, and configuring a pair on different networks, we discovered that they were bridged in the 602 (or somewhere).
  We ended up switching out the 602 for an ASA5505

• Aironet 600 AP interruptions

  Hi All,
  Fairly new to the Office-Extend arena, but I have two Air602 OEAP units for testing. Overall functionality is great but I do have one slight annoyance.
  While i'm connected to the "Corp" ssid, the one pushed from my WLC, it will occasionally drop my connection. My Wireless NIC will sit there and sent ARP broadcasts and get no response, this lasts for about 30-60 seconds and then everything will reconnect like nothing happened.
  This is only an issue on my Office Extend AP, my LWAPP in the office dont do this to me. I have verified that the problem is not linked to just my PC. I have another laptop that I tried at home and got the same behviour.
  I did a packet capture during the "silent" period and i see my wireless adapter sending packets, but getting no responses. The controller doesn't see the Ap disconnecting nor do my clients disassociate or see the SSID disappear.
  I've verified it's not my internet connection at my home because I had a client on the "local" SSID on the AP as well as the "Corp" SSID, the corp ssid client lost connection while the local SSID client maintained internet access without any interruption.
  My 5508 WLC is on my "internal" network behind an ASA running 8.4(3). I thought maybe the firewall was an issue so I tried another non-Cisco firewall as well and got the same behavior.
  WLC: Cisco 5508 7.2.103.0
  AP Info:
  Inventory Information
  AP Type     CAPWAP
  AP Model     AIR-OEAP602I-A-K9
  OS Version     5.22.84.6
  I dont see an OS upgrade available under CCO downloads for the AP. Any ideas where I should start to look for this?. Thanks.

  I'm seeing a similar issue running the 7.3.101.0 code.  However, it's only happening (or being reported) for mac users.  And it can go well beyond 30-60 seconds.  It can go on indefinitely sometimes until I disconnect and reconnect to the SSID.  My SSID does show connected, but similar to your experience, no arp responses from the default gateway.  I did a packet capture to see this.  Interestingly, not long after starting the capture I see some EAPOL packets come in and suddenly it starts working.  So would seem that 802.1x is blocking the port and for some reason I'm not re-authenticating.  I tried disabling session time out, but that didn't solve it.
  Here's the packet trace where it's not working then suddenly starts working:
  10:33:44.375186 ARP, Request who-has 10.213.15.254 tell 10.213.13.255, length 28
  10:33:45.378338 ARP, Request who-has 10.213.15.254 tell 10.213.13.255, length 28
  10:33:48.384173 ARP, Request who-has 10.213.15.254 tell 10.213.13.255, length 28
  10:33:49.387264 ARP, Request who-has 10.213.15.254 tell 10.213.13.255, length 28
  10:33:52.394868 ARP, Request who-has 10.213.15.254 tell 10.213.13.255, length 28
  10:34:03.547499 IP6 fe80::9227:e4ff:fef6:488d.5353 > ff02::fb.5353: 0 [2q] A (QM)? 31c80bc3a6a39ce144832a45cea636.local. AAAA (QM)? 31c80bc3a6a39ce144832a45cea636.local. (60)
  10:34:03.641969 IP6 fe80::9227:e4ff:fef6:488d.5353 > ff02::fb.5353: 0*- [0q] 1/0/1 (Cache flush) AAAA fd31:c80b:c3a6:a39c:e144:832a:45ce:a636 (96)
  10:34:09.340188 IP 10.213.13.255.17500 > 10.213.15.255.17500: UDP, length 134
  10:34:13.421334 ARP, Request who-has 10.213.15.254 tell 10.213.13.255, length 28
  10:34:13.589279 EAPOL key (3) v1, len 135
  10:34:13.589309 EAPOL key (3) v2, len 117
  10:34:13.651386 EAPOL key (3) v1, len 95
  10:34:13.651420 EAPOL key (3) v2, len 151
  10:34:14.423609 ARP, Request who-has 10.213.15.254 tell 10.213.13.255, length 28
  10:34:14.473543 ARP, Reply 10.213.15.254 is-at 00:00:5e:00:01:01, length 46

• New Aironet 600 AP vs 1140 AP

  what is the difference betw two AP models? both work in dual band and work with WLC
  they even look the same...

  There are some significant differences which haven't been discussed.
  1)     The AP600 has a tunnelled wired interface, the 1140 does not meaning you cannot connect wired deviced
  2)     The AP600 required local power, the 1140 CAN be powered via PoE although this is unlikely to be used at home
  3)     The AP600 has a 15 device hard lock.  I'm not sure what the 1140 is but significantly more than this
  4)     The AP600 can ONLY be used with a 5508 or WISMII,the 1140 can be used with a WISM, 4400 and some older WLC, However if configured as an external device you would need to use the 5508/wismII still, however you might like the flexiblity of the 1140 to use and re-use
  5)     The 1140s get VERY hot underneath (where they should be mounted) whereas the AP600 does not
  6)     The AP600 cannot be configured to Support ONLY WPA/TKIP + WPA2/AES.  If you want this combination you MUST also enable WPA/AES and WPA2/TKIP which are not standards.
  7)     The AP600 can only support 2 wireless SSIDs + 1 wired tunnel port.  The 1140 can support 16 SSIDs
  So these devices are really not like for like, but with these differences clearly explained you can make your own choice.
  As we are now removing 1131s from our offices we regularly issue these for use in more permanent remote offices and these work extremely well where the faster N speeds aren't needed (Especially is the backhaul is ADSL).
  Paul

• OEAP 600 and AP policies

  I have two 5508 and a few hundred 1142 in our internal net. Now I bought some OEAP 600 to do tests in some small branch offices, but I would like to enable AP policies with MAC filtering to block that anyone else can connect an OEAP through our firewall. If I enable 'Accept Self Signed Certificates (SSC)' and 'Authorize MIC APs against auth-list or AAA' as suggested in Cisco document 'Aironet 600 Series OfficeExtend Access Point Configuration Guide', will that effect only my OEAP 600 or will I have to also include the MAc addresses of my internal 1142?

  Hello,
  For More information on OEAP-600, please watch the "Community Tech-Talk Series" Cisco Office Extend Access Point OEAP-600
  https://supportforums.cisco.com/community/netpro/wireless-mobility/begin-wireless/blog/2012/02/24/cisco-office-extend-access-point-oeap-600
  Thanks,
  Vinay Sharma
  Community Manager - Wireless

• Different between H-REAP mode & Office Extention in Cisco AP

  What is the different between H-REAP mode & Office Extention .
  Hope both created for remote branch support , but it seems only H-REAP can route the data traffic locally & forwards control traffic to remote WLC.
  This Office extend feature forwards both Data & Control traffic to office WLC.
  Is my understanding correct ..please help me.

  Hello,
  As per your query i can suggest you the following solution  -
  Hybrid Remote Edge Access Point (H REAP) is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office. The H REAP access points can switch client data traffic locally and perform client authentication locally when the connection to the controller is lost. When connected to the controller, H REAPs can also tunnel traffic back to the controller.
  The Office Extend AP (OEAP) is a specific submode of H-REAP, and is supported on the Cisco Aironet 1130AG, 1140, and 3500i (not 3500e) APs. You can also use the Cisco Aironet 600 AP, which is a model dedicated to the OEAP mode. This dual-band (2.4-GHz and 5-GHz) AP supports 2 corporate SSIDs and 1 home SSID, up to 15 clients, and offers 5 Ethernet ports at the back (1 uplink port, 1 corporate VPN port, and 3 local switch ports). Other OEAP-capable APs support 16 SSIDs (15 corporate SSIDs and 1 personal SSID).
  Hope this will help you.

• OfficeExtend Access Point

  Hi,
  I have a question. I configure a LAN with an office extended technology with AP: if the link from WLC and AP is down, the client that are connected to the AP, can continue to exchange the datas?
  Thanks in advance.
  ---------------------------http://www.cisco.com/image/gif/paws/113003/office-extend-config-00.pdf ---------------------------------------------
  A user is given an access point (AP) primed with the IP address of the corporate controller, or the user
  can enter the IP address of the controller from the configuration screen (setup HTML pages).
  • The user plugs the AP to their home router.
  The AP gets an IP address from their home router, joins the primed controller and creates a secured
  tunnel.
  Cisco Aironet 600 Series OEAP then advertises the corporate SSID, which extends the same security
  methods and services across the WAN to the user s home.
  • If the remote LAN is configured, one wired port on the AP is tunneled back to the controller.
  • The user can then enable additionally a local SSID for personal use. ----> in this condition, if the wan link go down, the client can exchange a datas?

  Hello,
  For More information on OEAP-600, please watch the "Community Tech-Talk Series" Cisco Office Extend Access Point OEAP-600
  https://supportforums.cisco.com/community/netpro/wireless-mobility/begin-wireless/blog/2012/02/24/cisco-office-extend-access-point-oeap-600
  Thanks,
  Vinay Sharma
  Community Manager - Wireless

• Can't configure OfficeExtend

  I just bought an Aironet 600 OfficeExtend AP and hooked it up to my WLC 5500 but I can't configure it.
  I've got 10 AP running just fine but the Aironet 600 shows operational status as "UP" (normal is "REG") and "Admin status", "AP Mode" and "AP Sub Mode" are all grayed out.
  I installed the newest firmware on the WLC (ver 7.2.110.0) and it has upgraded the Aironet 600 as well.
  I've read to through the installation manuals and from everything I can see I should be able to configure the Aironet 600 as soon as it contact WLC,
  So what am I missing?

  The guide says:
  """snip"""
  •The access point is not broadcasting the enterprise WLAN.
  Resolution: Ask the teleworker to check the cables, power supply, and LED status. If you still cannot identify the problem, ask the teleworker to try the following:
  –Connect to the home router directly and see if the PC is able to connect to an Internet website such as http://www.cisco.com/. If the PC cannot connect to the Internet, check the router or modem. If the PC can connect to the Internet, check the home router configuration to see if a firewall or MAC-based filter is enabled that is blocking the access point from reaching the Internet.
  –Log into the home router and check to see if the access point has obtained an IP address. If it has, the access point's LED normally blinks orange.
  """snip"""
  If you have the ap joined already then make sure:
  The ap radios are enabled.
  If the aps part of an ap group make se the group breasts the SSIDs.
  HTH
  Amjad
  Sent from Cisco Technical Support iPad App

• AP continuously renewing IP address

  Hi Friends,
   I installed 4 new access points in our remote site to register it to the controller in the HQ using flex connect. And configured the distribution switch in the remote site as  dhcp server. 
   A new vlan was created for this purpose.
   Now, the APs are getting the IPs, but they are continuously renewing it, say every 20 - 30 seconds.
   The interfaces connected to the APs are stable. No ups and downs..
   What could be the reason.?
   Configs below;
  Ip dhcp pool AP_MGMT
    Network 192.168.77.0 255.255.255.0
    Default-network 192.168.77.100
   option 43 ip 10.1.2.60
  interface fa5/35
    description to AP
    switchport mode trunk
    switchport trunk native vlan 777
    no shutdown

  Hi,
  You need to make sure below points and then check.
  You can deploy a FlexConnect access point with either a static IP address or a DHCP address. In the case of DHCP, a DHCP
  server must be available locally and must be able to provide the IP address for the access point at bootup.
  FlexConnect supports up to four fragmented packets or a minimum 500-byte maximum transmission unit (MTU) WAN link.
  FlexConnect is supported only on the following access points: Cisco Aironet 1130AG, 1140, 1240, 1250, 1260, AP801, AP802 and Cisco Aironet 600 Series OfficeExtend Access Points.
  Round-trip latency must not exceed 300 milliseconds (ms) between the access point and the controller, and CAPWAP control packets must be prioritized over all other traffic. In cases where you cannot achieve the 300 milliseconds round-trip latency, you can configure the access point to perform local authentication.

• ASK THE EXPERTS : Wireless Teleworking Solutions with Bruce Tiff

  with Bruce Tiff
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn about the Cisco OfficeExtend 600 Series Solution that comprises the Cisco Aironet® 600 Series OfficeExtend Access Points, Cisco wireless controllers and the Cisco Wireless Control System with Cisco expert Bruce Tiff. Bruce Tiff is a Product Marketing Manager for the Wireless Networking Business Unit (WNBU) at Cisco, where he is responsible for developing and marketing Enterprise Indoor & Teleworking Access Points (AP). Bruce joined Cisco in 2008 in the Broadband Wireless Business Unit (BWBU) where he served as the Product Manager for the WiMAX Broadband Wireless Access CPE product line.
  Remember to use the rating system to let Bruce know if you have received an adequate response.
  Bruce might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the shortly after the event. This event lasts through July 1st, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

  Hey Bruce,
  I have a question about the map editor in the WCS software, after uploading a map image (blueprint) I go into the editor to start adding objects (such as walls and doors) but when I look at my map the right hand side of the building is cut off about 30ft too soon. The map appears correctly in the heatmap and planning mode pages but not in the editor. This happens to about 50% of the maps that I upload. Some are cut off in the editor while others upload just fine.
  This could be related to my second part of my question: after adding walls on some of the maps that are showing up properly (no cut off) I save, generate the heatmap and exit. I look at the heatmap and it was not lining up with how I drew my walls, so I went back into the editor and all of my objects seem to have an incorrect scale to the building drawing. the upper left corner is lined up properly but as you move down and right the lines get more and more skewed from where they were originally drawn! This is very annoying and I cannot find any way to fix this. I have remade entire maps (hundreds of objects) and it screws it up every time!
  Am I doing something wrong in the process or is this a 'feature' ?
  EDIT: We are running version 7.0.164.0

• Virtual WLC supported Access Points

  Dear All,
  I read minimum code version of AP should be 7.3.
  Someone please tell me the supported AP models for VWLC 7.4 series..?
  KVS

  Many thanks for your reply.
  So, Access points that are supported 7.3 code can be used to register with vWLC..?
  7.3.x
  1522, 1524PS, 1524SB, 1552E, 1552H, 1552I, 1552C, 1552EU, 1552CU, 1552S, 1130, 1240, 1250, 1260, 2600, 3500e, 3500i, 3600e, 3600i, 3500p, 1140, 600 OEAP, AP801, AP802
  Thanks in advance...

• Firmware Compatibility

  Hello,
  I have a Cisco WLC 2500 series with firmware 7.4.121.0,and  AP model AIR-LAP1131AG-E-K9   connected to it .
  i want to add one new AP and it's model is AIR-CAP3702I-E-K9 .
  I would like to know which firmware version i need to upgrade my WLC so all AP's will be working.
  Thanks

  Cisco WLC Release
  Access Point IOS Release
  Supported Access Points
  8.0.100.0
  15.3(3)JAB /12.4(25e)JAP
  Lightweight APs: 1040, 1130, 1140, 1240, 1250, 1260, 1600, 1700, 2600, 2700, 3500e, 3500i, 3500p, 3600e, 3600i, 3600p, 3702e, 3702i, 3702p, 600 OEAP, 700, 700W, AP801, and AP802
  Outdoor Mesh APs: 1522, 1524PS, 1524SB, 1532E, 1532I, 1552E, 1552H, 1552I, 1552C, 1552EU, 1552CU, and 1552S
  7.6.130.0
  15.2(4)JB6/12.4.25e-JAO6
  Lightweight APs: 1040, 1130, 1140, 1240, 1250, 1260, 1600, 2600, 2700, 3500e, 3500i, 3500p, 3600e, 3600i, 3600p, 3702e, 3702i, 3702p, 600 OEAP, 700, 700W, AP801, and AP802
  Outdoor Mesh APs: 1522, 1524PS, 1524SB, 1532E, 1532I, 1552E, 1552H, 1552I, 1552C, 1552EU, 1552CU, and 1552S
  7.6.120.0
  15.2(4)JB5/12.4(25e)JAO5
  7.6.110.0
  15.2(4)JB4/12.4(25e)JAO4
  Lightweight APs: 1040, 1130, 1140, 1240, 1250, 1260, 1600, 2600, 3500e, 3500i, 3500p, 3600e, 3600i, 3600p, 3702e, 3702i, 3702p, 600 OEAP, 700, AP801, and AP802
  Outdoor Mesh APs: 1522, 1524PS, 1524SB, 1532E, 1532I, 1552E, 1552H, 1552I, 1552C, 1552EU, 1552CU, and 1552S
  7.6.100.0
  15.2(4)JB3/12.4(25e)JAO3
  Cisco WLC Release 7.6.X or higher would work in your case.
  Hope that helps.

• Office Extend

  I have a question about Office Extend solution.
  Is there a limit on how many users can use office extend?
  I know that the Aironet 600 AP only supports 15 connections.
  However, office extend is supported on other APs. (3600 series for example).
  If I use Office Extend with 3600 AP am I able to have 50 connections?

  Here is the config guide:
  http://www.cisco.com/en/US/products/ps11579/products_tech_note09186a0080b7f10e.shtml
  The "yellow" port is for LAN side connectivity. The traffic sent across this specific port will be encapsulated in CAPWAP and be sent back to the controller. You will need to configure LAN configuration on the WLC for this port to work. This is also a very important topic. Your WLANs will be secured with PSK or EAP. However, this port is not, so you might want to use WEB AUTH with 802.1X or something to secure that port. Just in case the AP ever gets stolen someone cant just plug into port 4 and gain access.
  If you find any of this helpful please support the rateing system! Thanks again!
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin