Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

IAP VRD

This thread has been viewed 59 times

  • 1.  IAP VRD

    Posted Nov 28, 2013 03:44 AM

    Hi,is there an official VRD for IAP installs, for instance 50 + IAP 105s in a school environment with clearpass and Apple TV ?

     

    Thanks

     



  • 2.  RE: IAP VRD

    EMPLOYEE
    Posted Nov 28, 2013 10:18 AM
    • MOST IMPORTANT!!! Keep the management VLAN for IAPs separate from the client VLAN (both wireless and wired).
    • Enable Dynamic Multicast Optimization
    • Enable Broadcast Filter ARP
    • Enable Multicast Transmission Optimization
    • Enable band steering
    • Enable fair access for airtime fairness
    • Enable spectrum load balancing
    • 2.4 GHz  transmit rate set to 6 
    • Local Probe Threshold set to 20
    • Max Clients changed from 50 to 64
    • Inactivity timeout set to 300 from 1000
      • Pro = less time in station table when roaming
      • Con = Users have to reauth more on Auth based SSID, open is just associate
    • VLAN pooling with appropriate number of IDs


  • 3.  RE: IAP VRD

    Posted Nov 28, 2013 10:26 AM

    Hi, cheers for that, looking to put 60 in one flat mgmt lan, so just 1 virtual controller, can the 1 virtual handle the overhead ?



  • 4.  RE: IAP VRD

    EMPLOYEE
    Posted Nov 28, 2013 10:31 AM

    Yes...that should be fine so long as you do point #1!



  • 5.  RE: IAP VRD

    Posted Nov 28, 2013 10:33 AM

    Ok will do, cant see anything on vlan pooling in the docs ?



  • 6.  RE: IAP VRD

    EMPLOYEE
    Posted Nov 28, 2013 10:34 AM

    When you define your static VLANs when creating the network (SSID), just do a comma separated list.

     

    I.E --> 10,20,30,40



  • 7.  RE: IAP VRD

    Posted Mar 23, 2015 09:35 AM

    Hi Seth!

     

    I´m a bit suprised about no 1 since I´m pretty sure we were recommended on an Airheads to place IAPs on wired client VLAN and wireless clients on separate VLAN. This was due to better rogue detection etc.

     

    Has this changed? Otherwise please evaluate the harm in placing IAPs on wired client VLAN.

     

    Cheers,



  • 8.  RE: IAP VRD

    EMPLOYEE
    Posted Mar 23, 2015 09:37 AM

    The IAPs should have a separate management subnet and additional client VLANs can be tagged on the link.

     

    The IAP can see traffic on all tagged VLANs so rogue detection is still possible.



  • 9.  RE: IAP VRD

    Posted Mar 23, 2015 09:40 AM

    That does mean that virtual assigned subnet and Local scopes will be source NAT:ed behind an IP on that management subnet? That will be a problem for me to deploy.



  • 10.  RE: IAP VRD

    EMPLOYEE
    Posted Mar 23, 2015 09:42 AM
    How are you deploying it today?


  • 11.  RE: IAP VRD

    Posted Mar 23, 2015 09:48 AM

    In the scenario I´m thinking of we have a management subnet where switches, servers etc are placed, there´s a wired client subnet where IAPs get their IP-addresses and VC-IP is configured. Wireless clients are put in a tagged VLAN and guests are on a virtually assigned network being source NAT:ed out to the wired client network and goes to the internet.

     

    By changing to put the IAPs on the management subnet, I´ll change where the guest traffic goes and we can´t have that on the management subnet. I havn´t seen a way to change where the virtual network gets NAT:ed to, is there such configuration?