Wireless Access

Reply
Frequent Contributor II
Posts: 127
Registered: ‎12-19-2012

IAP VRD

Hi,is there an official VRD for IAP installs, for instance 50 + IAP 105s in a school environment with clearpass and Apple TV ?

 

Thanks

 

ACMA/ACMP
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: IAP VRD

  • MOST IMPORTANT!!! Keep the management VLAN for IAPs separate from the client VLAN (both wireless and wired).
  • Enable Dynamic Multicast Optimization
  • Enable Broadcast Filter ARP
  • Enable Multicast Transmission Optimization
  • Enable band steering
  • Enable fair access for airtime fairness
  • Enable spectrum load balancing
  • 2.4 GHz  transmit rate set to 6 
  • Local Probe Threshold set to 20
  • Max Clients changed from 50 to 64
  • Inactivity timeout set to 300 from 1000
    • Pro = less time in station table when roaming
    • Con = Users have to reauth more on Auth based SSID, open is just associate
  • VLAN pooling with appropriate number of IDs
Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Frequent Contributor II
Posts: 127
Registered: ‎12-19-2012

Re: IAP VRD

Hi, cheers for that, looking to put 60 in one flat mgmt lan, so just 1 virtual controller, can the 1 virtual handle the overhead ?

ACMA/ACMP
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: IAP VRD

Yes...that should be fine so long as you do point #1!

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Frequent Contributor II
Posts: 127
Registered: ‎12-19-2012

Re: IAP VRD

Ok will do, cant see anything on vlan pooling in the docs ?

ACMA/ACMP
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: IAP VRD

When you define your static VLANs when creating the network (SSID), just do a comma separated list.

 

I.E --> 10,20,30,40

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 301
Registered: ‎04-03-2014

Re: IAP VRD

Hi Seth!

 

I´m a bit suprised about no 1 since I´m pretty sure we were recommended on an Airheads to place IAPs on wired client VLAN and wireless clients on separate VLAN. This was due to better rogue detection etc.

 

Has this changed? Otherwise please evaluate the harm in placing IAPs on wired client VLAN.

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Guru Elite
Posts: 8,320
Registered: ‎09-08-2010

Re: IAP VRD

The IAPs should have a separate management subnet and additional client VLANs can be tagged on the link.

 

The IAP can see traffic on all tagged VLANs so rogue detection is still possible.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 301
Registered: ‎04-03-2014

Re: IAP VRD

That does mean that virtual assigned subnet and Local scopes will be source NAT:ed behind an IP on that management subnet? That will be a problem for me to deploy.

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Guru Elite
Posts: 8,320
Registered: ‎09-08-2010

Re: IAP VRD

How are you deploying it today?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: