HREAP and Remote Office VLAN

Similar Messages

• Setting up VPN with OS X Server/Netgear FVS318 and remote offices

  I am a newbie to VPN and am hoping someone can help get the config right. We have an Xserve (Server 10.4) and a range of G5's (OS 10.4) in 3 remote offices and want to setup a VPN between the remote offices back to the xServe. All 3 remote office are behind their own WGT624 router. Our setup looking like this:
  Remote Office G5 (OS 10.4)
  |
  |
  Netgear WGT624 (with dynamic IP address supplied by ISP)
  |
  |
  Cable Modem
  |
  |
  **INTERNET**
  |
  |
  Cable Modem
  |
  |
  Netgear FVS318 (v1) with static IP of 61.xxx.xxx.xxx
  |
  |
  xServe (OS X 10.4 Server)
  Can someone please walk me through the setup we need at head office and how we setup the branch office.
  Thanks

  Hi,
  1701
  UDP
  L2TP
  l2f
  Mac OS X Server VPN service
  1723
  TCP
  PPTP
  pptp
  Mac OS X Server VPN service
  Try L2TP

• Remote Office DHCP_REQD problem - users cannot receive IPs

  Dears,
  I am trying to implement a remote office into our WLC 5508 environment.
  Actually I have already did everything
  - Local DHCP - OK
  - VLANs at SW CORE - OK
  - Lightweight AP already connected to a access switch, port in trunk, w/ "native vlan 3"
  - HQ and Remote Office have different VLAN names but I have already did the vlan mapping
  HQ
  Remote Office
  For some reason, users in remote office can authenticate very well... but they do not receive IPs...
  Also, at the beggining of all this process, even after the new remote AP joined to WLC, for some reason all SSIDs received were not appearing to all users.... I had to go thru WLAN > AP GROUPS, then create a group "REMOTE" and added all WLANs (wnet, guest, mobile, consulting...) and the new remote office AP (AP01-RJOP) to that group... did I do right ?
  Does anybody have a documentation explaining how to implement this environment in a remote office ?
  thanks!
  Thanks in advance!!

  AP Groups are optional so it must be a configuration that was missed. Tale a look at this support doc which is step by step.
  https://supportforums.cisco.com/docs/DOC-24082
  Sent from Cisco Technical Support iPhone App

• Difference between HREAP and Local AP

  I am interested to know if there is any difference between HREAP (centrally switched, centrally authenticated) with normal local AP.
  As I can see all the traffic from the AP will still go through the controller to at the central site.

  Hybrid Remote Edge Access Point (H-REAP) is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office. The H-REAP access points can switch client data traffic locally and perform client authentication locally when the connection to the controller is lost. When connected to the controller, H-REAPs can also tunnel traffic back to the controller.

• Remote Office with Location tracking and WIPS

  Hey guys,
  I have a question about Cisco wireless for remote offices. My client is switching to Cisco for their wireless. The services that is going to be needed are location tracking and WIPS and data. The data part may come later and it is not approved yet. For now, it is going to be just location tracking for rogue devices etc and wIPS.
  I know for data we can do Flexconnect, but for location tracking and wIPS, how are we going to deploy this? Does Flexconnect APs would be able to do LBS and wIPS services and data?
  We currently have Moto APs deployed with 3 radios which is capable of LBS, wIPS, and data. Basically, the 3rd radio does the LBS and wIPS. Also, we are using the RF-Domain Manager per branch office. I am not sure if Cisco has something similar.
  Thanks

  So, you could do FlexConnect for the remote offices, but RLDP (wired detection) might not work:
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b3690b.shtml#anc8
  Domain Manager should be similar to PI:
  http://www.cisco.com/en/US/products/ps12239/
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• HQ and Remote Wired Guest VLAN

  Hello all,
  I am having trouble to create a standard condition for Policy Authorization.  Basically there are HQ and remote locations configure for guest access.
  Each location has its own guest vlan.  On ISE the standard rule are:
  Standard Rule 1 if Unknown AND Wired_MAB then Guest_Access
  This rule is working good for HQ.
  Standard Rule 2 if (Unknown OR MTL_Devices) AND Wired_MAB_MTL_Guest then Montreal_Guest
  This rule is design for remote but Standard rule 1 is taking over because first match applied and since the OR condition may cause some problem
  with internal users since the condition is Unknown OR MTL_Devices.  There is no AND condition for this.
  Let me know if anyone has idea or have solved this problem.
  Thank you.

  Hi,
  You need to change the order of your rules, ISE uses the first matched rule from top to bottom, in your case the MTRL is matching the first rule since it is more open than the rule below which has the check for the network device.
  Please change the order and see if this fixes your issue, if this doesnt work, post a screenshot of your policies just to make sure we are on the same page.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• One WLC for Headquarter and Remote Site

  Hi
  I have a question about the WLC remote deployment.
  We have the following design at the moment:
  Headquarter
  - Network 192.168.49.0 /24
  - WLC 4402 Version 4.2.61.0
  -- 3 x LAP1252
  -- Layer 3 LWAPP
  -- SSID wep
  -- SSID wpa
  - Windows PDC with Active Directory, DHCP Server and local Data Storage
  - ACS Version 3.2 for TACACS and RADIUS authentication --> External DB to Active Directory
  Remote Site
  - Network 192.168.50.0 /24
  - 2 x LAP1252
  -- SSID wep
  -- SSID wpa
  - Windows PDC with Active Directory, DHCP Server and local Data Storage
  - ACS Version 3.2 for TACACS and RADIUS authentication --> External DB to Active Directory
  Connection between Headquarter and Remote Site
  - 2 Mbit ADSL
  The problem is, that the wireless clients on the remote site get an ip address out of the headquarter DHCP Range 192.168.49.0 /24. The users on the remote site
  most of the time only use the local data server in the remote office. With the actual design the hole traffic is switched over the 2 Mbit ADSL connection the the
  WLC in the headquarter and back to the remote site. That works but it is not that performant.
  The problem could be solved with HREAP, but what I think is, that it is not possible to have the same SSID at headquarter and remote site with different VLANs.
  How can I achieve, that the clients on the remote site connect to the same SSID (wep or wpa), get an ip address from the remote site DHCP server (192.168.50.0)
  and the traffic is switched localy.
  I hope you understand what the problem is.
  Thanks in advance for your help!

  Yes, putting the remote AP's in HREAP mode will allow the same WLANs to be available on the AP's but the traffic would be locally switched at the AP instead of being tunneled back to the controller. After you put the AP in HREAP mode you then would configure which VLAN you want traffic for each WLAN to be dumped onto for that AP.

• HREAP and DHCP

  Hi All,
  I have a Cisco 4402 wireless controller and I am trying to set up HREAP to dump traffic off locally.  I have the HREAP function working as I can see my wireless MAC address on the correct vlan in the MAC table on various switches.  The problem, the Wireless NIC isn't recieving a DHCP address.  I have verified that my pool is operational.  I connected a laptop to the same switch that the WAP is connected to and it pulls an IP address from that VLANs DHCP pool. 
  What am I missing?  Another question is what interface to I set up for this WLAN?  If it is going to be at a remote office, what should it be set to?
  Thanks,
  Chris

  I went to go add a virtual interface on VLAN 14 and that brought down my access to the WLC.  I rebooted and now I can pull IP addresses at my office.  I have this WLAN in my Corporate office and now it is working just fine.  I have now applied this WLAN to a remote office WAP (will be using the same vlan, just differnet subnet) and it won't pull an IP address.  Again, I can see the MAC address on the swtich that is directly connected to the router with the IP Helper address and it still can't pull an IP address.  This is a different switch from which the WAP is connected.  If I plug a laptop into the same switch that the WAP is connected to, it pulls an IP address not problem.

• WiFi remote office connection

  Hello,
  I need to connect 2 remote offices about 50 yards disance.
  I would like to ask if there is cisco AP solution so that I could bridge a group of VLAN trunks
  on a WiFi conection, I would like to bring a certain number of VLAN trunks to the remote office
  using WiFi Connection.
  Is it possible in some way ?
  thank you
  Rick

  As Stephen mentioned, yes you can.
  Get a couple of autonomous IOS 1262 AP's with external antenna
  Set one up as the root bridge (the one connected to the main LAN) and set up the remote end as a bridge.
  The connectivity to the LAN is by way of trunk ports so you can send multiple VLAN's across the wireless bridge
  Good luck
  Sent from Cisco Technical Support iPad App

• Unable to allow traffic from remote office - Cisco RV220W

  Hi there,
  I have just bought the RV220W Cisco router firewall because my DLINK-1600 got broken and now I am unable to allow access to the machines located behind this router from the machines located at a remote office. Any help would be much appreciated!!
  This is the situation:
  1. Two remote offices A and B connected by a VPN tunnel (this connection is managed by an external provider and it is properly functioning)
  2. IP range A office: 192.168.236.0/24
  3. IP range B office: 192.168.237.0/24
  4. Office A: CISCO RV220W router/firewall (the one that I´ve just bought as the old dlink has broken). This RV220W is connected to a cisco router (managed by provider) that is the one with the VPN tunnel to the other office. The CISCO router does not do NAT. On the other end (Office B) there is another CISCO router managed by the provider.
  5. Everything was working smoothly until our old router/firewall got broken and that is when I bought the rv220w. I have set up the CISCO RV220W at office A and the machines can ping the machines located at office B and can browse the internet, i.e., the traffic going out is OK and in that sense everything works smoothly.
  6. The problem is that the machines located at office B cannot access the machines located behind the CISCO RV220W and I know it is a problem of the firewall as if I capture traffic coming from office B, I can see that it is dropped by the CISCO RV220W.
  7. I have tried to enable an access rule in the firewall to allow traffic from office B (see picture below) but it does not seem to work. In the field, Send to Local Server (DNAT IP) I have entered the WAN IP of my router (you cannot leave it blank) … this rule does not work at all. I think that is not properly configured but I don´t know how to do it.
  8. As you see, the problem is that I don´t know how to set up a rule to allow specific traffic coming from the WAN (traffic from remote office – 192.168.237.0/24) to the LAN at office A - 192.168.236.0/24.
  In the old router/firewall I just had to create a rule specifying the source interface (WAN) and network (Office B) and the destination interdace (LANOfficeA) and network (Office A). It does not seem that here I can do the same. i mean, you always have to point to a server ip inside the LAN??
  I know it has to be a very easy thing to do but at this moment I am completely stuck. If anyone can give me some advice would be great.
  Thanks a lot for your help in advanced!
  Eva

  Hi Eva, the default inbound policy cannot be changed. It will block all inbound traffic. To my knowledge there is not a way around this. Access rules are the only way to 'poke' a hole through the firewall but as you note, it is for a specific host. Values such as .0 and .255 do not work.
  -Tom
  Please mark answered for helpful posts

• Setting up second Active Directory controller at remote office

  I need to setup active directory controller at remote office over VPN.  Right now there is one primary DC at the main site and I need to setup the new secondary DC at a new site?  Are there any instructions or steps on setting up an additional
  site to add second domain controller?    The new server is 2012R2.  The original server  is 2007 data center.

  you can create the prerequisites Ad website and attached it the right subnet.
  http://technet.microsoft.com/en-us/library/cc740187(v=ws.10).aspx
  thereafter, it is necessary to carry out the promotion server. The config ip of the new server should be that the:
  IP address: IP address new
  Mask: Mask
  Gateway: Gateway
  DNS server: DNS server already in production of dc
  After the promotion you can change the address of the DNS server to put him
  http://technet.microsoft.com/en-us/library/cc526434.aspx

• UK based Alliance Member looking for local and remote opportunities

  Austin Consultants is looking for contract and part
  time opportunities in the whole of UK and Europe and remote work for companies all over the world. With the current
  exchange rate situation, we have become really cost-effective for our clients in America, Canada, Australia and
  Europe. If you are looking for expert advice on LabVIEW and other
  National Instruments software development, please don't hesitate to
  contact us at info at austinconsultants dot co dot uk. A brief
  description of our company is provided below and a link to our website
  is mentioned in my signature as well. My personal email is provided on my profile page.
  Austin Consultants are the UKs highest certified LabVIEW 
  specialists and National Instruments Alliance Partner. We integrate
  test, measurement and control systems across the industrial sector and
  and are experts in LabVIEW,
  TestStand, NI VISION, CVI, C, C#, .NET and Silverlight. We
  have previous experience with the Tokomak Textor Fusion Reactor, and
  have strong
  Aerospace and Military background with Airbus, Goodrich and Horstman
  Defence. We have worked with companies in the field of Green
  Engineering, Research and Innovation, Optoelectronics, Automotive and
  Medical device manufacturing.
  Message Edited by Adnan Z on 05-14-2010 10:27 AM
  Adnan Zafar
  Certified LabVIEW Architect
  Coleman Technologies

  Dear Sir,
  I would like to get an opportunity to participate in your upcoming or ongoing projects and work for you as a team member. I am a final year MSc Electrical and Communications Engineering student at University of Greenwich UK. Please give me some task to deliver as my MSc final year project or it could provide results for my project. From this experience I intend to move to enhanced certification level and have an experience of working with professionals in the industry.
  My experience of LabVIEW programming and hardware integration is two years plus and I have successfully done my CLAD LabVIEW certification at NI Week last year in London. On my job I was responsible to interact with clients, gather their requirements, suggest suitable hardware modules and then program and integrate to provide deliverable solution.
  Please find my CV attached and contact me at your most convenient. I can work in your South East office at Northolt if required.
  Best Regards,
  Harris Junaid
  Cell: 07813 764372
  email: [email protected]
  Attachments:
  Harris_Junaid(CV).docx ‏24 KB

• Remote office considerations

  thanks for the quick reply.
  I am planning on setting up a VPN tunnel to the separate location and i would like both locations to be on the same domain. Files will need to be accessible from both locations. We currently use Office 365 and have web based apps which wont be an issue. 

  Hi
  We are currently looking to setup a remote office that will house 20-40 users. I have not setup a remote office before and am looking for advice.  In particular what should i be asking the office building manager for example is there existing cabling? Will we have access to the switch closet or is that managed by a 3rd party?  Things like this i just want to make sure i am prepared when i meet with the Building manager and my CEO. 
  Thanks for any advice. 
  This topic first appeared in the Spiceworks Community

• Remote office in India

  I am currently working with a consulting company in India on setting up a new office in Pune India and I am running into some issues with the local rules and regulations in regard to where we can and can not terminate PSTN. The consultanting company is saying that we can not terminate PSTN to our router and that we have to have two phones on each desk (one IP phone for internal calls and the other phone is for PSTN calls). This is my first remote office outside of North America and don't know much about the local laws in India.
  has anybody had any experience in India ?
  Any response will be highly appreciated !
  Danny

  Danny, this may help.
  http://www.cisco.com/web/about/ciscoitatwork/case_studies/ipcommunications_dl10.html
  Sankar
  PS: please remember to rate posts@!

• Routing and Remote Access VPN DHCP error

  I have a strange problem.
  I have a client that is using Server 2012 Standard.
  On this server they have Routing and Remote Access configured for VPN client access. Their users that are working outside the office connect to the VPN to access the internal network.
  The VPN works fine for the most part. Recently however, it has started having issues.
  Periodically (about once every 8 days) I will hear from them that they cannot connect and that they get error 720. I will check the server and the server will have the following errors in the event log:
  Warning: No IP address is available to hand out to the dial-in client.
  If you check DHCP the server is running fine and will hand out local addresses but it will not hand out addresses to VPN clients. Also the addresses that it HAS previously handed out to VPN clients will not show in the address leases.
  The solution strangly enough is to disconnect and reconnect a the VPN client connection that the server has connecting it to a offsite server that it does a SQL sync with.
  Any ideas as to what might be causing this? If need be I can post more detailed logs but I am not sure what logs even to post or what data to collect.
  Any help is greatly appreciated.

  I am experiencing the same issue on a Windows 2008R2 SP1 RAS server. The above statement About increasing the lease time on DHCP does not resolve the problem.
  I am also Searching for a Solutions to this issue.
  Up to now I have done the Following :
  1. Increased the scope/ cleared IP's in DHCP.
  2. Ensure that the DHCP server is accessable.
  3. Created a Manual Scope on RRAS configurations settings (then clients can connect but cannot access resources on the network). Changing Back to DHCP, you recieve the same 720 Error.
  4. Stop and started the DHCP services on the DHCP Server.
  5. Stop and Started RRAS Services on RRAS server.
  The Only Indication is, that DHCP for some reason does not lease out Addresses to the RRAS server..