Security

Reply
New Contributor
Posts: 2
Registered: ‎02-03-2014

Guest DHCP Scopes?

Hi

 

Could anyone advise on what is best practice for Guest DHCP scopes?

 

Our current scopes are getting used up really quickly so we'd like to redesign our scopes.

 

Any ideas or suggestions would be really appreciated.

 

Thanks!

 

MVP
Posts: 4,314
Registered: ‎07-20-2011

Re: Guest DHCP Scopes?

 

Approximately how many users are you expecting to have on your guest network ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor
Posts: 2
Registered: ‎02-03-2014

Re: Guest DHCP Scopes?

At the moment we have /23 scopes per site and these are being used up very quickly. The lease is also set to around an hour. 

At an estimate anything around 1000 guest per site.

 

 

Regular Contributor I
Posts: 191
Registered: ‎03-22-2013

Re: Guest DHCP Scopes?

[ Edited ]

Im not a fan of open guest networks, as I find about 80% of leases are used by devices quto connecting and not even being used on the network.  We were having to purge the lease pool on a very regular basis, which got a bit tedious...

 

Sort of defeats the point I know, but we secured it making the password easily accessible, so only those that actually want to use the netwrok will join it, and its worked very well...  and cut down dramatically on address waste. 

Guru Elite
Posts: 21,588
Registered: ‎03-29-2007

Re: Guest DHCP Scopes?


dnulty76 wrote:

Hi

 

Could anyone advise on what is best practice for Guest DHCP scopes?

 

Our current scopes are getting used up really quickly so we'd like to redesign our scopes.

 

Any ideas or suggestions would be really appreciated.

 

Thanks!

 


Lower the lease times on your scopes to 15 minutes.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 24
Registered: ‎10-24-2011

Re: Guest DHCP Scopes?

[ Edited ]

We had the same issue at our end.  Our Guest wlan is open initially for captive portal.    Being a school district, our Guest scopes were full by 8:30am from auto-connecting devices.  We ended up growing the networks.  We used a /14 for the big secondary schools and /22 for the elementary.

MVP
Posts: 4,314
Registered: ‎07-20-2011

Re: Guest DHCP Scopes?

 

 

As cjoseph pointed out you should lower the lease time and I suggest that you create /21 or maybe lower and enabled drop multicast/broadcast on the VAP and enable bcmc-optimization under the SVI

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I
Posts: 191
Registered: ‎03-22-2013

Re: Guest DHCP Scopes?

In our experience, shortening the expiration time just meant they filled up quicker... given that the majority of devices werent even being used on the guest network, to us, it just didnt make sense the increase the size of the network.  We have thousands of people passing through the site each day oblivious to the guest network, so why should their devices be consuming resources?

 

If people want to use the guest network, they can join the ssid, they only have to do this once, and it cut down lease wastage by about 80%.  It would make more sense, well to me anyway, to have  a relatively small network for captive portal, which had a very short lease expiration time, then authenticated users could be moved onto the guest network. 

Guru Elite
Posts: 21,588
Registered: ‎03-29-2007

Re: Guest DHCP Scopes?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 191
Registered: ‎03-22-2013

Re: Guest DHCP Scopes?

Yes, it would be released sooner, but then snapped up by another device that probably doesn't want to use the CP!

 

I think as we have so much foot traffic through site, and probably thousands of devices trying to connect (although not actually use CP), the supporting network was never big enough to accommodate them...  So its probably down to poor design that resulted in the scopes being exhausted fairly quickly. 

 

My personal feeling is why have lots of /24 networks available just so devices can connect, but never actually use the network?  I had thought of having a larger subnet, but am sure I have read, and been advised that you don't really want more than say 200 clients per vlan.  I was even told this at the bootcamp, although was actually told that you wont see this written anywhere! 

 

Also, surely all of these devices that are connected to the open wifi, although not authenticated, are all trying to update and download apps etc, all of which is consuming resources unnecessarily. 

 

This of course is just my way of thinking about it!

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: