For quite some time, performance on the office extend solution for our internal end users has been exceptionally poor, basically unusable to be accurate. However VPN connectivity via AnyConnect or an IPSEC VPN client was fast.
I do know the solution used to work quite well, and then stopped working well -- when this happened, nothing had changed on the WLC and we just started using the AnyConnect client instead.
Now that I've had some downtime, I blew away the WLC (2504) and re-configured it and only set the minimum configuration parameters for our 1x Internal AP and the OEAP specific SSIDs and configuration for the OEAPs.
Previously we were running 6.x code on the WLC, and now we're runing 7.4; I took two OEAPs home, and one of them seemed to have the same poor performance problem, while the other is definitely just as fast as our regular SSL & IPSEC VPNs. I've had 1 of my co-workers try his at home, and he said it was just as bad as the last time, and "useless, a complete waste of time".
Has anyone experienced performance problems with the OEAPs of this magnitude? I'm about to configure a 1042 or 1142 for that co-worker to take a home and see if there's a difference, but I just can't seem to get these to work reliably and I can't seem to find any support posts in the forums or articles that mention anything about aleviating poor performance or things to not configure that would impact performance.
For everyone's reference, I've been using this document for my configuration guidelines.
Any assistance that can be provided would be fantastic, I'd hate to have a customer purchase these and run into the same issue I'm having.
So just to try since my co-worker was complaining about peformance, I swapped the OEAP I thought was working great with the poor one and got the same poor performance I did before.
I put the other one back, and I'm seeing the same poor performance characteristics.
In the first attached file, you see 3x File Transfers -- these are over the Corporate SSID going back to a file server, the first one is from 1x AP, and the send two file transfers are from the 2nd AP which I thought was functioning perfectly.
The second image shows the performance I was getting out of one of the OEAPs yesterday, and those speeds are indicitave of what users get over an AnyConnect or SSL VPN.
This is very confusing.
There must be some sort of configuration tuning that needs to be done on our ASA 5505 Firewall or perhaps the WLC.
I configured an Aironet 1042 today as a Flex-Connect Office Extend and brought it home, when I connected to the corporate SSID it took minutes for a small file transfer of multiple directories and files to even start, yet connecting via AnyConnect VPN client the transfer starts immediately, and at speeds in excess of 300 KB/sec.
I understand only UDP Ports 5246 and 5247 need to be forwarded to our WLC (sitting behind the FW), with NAT enaabled; all of these settings are set and the AP Joins, I'm just getting wildy varying performance. Sometimes it's as it should be, but more often than not, it's utterly horrid.
Did you ever get the speeds up using Office Extend? -Im seeing exactly the same results. Tried a bunch of different ap's 1142N to 2702i all around 10mbit/s performance using Office Extend and encryption.
For OfficeExtend using DTLS we saw low speeds (<10mbps) on the OEAP600 Access Points. A Cisco engineer later confirmed that this was due to the fact that the AP did all the encryption in software and was underpowered CPU wise (couldn't handle more)
We have however had good success with other models.
OEAP1802 series seem to bottom out at about 70mbps. Probably still does encryption in software but a better CPU helps.
We also use som 2602 Access Points for OEAP and here we see speeds of up to 150mbps (haven't tested these on lines bigger than this) and they work very well.
In our case the WLC is a 2504 located behind the corporate firewall.
Which software Version are you testing on?
I use it all the time and so does my peers who connect to our lab. We have not had any poor performance at all.
Sent from Cisco Technical Support iPhone App
Well, now I've opened a TAC case since the problem doesnt seem to be unique to the OEAPs.
I'll let everyone know what Cisco finds as soon as we get to the bottom of this.
I'm seeing similair problems with OfficeExtend (OEP600 with a 5508 as the WLC) so I was wondering if you did figure this one out?
TAC has not been able to find an issue with the Configuration, and suggested replacing some of my OEAPs, however this affects all OEAPs so I have asked for a replacement 2504 WLAN Controller which I have received, I'm now just waiting for my licening to be transferred to the replacement WLC.
Are you seeing performance issue with UDP traffic also or just TCP?
On wireless client that you use vpn, could you reduce the mtu/mss value and try that makes difference?
The issue is purely with the Office Extend Access Points AND Access Points in Flex-Connect/Office Extend mode.
I have zero problems when using the Cisco AnyConnect client, or the IPSEC VPN Client.
I also do not see any way I can change the MSS or MTU of the Office Extend Access Points. I'm not sure if you can look at my Service Request to see what we have done for troubleshooting thus far, but my SR# is 625320755
After clearing up the licensing, and conducting tests, I'm still encountering this issue, and will be looking for the above SR to be again re-assigned.
I have not experienced the issue you are seeing. I have setup an OEAP WLC5508 for our engineering lab in which we have OEAP600 and various AP's in FlexConnect OfficeExtend with no issues. I also have a 2504 at home in which I have my peers joined to my 2504 with no issues at all from all over the USA. Maybe it's hardware related but I couldn't tell you for sure. If you connect an AP to the WLC in local or FlexConnect do you still have issues or is it just the OEAP600's.
Sent from Cisco Technical Support iPhone App
My environment with the same issue:
Backend networking Nexus and 3750s