Wireless Access

Reply
Contributor I

SSIDs, Vlans, leases... Best practices?

Recently started a new job and have inherited an existing Aruba wlan (running v3x code).  Im new to Aruba and wifi in general, so its a steep learning curve, and inevitably quite easy to get things wrong.  So, Im after a bit of guidance!

 

We broadcast approx 8 ssids (which I cant help think is way too many, and should be about half that at most).  For arguments sake, there are also 8 /24 networks, leases for which are serviced by an external dhcp server.  Some of the ssids have multiple vlans assigned to them, and we are now running out of available leases for some.  Many of these lease pools are shared between multiple ssids.

 

In the case of one ssid, it has 2 vlans assigned to it, however, these vlans are also used by other ssids.  I could move some of these lesser used ssids onto other vlans so that the primary campus ssid has more available addresses, or simply add a third vlan.  I dont know how aruba load balances between these vlans, but as it obviously doesnt talk directly to the dhcp server,  it wont know how many active clients a lease pool has.  Consequently, one lease pool is exhausted, whilst the other is at 60% capacity.

 

What are the best practices where the following is concerned:

 

Max amount of SSID being broadcast

Network size associated with each ssid (large subnet, or many smaller?)

Would aruba better manage the leases and load balances more efficiently rather than external dhcp server?

 

Any assistance would be appreciated!

 

Thanks

 

Guru Elite

Re: SSIDs, Vlans, leases... Best practices?


Sk3l3tor wrote:

Recently started a new job and have inherited an existing Aruba wlan (running v3x code).  Im new to Aruba and wifi in general, so its a steep learning curve, and inevitably quite easy to get things wrong.  So, Im after a bit of guidance!

 

We broadcast approx 8 ssids (which I cant help think is way too many, and should be about half that at most).  For arguments sake, there are also 8 /24 networks, leases for which are serviced by an external dhcp server.  Some of the ssids have multiple vlans assigned to them, and we are now running out of available leases for some.  Many of these lease pools are shared between multiple ssids.

 

In the case of one ssid, it has 2 vlans assigned to it, however, these vlans are also used by other ssids.  I could move some of these lesser used ssids onto other vlans so that the primary campus ssid has more available addresses, or simply add a third vlan.  I dont know how aruba load balances between these vlans, but as it obviously doesnt talk directly to the dhcp server,  it wont know how many active clients a lease pool has.  Consequently, one lease pool is exhausted, whilst the other is at 60% capacity.

 

What are the best practices where the following is concerned:

 

Max amount of SSID being broadcast

Network size associated with each ssid (large subnet, or many smaller?)

Would aruba better manage the leases and load balances more efficiently rather than external dhcp server?

 

Any assistance would be appreciated!

 

Thanks

 


Others will probably comment, and it will be good so that you get an idea of what others are doing, but here goes:

 

- Try to keep the number of wireless networks to 4 and below.  Why?  The wifi overhead created by advertising more than 4 SSIDs will dedicate much more traffic to management duties and much less to actual data.  Please see the article here:  http://community.arubanetworks.com/aruba/attachments/aruba/115/1358/1/AppNote.MultipleBSSIDs.pdf

 

- You might want to plan to move (with the help of TAC) off of 3.x code, because there is no active development of features, just security fixes.  More recent codes has more features to deal with performance and manageability.

 

- You should redesign your SSIDs based on the lowest common denominator of encryption type supported by devices.  If your devices support the same encryption, newer versions of code allow you, through roles and VLANS to put them in the VLAN and apply the security needed to keep them separate from other clients if necessary.  VOIP clients are frequently an exception to this rule.

 

- Last but not least, if you have alot of clients, you either have the option of having a large subnet (we have seen people go up to /21s) or short DHCP leases or a combination of both.  Broadcast suppression has improved in later versions of code to support such a deployment.

 

And of course, the devil is in the details and you should work with support and/or a consultant so that they can give you specific information on how to improve things.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: SSIDs, Vlans, leases... Best practices?

Thank you...  Youve pretty much confirmed what Id manage to gather from doing some research. 

 

It does pretty  much mean however, that we have to seriously think about how our wlan is setup and pretty much redesign it from the ground up, with minimum impact.  Code upgrade was on the list of things to do first! 

 

Ill just have to see what I can do hold things together whilst we look at the bigger picture, rather than trying to simply get things working by whatever means.  I think its a case of pulling the wall down and building new foundations, rather than simply filling in the cracks!

 

 

 

 

 

Contributor II

Good comments so far. For SSIDs you have to look at encry...

Good comments so far. For SSIDs you have to look at encryption and and ssid profile specific settings like rates and intervals. I'd also suggest checking out vlan pooling. Everyone is slightly unsure at first not knowing what vlan a client will be in, but you get used to it. I am not sure what release it came out in, but an upgrade should likely be top of the list. Hopefully you can concentrate on those clients managed by group policy and served by dhcp first.

Contributor I

Re: Good comments so far. For SSIDs you have to look at encry...

Thanks again..  I was reading about vlan pooling and did wonder whether it would resolves issues relating to keeping the subnet size relatively small to minimise broadcast domains, and also to better assist with load balancing.  Theres no balance between 2 vlans we have servicing an SSID, consequently one lease pool always runs out while the other has loads of leases left. 

 

Also, when having to give clients on this ssid a static address, we have to make reservations in both lease pools, as we have no way of knowing or forcing a cient onto a particular vlan to guarantee its ip.. this isnt a very efficient use of addressing.

 

Its quite obvious that a code upgrade is on the cards anyway.  But I think the other main priority is to decide how to structure roles to cover the many different configurations of users, devices (and their encryption requirements) and their access onto the network, this will then dictate the structure of ssids etc.

 

I think in the meantime, to keep things ticking over, whilst I bury myself if some manuals.. Ill try to releive the strain on some of the lease pools by moving some of the SSIDs onto other vlans.  However, looking into this, I may have to allocate a 3rd /24 vlan, therefore 3 in total.. would it be best to simply expand the subnet size, rather than have 3 vlans, due to the balancing issues we have?  On some devices, we need to ensure that it picks up the same IP, so I suppose expanding the subnet to encompass the 3 vlans is perhaps our only option?

 

** For some reason leases still seem to be running out on the first vlan.. how is aruba meant to balance across the 3 vlans I have assigned to the ssid??

 

Thnaks

 

 

 

Cheers

Guru Elite

Re: Good comments so far. For SSIDs you have to look at encry...

In your version of code pooling is done via a Hash, which in extreme cases can make pooling very on-sided.  In the 6.1.3.x versions of code there is an option to evenly distribute clients into VLANs.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: Good comments so far. For SSIDs you have to look at encry...

Our main ssid had 2 /24 networks assigned to it.  Some of these devices need to have static addresses, so we have to reserve an address in each of the lease pools, as we have no way of knowing or controlling which of the vlans the client is going to connect on.  Can this be controlled at all, can we force a client onto a particular vlan? 

 

Im new to working the controller, and have a lot to learn, but its becoming apparant that its current configuration isnt ideal for our evolving needs, and we need to redesign from the ground up.  Ive recently been able to extract a controller from a vrrp group to provide a testing environment.  Our current hardware prevents us from upgrading to 6x, so I have ugraded this standalone master to the latest 5x code, and am working my way through the manual!

 

I need to try and keep things ticking over in the short tem, and this issue of leaese pools filling up is my first concern.  Ive added a 3rd vlan to the primary ssid in the hope of giving me a little more breathing space.. and will have to address the issues of devices with static addresses, one by one. 

 

Looking forward, I suppose we either have to increase the size of the subnet or look into the vlan pooling option.

 

Thanks for your input.

Occasional Contributor I

Re: Good comments so far. For SSIDs you have to look at encry...

Hi Cjoseph,

Can you provide the command which can help to evenly distribute clients into VLAN. 


So for example I have a 3 subnets (vlans) being used for 2 SSID's, and I see one of the subnet gets utilized to 100% and my prospective hosts are unable to connect to the SSID since one of the subnets is full. 

Is there anything we can configure on the aruba so that the load is distributed across 3 difffrent subnets uniformly.

 

Thanks

 

Guru Elite

Re: Good comments so far. For SSIDs you have to look at encry...

You have to configure a VLAN name and assign that to the Virtual AP with the Even Pooling designation:  http://www.arubanetworks.com/techdocs/ArubaOS_62_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/vlan-name.htm?Highlight="even vlan pool



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Good comments so far. For SSIDs you have to look at encry...

Sorry forgot to mention. this command is not available on 6.1.3.9 as per the documentation on the link,....is there any other way out of this problem ? 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: