Wireless Access

Reply
Frequent Contributor I
Posts: 63
Registered: ‎05-21-2012

93H Bridge vs Tunnel or Other Limitations?

I'm testing out a 93H for a Dorm type environment and have it working in tunnel mode.  I've read the differences stated in this guide, referenced in other forum posts:

 

http://www.arubanetworks.com/pdf/technology/DG_Mobility-Controllers-Deployment-Models-5.0-VRD.pdf

 

After reading this, I have some questions and I'm not sure if its related to Bridge Mode, or Just limitations of equipment or just a suggestion from Aruba.  In the Bridge Mode Section (Page 42) it states this:

 

Bridge mode allows the AP to bridge traffic directly on to the LAN, with firewall policies applied at the
AP. This deployment model is typically used in a deployment with a small number of users and APs on a
single /24 subnet. Aruba supports no more than 32 APs at a single Layer 2 network without a controller
being present and reverting to one of the other two forwarding modes.

This is not a mobility controller limitation, but a limitation in the number of devices that should
reasonably be deployed in a single Layer 2 network. Most network administrators will keep Layer 2
segments limited to /24 subnets to control broadcast domain size. This limitation fits with the expected
network size, providing approximately 222 station addresses, or approximately seven stations per AP.
As an example, where multiple buildings exist in a small area, such as a school, if each building is a
separate Layer 2 network, each building can have up to 32 APs deployed.
The APs still require access to the mobility controller to function, though the controller does not need
to be in the same location as the APs. If the mobility controller is remotely located, the APs need a
secure connection (VPN) between the sites with low latency. All processing is performed on the AP, so
certain centralized features are not available. To enable bridge mode, CPsec must be enabled in the
network.

 

The line that is most troubling is that last sentence of the first paragraph: "Aruba supports no more than 32 APs at a single Layer 2 network without a controller being present and reverting to one of the other two forwarding modes."   I understand that a good network design has each building with a /24, but in an education community, that just doesn't work.  All of my networks are /23 at the minimum and I have a couple /22, thanks to the influx of Mobile devices.  A couple of my networks span several buildings, due to the small user base in those areas, however, because of Construction materials used in those areas, older buildings, the AP count is going to be much higher than 32.

 

Can someone clarify what this section is trying to say exactly?  I guess I'm confused if this is a Bridge Mode limitation or if I'm going to hit some kind of limit or is this just a suggestion, or what.  I'm looking to likely deploy around 400 of the 93H if this test proves to be good, which it is looking like it is, so any suggestions would be appreciated.

 

The debate I'm having with the rest of my network team currently was in regards to the Bridge vs Tunneled modes.  I can see arguments both ways.  Has anyone else run into this?  Are the Access Switches setup in a similar fashion?

 

For reference, Our environment is mostly AP-105 and AP-135 Currently, Total 115 Aruba APs, Replacing a Cisco Environment of Over 500 APs.  We're using a 6K controller with 1 M3 blade running 6.1.3.4, Currently.  Will likely buy 2 more M3's in the next year.

 

Any thoughts or suggestions are greatly appreciated.  Thanks.

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: 93H Bridge vs Tunnel or Other Limitations?

Very few bridge deployments involve 32 APs that are within earshot of each other.  

 

For those 32 APs, application sessions are transferred from AP to ap as the user roams.  For the 33rd, ap the device can roam, but the application sessions will not be transferred.  

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 63
Registered: ‎05-21-2012

Re: 93H Bridge vs Tunnel or Other Limitations?

So.. Are you saying that this only really comes into play when a client roams?  

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: 93H Bridge vs Tunnel or Other Limitations?

Yes.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 63
Registered: ‎05-21-2012

Re: 93H Bridge vs Tunnel or Other Limitations?

Well.. that takes care of the issue for me.   Rooms are spread out enough that this won't be an issue.  Sorry for the initially long post, but I really didn't get that from the documentation directly.

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: 93H Bridge vs Tunnel or Other Limitations?

No problem.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 63
Registered: ‎05-21-2012

Re: 93H Bridge vs Tunnel or Other Limitations?

[ Edited ]

One Further question, I currently have CPSec disabled.  I've noted in the documentation that it Doubles the boot times of the APs when it is enabled.   Are there any other significant drawbacks to having it turned on?  

 

The reason I ask is, I'm really considering bridge mode for the wired ports on the 93H. I currently have everything working in tunneled mode but would like to move the wired ports to bridge and leave the wireless in tunnel mode.   We have a lot of Streaming DVD players and other device connected Wired in our dorms which I would rather have Bridged instead of tunneled back to the controller.  This seems possible, but I haven't tested yet.  Any thoughts?

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: 93H Bridge vs Tunnel or Other Limitations?

CPSEC doubles the initial boot times of access points, because it has to assign a certificate to it and reboot.  There is no drawback, but it is necessary to bridge traffic.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 63
Registered: ‎05-21-2012

Re: 93H Bridge vs Tunnel or Other Limitations?

No reason not to enable it then.   Thank You.  

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: 93H Bridge vs Tunnel or Other Limitations?

correct.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: