Wireless Access

Reply
Regular Contributor I
Posts: 159
Registered: ‎03-03-2011

AP vlan design

Can anyone give me an answer or point me to the documentation for the following questions?


  • Should the AP's be in their own vlan or in the same vlan as clients?
  • How big should the AP vlans be (how many AP's per vlan?
Regards,

Josh
___________
ACMP, ACCP
Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: AP vlan design

Josh - the APs should be on a dedicated VLAN, if possible. They will work on a shared VLAN, but it is not recommended. If you are doing bridge mode, the will have to be on a shared uplink with the clients (trunk port to a switch).

The number of APs per VLAN really depends. If you can keep them relatively small, that is good. I haven't seen anything more than a /24 for AP management VLANs (not that it wont work, but it's just not a good idea IMHO). If you are using bridge mode, you can get away with more, since the traffic is dropped locally on the subnet. If you are using tunnel mode, all the traffic is forwarded back to the controller. As long as you don't have saturated infrastructure, you would still be OK.

The client VLANs should also be kept as small as possible using VLAN pooling.
New Contributor
Posts: 4
Registered: ‎04-13-2009

Re: AP vlan design

I dont really want to dig up older topics, but I wanted to reply for those who may come across this while designing their networks.

 

Taken from: 

VRD_Campus_Networks.pdf

 

 

"VLANs are used on the access side of the controller where the APs terminate their GRE tunnels. These VLANs
carry traffic back and forth between APs and the controllers. Aruba strongly recommends that edge access
VLANs should not be dedicated to APs. The only exception where the APs may have to be deployed on
dedicated VLANs is in environments where 802.1X is a requirement on the wired edge. The APs should use the
existing edge VLANs as long as they have the ability to reach the mobility controller. Deploying the APs and AMs
in the existing VLANs allows for the full use of the Aruba rogue detection capabilities."

Guru Elite
Posts: 20,816
Registered: ‎03-29-2007

Re: AP vlan design

Good quote.  I think the contributor above you was saying that APs and wireless clients should not be in the same VLAN, as opposed to APs being in a dedicated vlan.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor II
Posts: 202
Registered: ‎01-30-2013

Re: AP vlan design

Hi all,

 

I am a little confused.

 

We are implementing 100 ap´s and a 7210 controller.

 

What is the best way to do it?

 

1. Ap´s and controller are going to be placed in the client existent Vlan for MGMT. ( ex: create a scope in dhcp 10.200.1.xx)

 

2. Wlan clients are going to be in the client network ( dhcp , dns are in this network 55.0.0.xx)

 

Ap´s need to contact dhcp over the Core switch trunk..

 

id this possible and good practise?

 

Regards

Guru Elite
Posts: 20,816
Registered: ‎03-29-2007

Re: AP vlan design

The access points can be on any VLAN, as long as they can discover and contact the controller on its master ip address.

 

It is best practice to have the wireless users in their own VLAN.

 

That is all.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor II
Posts: 202
Registered: ‎01-30-2013

Re: AP vlan design

Deal :)

 

Ap´s and controller going to be on Vlan MGMT that already exists on the client.

 

Users have their own Vlan configured at the core switch. We are going to use that one in network 55.0.0.xx for wireless testing

 

That was only the point , if users in a different network could get to the AP and gain Wlan access (that are going to be in 10.200.1.xx network).

 

This will be a best practise , in my point of view, since AP´s are not bumpped into all the broadcast traffic of the users network.

 

Regards

Regular Contributor II
Posts: 202
Registered: ‎01-30-2013

Re: AP vlan design

also

 

do I need to create all Core Vlans in the Mobility Controller?

 

the MGMT yes, but the other also ? the ones that are already in the client side? ( users,servers etc?)

Guru Elite
Posts: 20,816
Registered: ‎03-29-2007

Re: AP vlan design


brunoaraujocosta wrote:

also

 

do I need to create all Core Vlans in the Mobility Controller?

 

the MGMT yes, but the other also ? the ones that are already in the client side? ( users,servers etc?)


No.  Make the user VLAN a trunk to a layer3 switch that does the routing for that VLAN.  Wireless clients will be bridged to that VLAN and the layer3 switch will take care of all of the routing to the server Vlans, etc.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 118
Registered: ‎02-10-2011

Re: AP vlan design

If the AP's are at the same site as the controller that is a different design then if the AP's are at a remote site to the controller.  In the case where the AP's and the controller are at the same site, I would recommend the following:

 

1) connect the AP's to switches and vlans the same as wired workstations.

2) connect the controller to your network and either use an existing subnet or create a new one for the controller (depends on if you have a firewall you route through, I prefer a separate vlan between the controller and the firewall as the firewall is my default gateway).

3) define new subnets on the controller for the wireless clients.  The AP's will get an IP out of the user vlans and communicate back to the controller. The wifi client traffic tunnels back to the controller and then obtains an IP out of the wireless vlans you created.  You can assign client vlans using dhcp on the controller or better yet from a corporate dhcp server.

 

Hope that helps,

 

Ian

Search Airheads
Showing results for 
Search instead for 
Did you mean: