Solved: Office Extend AP and external addresses

rasmus.elmholt · ‎11-08-2018

Hi

I have just configured a WLC with some SSIDs and 5 internal Access Points.

Everything is working and my clients are able to connect to the network.

I have then connected a 1810W OEAP using this guide: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-3/b_Cisco_OfficeExtend_Access_Point_/b_Cisco_OfficeExtend_Access_Point__chapter_01000.html

And after I configured the management interface with the NAT address all the internal AP lost the CAPWAP connection to the controller. And they only first reconnected when I removed the NAT configuration on the WLC again.

My firewall are configured with NAT as expected, but the internal APs are not able to connect to the external NAT address because of the Hairpin issue on ASA.

So my question is: Is it possible for the internal APs to connect using the internal(real) IP and the OEAP to connect using the NAT'ed address.

Rasika Nayanajith · ‎11-08-2018

Issue below command to enable both inside & outside AP to register to your WLC

config network ap-discovery nat-ip-only disable

Control which address(es) are sent in CAPWAP discovery responses when NAT is enabled on the Management Interface using the following command:

config network ap-discovery nat-ip-only {enable | disable}

where

enable—Enables use of NAT IP only in Discovery response. This is the default. Use this command if all APs are outside of the NAT gateway.

disable—Enables use of both NAT IP and non-NAT IP in discovery response. Use this command if APs are on the inside and outside of the NAT gateway; for example, Local Mode and OfficeExtend APs on the same controller.

HTH

Rasika

*** Pls rate all useful responses ***

View solution in original post

Rasika Nayanajith · ‎11-08-2018