View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

WL0037 - WLC Office Extend AP (OEAP600) (Part 2)

Rating: 
0
No votes yet
Difficulty Level: 
4
Lab Document: 
<Please login to see the content>
Video Download: 
Title: WL0037 - Video Download $20.00
Purchase WL0037 - Video Download $20.00
The video introduces you to the second type of Office Extend AP on Cisco Wireless LAN Controller with OEAP600. We will be configuring OEAP600 from its factory default state starting with basic AP registration security on WLC. We will also cover features such as Remote LAN and 802.1X port-based authentication that are not available on FlexConnect OEAP as well as common functionalities of Split-Tunnel (specified, and local), and personal SSID. 
 
Part 2 of this video covers Remote LAN and wired 802.1X authentication
 
Topic:
  • Office Extend AP 600 (OEAP600)
    • Physical Appearance
    • Web Interface
    • Network Configuration
    • Software Upgrade
  • AP MAC Address Authentication
  • FW Static NAT and ACL
  • AP Group
  • OEAP600 Remote LAN (with Second VLAN)
  • OEAP600 wired 802.1X Authentication with ISE
  • OEAP600 Split-Tunnel 
  • OEAP600 Personal SSID

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

4 comments

hi Metha,

I have a question. Is the name that you specify to the OEAP present in the ISE radius attributes? I'm about to do a lab, but wanted to know in advance if there are some attributes you can use to distinguish RLAN vs Wired.

You will need to dig into ISE RADIUS log detail page and look at any unique attribute between the two. If you just want to distinquish betwen .1x from OEAP and regular switches, can't you just use the fact that RADIUS request for OEAP would come from WLC?

hi Metha,
I think I already know the answer. However, I wanted to confirm and see if you have tested this before.
Can you configure dot1x and MAB in one single RLAN? I have the use case where a Cisco IP phone is connected to port 4 and a computer is connected to the phone.
On the RLAN config, I set 802.1x and MAC filtering within the Layer 2 Settings tab.
In the ISE logs, I see both authentications being successful, However, none of the devices gets an IP addresses from DHCP. If I disable 802.x1 the phones gets authenticated and gets IP as well.
I believe this use case is not supported.
Any ideas?

We did not test such scenrio. It is possible it is not supported knowing the OEAP AP probably does not do the same level of .1x as a switch We cannot fine any documentation on this neither.