Wireless Access

Reply
Frequent Contributor I
Posts: 66
Registered: ‎05-12-2009

Guest VLAN Size

I am wondering how others are sizing their VLAN's for guest users.  I am running out of address space due to users camping on the SSID and never authenticating.    Right now I have 11 local controllers with GRE tunnels bringing all traffic back to the master on VLAN 404.  Vlan 404 is currently a /24 and would need to be at least double if not tripled in size.  I am concerned about the amount of broadcast traffic.  I have bcmc-optimization enabled however I still have concerns about this many clients on a single vlan broadcasting accross WAN links.  I am considering creating a smaller local VLAN and not tunneling the traffic back for some of our larger sites.  Are others running into similar issues?

Aruba Employee
Posts: 39
Registered: ‎04-11-2007

Re: Guest VLAN Size

One thing you can do is to reduce the DHCP lease time on the guest SSID. As you say some user devices will grab an IP address but never authenticate. By reducing the DHCP lease time you will refresh the DHCP pool if a user happen to wander in and out of coverage without actually using the guest wifi. If you would typically expect your guests to only use the wifi for a few hours then I would start with a 2 hr lease time and see what impact that has on the available addresses.

Frequent Contributor I
Posts: 66
Registered: ‎05-12-2009

Re: Guest VLAN Size

Thanks for the info.  I have my lease time currently set for 2 hrs.  I was thinking of going lower but am concerned about all the broadcast traffic accross the tunnels.  I have a feeling it may be users who dont even know they are connected but may not be transient.  I can simply make the scope larger or I could not tunnel some of the traffic back to the master and carve out smaller subnets locally for some sites that have their own internet egress.  Wondering I guess how others have designed their guest network.

 

Thanks

Guru Elite
Posts: 21,252
Registered: ‎03-29-2007

Re: Guest VLAN Size


jmadej wrote:

Thanks for the info.  I have my lease time currently set for 2 hrs.  I was thinking of going lower but am concerned about all the broadcast traffic accross the tunnels.  I have a feeling it may be users who dont even know they are connected but may not be transient.  I can simply make the scope larger or I could not tunnel some of the traffic back to the master and carve out smaller subnets locally for some sites that have their own internet egress.  Wondering I guess how others have designed their guest network.

 

Thanks


Jmadej,

 

When clients renew their DHCP address it is normally a unicast to the DHCP server, not a broadcast.  If you are dropping broadcasts at the Virtual AP the majority of broadcasts are eliminated, as well.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: