Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

OfficeExtend in a dual Firewalled DMZ - OEAP not registering



Just wondering if it's possible to configure a DMZ WLC in such a way that it will accept a join request from an OEAP on a none-management (outside) interface? (Port

As you can see from the attached diagram I’m trying to use the DMZ WLC as a physical separator between good and evil, however it appears that the OEAP is unable to join the WLC unless it’s join request is heard on the management interface (Port 1) ...unfortunately for me this is an inside interface and in order to allow this to happen I would have to allow the outside join request to pass between the outside and inside switches which isn’t exactly what I want – In saying that this is possible as we do have a trunk link (for management) in place between the switches however I would prefer not to.

You’ll see that NATing on the outside Firewall is working and the join request is hitting the OE interface (Port 8), however it’s rejecting it due to it not being a management interface, this is regardless of Port 8 being set up as a Dynamic AP Management interface or not. I have tried finding out why this is happening however some forum posts suggest that the join request has to be heard on both the management and the dynamic AP management interface. Please tell me this isn’t the case or that there’s an alternative solution?



DMZ WLC = 5508 running

OEAP = 600

Note: Real IP addresses differ


Who Me Too'd this topic