cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
828
Views
0
Helpful
8
Replies

Extend our company network to hotel conference room

sejamc71
Beginner
Beginner

Our company is having a conference at a hotel and I've been asked to see if there is an easy way to extend and broadcast our companies WiFi in the conference room at the hotel. I've heard of that, but have never set it up or anything. Anyone ever do that or provide insight on what all is need from both the hotel side and my side to get that up and running. We do a Flex Connect for all APs currently.

8 Replies 8

Denniz
Beginner
Beginner

What controller are you using?

We are using a physal HA pair of 9800 controllers with mostly Cisco 2802 APs

Denniz
Beginner
Beginner

If it is temporary maybe officeextend will work?

Configure OEAP and RLAN on Catalyst 9800 WLC - Cisco

Thanks, will check this out

Rich R
VIP Advisor VIP Advisor
VIP Advisor

If your controller is reachable over the internet you just need an internet connection for your APs to connect to your controller then it's just like any other office.
If your controller is only reachable over corporate network then setup a router to extend the corporate network to the conference room and plug your APs into that.
It goes without saying that the corporate wireless network should be secure before you expose it in a public environment like that because anyone in range of the WiFi could try to connect.

Maybe you should suggest a more secure (zero trust) approach - same as what most people use for working from home these days.  Users connect to public/hotel WiFi then VPN into corporate network as required.  That way you don't need to deploy anything.

------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's   and   Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     after 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.185.3 and latest 9800 IOS-XE releases
     also fixed in 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that Mobility Express AP TFTP download is not affected so ME 8.5.182.0 still works but see FN-74035 below
Field Notice: FN-70479 Out-Of-The-Box AP Fails to Join WLC or Joins with Single Radio due to Country Mismatch - RMA required
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN-74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
     fixed in 8.10.185.3 and see the field notice for 8.5, Mobility Express and other fixed releases
Check your WLC config with Wireless Config Analyzer using "show tech wireless" output (9800) or "config paging disable" then "show run-config" output (AireOS) and use Wireless Debug Analyzer to analyze your WLC client debugs
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs

sejamc71
Beginner
Beginner

Thanks for all of the suggestions. I had an idea of what the correct solution would be, but with short time, was looking for something else. The correct solution is to reach out to your ISP a couple months in advance, have them drop a temp circuit for the event. Terminate that circuit into a router, sub-interface and connect switch with applicable VLans and then install FLEX  AP. I was just notified about a meeting in 2 weeks so hands are a bit tied as to what I can do.

sejamc71
Beginner
Beginner

I have been looking at Zero Trust, but it is not all that it is cracked up to be. I've read several forums, demos, Gartner reviews and even a couple of cloud FW solution providers and get the same message. Cloud hosted FW solutions that speak of Zero Trust are really good at East-West traffic which is awesome, but if you have a production environment in which some of the resources must remain on-prem, the solution providers have communicated that they are not the best for North-South traffic. Also, monetarily, at least to me, it doesn't make much sense. You have to have an onsite router/L3 switch to terminate the circuit, you must have some type of on prem FW, even if it is basic. The circuit would come in, hit the On-prem network infrastructure, be routed back out to the cloud to be processed/filtered by the Cloud FW and then routed in part back to the site. Thats the way I have understood it. Its been difficult to sell the company on this type of design and cost.

Rich R
VIP Advisor VIP Advisor
VIP Advisor

Maybe you've been reading a hard and fast definition of zero trust but essentially it means yours devices (laptops) are secure so they can be safely used on "untrusted" networks like public WiFi and your services, wherever they are - internet or corporate network - are independently authenticated and authorised per user (trust nobody, authenticate and authorise everybody) so it throws out the concept of trusting a user just because they are inside a corporate/border firewall.  Firewalls are there to enforce traffic flows but don't authenticate and authorise users for applications.  You still have firewalls there to keep the baddies out of your network (as much as possible) but you assume they can find their way past the firewall and therefore protect each application/device/server.  This is the principle used for thousands of global companies to allow staff to Work From Home - or anywhere that has an internet connection.  It's defence in depth - security at every layer - not relying entirely on any single component.  Usually combined with comprehensive detection so when (not if) the security is penetrated you can detect and respond to it/contain it promptly. If your company already supports WFH then why not just use that with conference venue WiFi?

------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's   and   Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     after 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.185.3 and latest 9800 IOS-XE releases
     also fixed in 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that Mobility Express AP TFTP download is not affected so ME 8.5.182.0 still works but see FN-74035 below
Field Notice: FN-70479 Out-Of-The-Box AP Fails to Join WLC or Joins with Single Radio due to Country Mismatch - RMA required
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN-74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
     fixed in 8.10.185.3 and see the field notice for 8.5, Mobility Express and other fixed releases
Check your WLC config with Wireless Config Analyzer using "show tech wireless" output (9800) or "config paging disable" then "show run-config" output (AireOS) and use Wireless Debug Analyzer to analyze your WLC client debugs
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers