The first thing you should do when you bring anything up is set the time. The mobility group doesn't not have to match if your anchoring to a dmz wlc.  If your creating a mobility between two internal wlc and you need to support roaming between ap's on one and ap's on the other, then the name and VIP should be the same.  SSID anchoring can be done later and the key there is to make sure the ssid matches exactly with the interface being the only exception.

Thanks scott. The tunnel however came up just with same mobility name but now i have come across another problem.

I have one internface for management that is asssociated with officeextend ssid.

1. Now do i create another interface for officeextend (on officextend dmz wilc) ?

2. Can i use still use my ACS servers for authentcation with wpa2 - how will this authenticate when the users plug in 1132 AP's

3. DHCP - WIll the 1132 pick up a dhcp range from the address pool, if so what range will its clients get ? (I would like to keep a range for each access point and its clients - example AP1 - 192.168.1.1/27 and so on for next AP )

Thanks

For OfficeExtend you would create an anchor back to you foreign wlc. So the devices will be placed in the subnet that wlc SSID is mapped to.

Thanks,

Scott Fella

Sent from my iPhone

yep understood that bit so do i create a seperate interface on the itnernal wlc pointing to a dhcp server ? on the dmz wlc do i just map it to management address that leads back to itnernal wlc ?

Say i have a pool for officeextend as 10.10.10.1 - 10.10.10.200. So assuiming the 1132 AP gets authenticated and gets an range of 10.10.10.10 what range would the wireless users connected to the AP get ?

Your OfficeExtend AP's will get an ip address from the users home network or place of location. That OfficeExtend ap will have an SSID that you specify in the wlc. So since that SSID is located in your internal wlc, users who associate to that SSID from their OfficeExtend ap will be placed on the subnet that you defined on the SSID. You don't need to create another interface. Maybe I don't understand what you are trying to do.

Sent from Cisco Technical Support iPhone App

sorry probably i havent expalined well.

Ok say i have a 1142 AP connected back to my home ADSL router (provided we dont encounter any authentication problems !!!) , the 1142 ap will advertise the officeextend ssid anchored back to the Internal WLC. Now will the 1142 AP get an internal address from the home ADSL router ? second, if i have a laptop connected to the Officeextend SSID then i will be disconnected from the home ssid, isnt it - now will my ip range be from the subnet i have specified in the internal wlc ? if so do i need to create a ssid on the internal wlc pointing to the DHCP server for officexdtend users ?

i hope iam clear here. pls let me know if you need more info

Thanks

thanks for this. will get in touch if i have more problems

Hello,

got into another problem

I connected the ap and checked the H-Reap box and then officeextend and gave it a public ip. This public ip is NAT'd to the dmz controller on the firewall. (The dmz controller is 5508 running code 6.0.199.4)

I have connected this officeextend 1132 ap to a broadband connection and this gets an ip of 192.168.1.23 on its fa0 interface. all good till now.

when i console onto the officeextend 1132 AP, i get an error msg could not resolve Cisco-LWAPP-Controller.home.uk....domain server (192.168.1.254) and Cisco-CAPWAP-Controller.home.uk...think it needs DNS set to the public ip on the local asdl box, is it ?

if this is the case, I am not sure if i can do this as this is controlled by the ISP

The DNS is just one of many things an CAPWAP AP does when he tries to find a list of possible controllers.

In your case with a fresh AP not knowing your controller. The easiest thing would be to enter this command from your console enable prompt. capwap ap controller ip address then wait a little bit.

And if everything is correct at the WLC DMZ side the AP will join your WLC, download software,config and reboot/reset a couple of times before joining again. The IP is of course a registered IP address that you have configured as a NAT address on your controller (unless you configured a public address on your managment in the begining)

If not here is a great link on deploying Office extend:

http://www.cisco.com/en/US/partner/products/ps11579/products_tech_note09186a0080b7f10e.shtml