04-22-2015 01:06 PM - edited 04-22-2015 01:07 PM
Historically in our organisation we have used centrally managed DHCP servers, generally MS Windows, to address our access points. Whilst technically this works, it does create a challenge when we wish to make changes to the scopes i.e. it often requires timely and costly change requests (we are charged internally). To overcome this we are starting to consider managing this either on the core switches or the AMCs. We are currently rolling out new 70xx and 72xx controllers in our environment, with 6.4.x code loaded. Some time back we were advised that there was a theoretical limit of 255 for a DHCP instance on an AMC, and technically, we might want to consider not using the AMC. What I wanted to confirm is if this is still indeed best practice. We would have few if any sites that would exceed this count.
Can anyone advise as to whether this is still the case. I like the idea of using the AMC as the management of the entire wireless management operation is then contained within the AMC.
04-22-2015 01:08 PM
04-22-2015 01:10 PM
Thanks for the quick response :)
Would this also be the recommendation if only providing addresses for access points to connect to the AMC. The DHCP wouldn't be used for corporate or guest, just AP management.
04-22-2015 01:14 PM
Starting in AOS 6.3 the controllers internal DHCP server are limited by a 512 scope.
And also keep in mind that if you have several controllers in your environment these don't not share DHCP scope information and that could be an issue when using the same VLANs across different controllers.
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
04-24-2015 01:33 PM
Thanks Fabian, apologies, I didn't get an email notifying me of your reply :)
I understand the concern. In our environment we deploy the controllers in a master/standby deployment model. What I'm not sure about as I don't have access to a test lab right now, is that if I define the same DHCP scope, exclusions, options, etc on the master and standby, if both scopes would be active, and as such, I could end up with duplicate IP addresses.
Just for absolute claridication, there will only be a single scope, and it will be used for providing IP addresses to Aruba access points to allow them to join the AMC, not to address clients.
04-29-2015 12:11 PM
not sure if you are asking a question of just stating a fact at the end, so i assume a question for the sake of answering.
in a master / master standby setup the DHCP scope you would configure on one of them is not synchronized to the other, just like the IPs / VLANs / .. if you would create the same scope on both then yes you run the risk of handing out duplicate IPs because they are unaware of each other. if you would create two seperate scopes (i.e first /25 of a /24 on one and the second /25 of a /24 on the other) then there is no chance on duplicates. if one controller fails the APs would eventually get a different IP from the other controller if there is enough space. all this kinda shows why you should use an external DHCP server if you can.
as mentioned DHCP on the controller is not best practice, except perhaps for small guest networks. but no one can stop you from doing it and it will work within the limits in the OS.
04-30-2015 07:09 AM
No, it was definitely a question :)
Thanks for the response, that all makes sense.
One thing that is still bugging me is why it recommended not the use the controller as a DHCP server? If I have two per site, both of which have a DHCP server configured, then I have just as good redundancy as if I deployed the scopes on a DHCP server. In my case, as noted earlier, we would like to only use this for addressing access points, so the management of the access points and supporting IP is under our control. Is there a reason why Aruba suggest that this is a best practice? It can't be that taxing on the controller surely?