Wireless Access

Reply
Occasional Contributor I
Posts: 7
Registered: ‎08-19-2013

AP's in same subnet of users, or in other vlan?

Hello all. I'll be planning an pilot wifi deployment in my company and I've got a doubt about best practices.

Should I configure AP's in the same subnet of the users or get it in a mgmt vlan?

To configure the AP's in the same subnet (10.1.172.0/22)

10.1.172 .1 - .254 (for AP's)

10.1.173.1- 174.254 (for users)

But I was also thinkig to put the AP's in a different vlan, or a mgmt vlan

10.1.63.1-254 (for AP's)

10.1.172.1- 174.254 (for users)


I'll be deploying a aruba 105 AP's

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: AP's in same subnet of users, or in other vlan?

You want nothing to be in the same subnet as your users. They are two entirely different classes of devices and you want the flexibility to teach them differently.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 7
Registered: ‎08-19-2013

Re: AP's in same subnet of users, or in other vlan?

This approach is valid for big and small deploys?

In some sites I'll deploy 50 AP's for 300 users

in other sites its just 1 AP for 20 users at the most.


Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: AP's in same subnet of users, or in other vlan?

It is much more important in larger deployments than in smaller ones. If you adhere to this principle when a network is small, if it grows suddenly, you won't have the problems associated with mixing wireless clients and other devices in the same network.

I would say to keep it separate even with 50 access points.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 725
Registered: ‎12-01-2010

Re: AP's in same subnet of users, or in other vlan?

I'll add that with separate subnets, whatever bad-thing happens to a client (whether defect or malicious) will be largely shielded from the management plane of your network -- whether that's one AP in a coffee-shop or 200+ in a large office.

 

Much easier to troubleshoot when you can easily see which VLAN has the issue.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: AP's in same subnet of users, or in other vlan?


msabin wrote:

I'll add that with separate subnets, whatever bad-thing happens to a client (whether defect or malicious) will be largely shielded from the management plane of your network -- whether that's one AP in a coffee-shop or 200+ in a large office.

 

Much easier to troubleshoot when you can easily see which VLAN has the issue.


Msabin,

 

Thank you for your insight.  I hope others chime in as well.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: