Wireless Access

We continue to need to allocate more ip addresses to wireless clients than are actually needed for network connections. We currently have 27,000 allocated, and there’s nowhere near that many concurrent wireless network connections doing real work.

We use ISC DHCP (infoblox) to hand out leases. We have two SSIDs. Our open SSID has 6k leases available with a 12wk high water mark of 4.7k devices. Our .1x SSID has 21k leases available with a 12wk high water mark of 15.7k devices. During peak times we are getting alerts that our lease pools are hitting 95% utilization.

Is close to a 30% lease overhead normal, acceptable and standard? Is this what other folks are seeing?

Thanks,

Mike

mldickson,

I will let others discuss their lease percentages.  The big question is, how long are your leases?  We all know about the drive-bys that never authenticate, but associate to an open network and do nothing...

mldickson,

Think about it this way:

Two users who never intended on getting on your network will use up an hour of lease time..

I would drop it to 15 minutes and re-measure.  I would also push for 802.1x use where you can.

Decreasing the lease time does make devices request a dhcp address more frequently and if you are using drop broadcast and multicast, it amounts to a unicast request, traffic wise...

---

@cjoseph wrote:

mldickson,

 

Think about it this way:

 

Two users who never intended on getting on your network will use up an hour of lease time..

 

I would drop it to 15 minutes and re-measure.  I would also push for 802.1x use where you can.

 

Decreasing the lease time does make devices request a dhcp address more frequently and if you are using drop broadcast and multicast, it amounts to a unicast request, traffic wise...

---

We are using drop broadcast and multicast.

Our user idle timeout is currently set for 15 minutes. If we drop the DHCP lease time from 30 to 15 minutes should we change this as well? To what value? Would anything need to get changed? I seem to recall that we tried lowering lease times in the past but backed out for some reason.

Are other large-ish deployments using lease times lower than 30 minutes with no issues?

Thanks for the info.

I *think* I recall that when we tried lowering DHCP lease times to 15 minutes we also lowered user idle timeout to (5 minutes?). I believe user idle timeout MUST be lower than lease time by some amount, right? Anyway, I think the issue was either that our open ssid (captive portal) users were getting frustrated with the short time to log in, or it was that DHCP server were becoming overwhelmed.

We are also looking at putting encryption in front of the open ssid to lower the drive-by factor.

Mike

mldickson,

You just need to make sure that your lease time is longer than your idle-timeout.  (so your lease can be 16).