Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1507
Views
8
Helpful
9
Replies

OEAP and remote lan anchoring

Florian Brenner
Level 1
Level 1

‎11-11-2012 01:36 AM - edited ‎07-03-2021 11:01 PM

Hi all,

can someone explain how to configure anchoring on a 'remote lan' wlan for the OE-solution?

That's my setup:

- DMZ:

2504-CTR with code 7.3.101.0

- Internal

5508-CTR with code 7.3.101.0

I've configured two WLAN's and anchored it to the internal Controlller => everything works fine

I also want to use the Remote Lan Port on the OEAP600. I've created a new WLAN on the DMZ-CTR and choosed Remote Lan from the drop down menu. On the internal CTR I've created also a new WLAN, choosed Guest Lan from the menu and mapped the egress-interface to an existing Wired-Interface.

When I now want to configure the anchor on the newly created remote lan on the DMZ-CTR, the problem is, that the menu is only showing 'remove', there is nothing with 'mobility anchor' or something like that.

So how can I create the EoIP-tunnel for the remote lan?

Thanks, Florian

1 person had this problem
Labels:
0 Helpful
9 Replies 9

Scott Fella
Hall of Fame
Hall of Fame

‎11-11-2012 05:42 AM

They removed that feature starting on v7.2. I was told from TAC that it was broke and that it was decided to be removed. I have remote lans configured on v7.3, but it was because it was in place when the WLC's were running v7.0.x. They told me not to do the reverse tunnel like what your trying to do, but open the FW to the internal WLC and have that WLC manage the OEAP's.

I don't line the idea that they did this, because it does work but now I can't add, modify or delete the remote LAN.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Saravanan Lakshmanan
Cisco Employee
Cisco Employee
In response to Scott Fella

‎11-12-2012 01:04 PM

Whether the option is available/not, Mobility anchor option from remote-lan is not a supported feature.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Saravanan Lakshmanan

‎11-12-2012 01:36 PM

It isn't supported now, but it was in v7.0 when OEAP 600 first came out. I was working with this with Wesley when he was in the BU because how this was proposed before was to use the existing DMZ guest WLC for your OEAP, now you have to open up ports to your internal WLC which made some of my clients kind of mad. Again... I know it's not supported anymore.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Saravanan Lakshmanan
Cisco Employee
Cisco Employee
In response to Scott Fella

‎11-12-2012 02:52 PM

Sure Scott, to my knowledge this is never a tested/supported feature(however i could be little wrong here) and it may/may not work, however don't have a 7.0 doc saying it though. If it was a working feature then there is no reason to remove this feature unless there is security concern.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Saravanan Lakshmanan

‎11-12-2012 03:26 PM

Saravanan,

The funny thing is it is working fine and we are even running the beta code for testing. Its just that if I have to make changes, well... I just downgrade and then make my changes then upgrade again:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Florian Brenner
Level 1
Level 1
In response to Scott Fella

‎11-12-2012 03:53 PM

You're absolutely right! I've downgraded to 7.0.235.3 and it works without problems.
So let me summary:
If you want to use the remote lan port on the OEAP
1) you have to open the capwap-ports to the inside controller or
2) place a separate WLC in the inside-network (if you don't want to mix internal and OEAP's on one WLC) or
3) install 7.0.x on the dmz-wlc and anchor it to the inside (which is not supported, but that's what most of our clients want to do), upgrade to 7.3 again and hope you have no changes in future.

Right?

Scott Fella
Hall of Fame
Hall of Fame

‎11-12-2012 04:25 PM

That's right and that is what I do for our engineer to access our lab. Just remember, don't call TAC for support as it is not supported:)

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

dselfridge
Level 1
Level 1
In response to Scott Fella

‎02-25-2013 05:36 AM

Hi Guy's,

Very interesting thread.

Have you heard anything about re-instating the ability to 'reverse-anchor' the remote LAN in future code versions? I would like to extend out my customers Voice vlan to the Remote LAN port on the OEAP by anchoring the DMZ controller to one of the 'inside' controllers as it's much 'cleaner' than messing with firewall rules.

I don't want to downgrade due to the Windows 8 bug in earlier releases (i'm on 7.3 right now).

Cheers,

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to dselfridge

‎02-25-2013 05:56 AM

Don't think it will happen. They removed it and seems like that's the end of it.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card