Setup a Cisco AP as an Office Extend AP
An Office Extend AP (OEAP) allows a Network Administrator to extend the corporate WLAN across the internet to a remote site. This allows the remote clients to securely connect back to the private network from their home or remote office simply using their regular wireless profile and not having to setup a VPN or other type of remote access. For the most part, remote users will be able to connect , have access to corporate resources, and "feel" just like they are connected to the wireless at the corporate office.
How to convert a regular LWAP into an OEAP
First, the Cisco WLC will need to be reachable from the internet, so you will need to setup some NAT rules.
capwap ap controller ip address x.x.x.x <-- this is where you assign the outside address that you put on the WLC for NAT
First, the Cisco WLC will need to be reachable from the internet, so you will need to setup some NAT rules.
- On your firewall, setup a NAT rule pointing to the firewall and allow UDP ports 5246 and 5247
- On the WLC, under the Management interface, Check the "Enable NAT" box, type in the External IP address, and then click Apply.
- You can then test the controller reachability from the internet by temporarily allowing ports TCP 80 and/or 443 and attempting to open the WLC web GUI. If you can, then you have verified the WLC is reachable. Do not leave these ports open as it would be a big security vulnerability.
- If you have not already "primed" your AP and set it up for deployment as an OEAP, you will need to console into the AP and assign the WLC Outside IP address. From the CLI of the AP type:
capwap ap controller ip address x.x.x.x <-- this is where you assign the outside address that you put on the WLC for NAT
- Now, reload the AP and after the reboot, the AP will look for the controller via the assigned address.
- Under Wireless > All AP's, click on the AP you wish to use, then chose AP Mode > FlexConnect (*Note the AP will reboot and will come back online with a FlexConnect tab available for more configurations.)
- Under the FlexConnect tab, check the box "Enable Office Extend AP" and click ok to both pop-up boxes asking to enable Encryption and Rogue Detection
- The AP will then reboot once more and will now be ready for use.