Cisco’s “Office Extend” solution allow companies to extend their corporate network into teleworker’s place or into employees home without compromising its security policy.
As you can see in the above diagram Office Extend AP (OEAP) can sits behind any public internet device (Home ADSL router, etc) and allow to extend corporate WLAN on to it. It has the capability of defining locally significant WLAN where other home users can use the same AP to go to public internet without going through corporate network. This is also useful when special events organized by a corporate to provide their network services at a public location for short period.
Cisco has released special Access Point series (OEAP 600 series) which is having full a/g/n (dual band) capability with 4 LAN ports. Out of those four, one port is for Remote-LAN where you can extend one of wired VLAN of your corporate on to this(you can connect a hub/switch to this Remote-LAN port & connect upto 4 wired device to this VLAN). Other 3 ports are for local LAN connectivity.For the corporate WLAN extended, max of 3 WLAN can be extended & max of 15 clients can be joined. Configuration wise OEAP is meant for “Zero Touch” deployment where it only require WLC IP to be pre-configured.
In addition to this OEAP 600 series, LWAPP (1040/1130/1140/3502) series AP can be convert into OEAP mode.This will allow extending office wireless work environment to remote sites, employee’s home environment (except wired LAN extension in OEAP 600). As it allows to create locally significant SSID other home users can use the same AP to connect & do their work. Cisco introduce this feature on WLC 7.0 software version & work with 5508, WiSM2 & 2500 series controllers.
When a user connect this OEAP (which has been primed with WLC IP) in to their home DSL network, it will create encrypted DTLS tunnel between AP & WLC. Then selected corporate SSID will be advertized through this OEAP. It also allow end user to create locally significant SSID for their home use & that traffic is not going via DTLS tunnel.
From the CCIE wireless exam perspective, OEAP 600 series hardware is not listed in the blue print. Only option is to use 3502 as OEAP and you need to know how to convert LWAP into OEAP. We will see how to do this conversion in next post & operation of OEAP in bit detail via another post. Stay tuned for those.