Wireless Access

Reply
Regular Contributor I
Posts: 236
Registered: ‎04-03-2007

vlan pool limit

Hi all,

Due to increasing demand we recently added additional /23 vlans to the vlan pool for our .1x SSID (VAP). There are now thirty two (32) /23 subnets in that vlan pool. My understanding is that 32 vlans is the limit per VAP. Has anyone hit this limit? How did you resolve it? I've enumerated a few thoughts below but all have potential pitfalls.

1. Switch from /23 to /22 subnet masks -- Anyone doing this? Will there be broadcast headaches?

2. Break up our campus-wide .1x SSID (VAP) into two or more VAPs using the same SSID for each VAP  -- Is this advised? Would it work? How badly will clients be affected by breaking L2 roaming?

3. Introduce a third campus-wide SSID (e.g. FAC/STAFF and STUDENT) -- Will take a lot of work from backend auth to PR.

4. Shorten external DHCP lease times, (currently 40 minutes) to 30 minutes or less - Seems like this will buy us some time up front but will not scale..is anyone running shorter lease times successfully?

5. (More of a question)  What happens if I add more than 32 vlans to the VAP? Will they be ignored? Will things break?

 

We have one master and nine locals. All M3ks. About 3750 APs. We use publicly routed IP addresses. We're running 6.1.3.2 and do not currently have L3 roaming enabled.

Thanks in advance for you suggestions and thoughts. We anticipate many more users coming online when we add additional res halls next semester.

Frequent Contributor II
Posts: 135
Registered: ‎07-06-2012

Re: vlan pool limit

[ Edited ]

Divide the APs among different (AP groups) and then you can have different VAP in each (AP group), however, the difference is not the SSID name, it will be the VLAN IDs (in other words subnets) and make two different  30 vlan pool in each group. and so on.

 

As you know aruba recommends /24 networks with around 200 user.

Guru Elite
Posts: 20,764
Registered: ‎03-29-2007

Re: vlan pool limit

[ Edited ]
Mdickson, please see <Inline>
mldickson wrote:

Hi all,

Due to increasing demand we recently added additional /23 vlans to the vlan pool for our .1x SSID (VAP). There are now thirty two (32) /23 subnets in that vlan pool. My understanding is that 32 vlans is the limit per VAP. Has anyone hit this limit? How did you resolve it? I've enumerated a few thoughts below but all have potential pitfalls.

1. Switch from /23 to /22 subnet masks -- Anyone doing this? Will there be broadcast headaches?

<Yes.  As long as you are suppressing broadcasts this is a viable option.  You could expose more clients broadcasts using VLAN pooling, believe it or not, because clients that would not normally have to pause for broadcasts would have to.>

2. Break up our campus-wide .1x SSID (VAP) into two or more VAPs using the same SSID for each VAP  -- Is this advised? Would it work? How badly will clients be affected by breaking L2 roaming?

<It is advised and we can turn on Mobility if necessary to allow users to roam across controllers and retain their ip address.  This would need to be planned out carefully to minimize mobility events.>

3. Introduce a third campus-wide SSID (e.g. FAC/STAFF and STUDENT) -- Will take a lot of work from backend auth to PR.
<Avoid this, if you can>


4. Shorten external DHCP lease times, (currently 40 minutes) to 30 minutes or less - Seems like this will buy us some time up front but will not scale..is anyone running shorter lease times successfully?
<Many users are running shortened lease times, especially on Open SSIDs with "drive-by" traffic.  Push as many users to 802.1x where only authenticated users actually consume ip addresses.  If necessary, obtain an evaluation version of Quickconnect which will automate 802.1x configuration for WLAN clients.>


5. (More of a question)  What happens if I add more than 32 vlans to the VAP? Will they be ignored? Will things break?

<Not sure, but that is the advertised limit, which means "not tested beyond-and-don't-call-support-if-you-deploy-like-this">

 

We have one master and nine locals. All M3ks. About 3750 APs. We use publicly routed IP addresses. We're running 6.1.3.2 and do not currently have L3 roaming enabled.

<It would be interesting to hear what others are doing and the recommendations they have.  These are just general suggestions and the advice you take should depend on quite a few factors that are not apparent here>

Thanks in advance for you suggestions and thoughts. We anticipate many more users coming online when we add additional res halls next semester.


 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 2,948
Registered: ‎10-25-2011

Re: vlan pool limit

Collin i got a question for you

Does i need to have BYOD to use just BYOD Quick connect?

 

Is there  a way i could just use BYOD Quick connect with a normal EAP PEAP or EAP TLS enviroment  just to distribute in a easy way access  with 802.1x for non microsoft devices(in which you cannot use group policy?) for example  IPADS androids and stuff like that ?

 

I mean without bying all the BYOD thing...

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 2,948
Registered: ‎10-25-2011

Re: vlan pool limit

[ Edited ]

Hello for the part of

(More of a question)  What happens if I add more than 32 vlans to the VAP? Will they be ignored? Will things break?

<Not sure, but that is the advertised limit, which means "not tested beyond-and-don't-call-support-if-you-deploy-like-this">

 

Well if you got a vlan pooling and you using 32 vlans in there is not recommended

On the VRD HD it says

 

Do not have more than 10 VLANs within a pool so that broadcast or multicast traffic does not
consume too much air time access.

 

Collin do you know how this consume more airtime?

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 20,764
Registered: ‎03-29-2007

Re: vlan pool limit


NightShade1 wrote:

Hello for the part of

(More of a question)  What happens if I add more than 32 vlans to the VAP? Will they be ignored? Will things break?

<Not sure, but that is the advertised limit, which means "not tested beyond-and-don't-call-support-if-you-deploy-like-this">

 

Well if you got a vlan pooling and you using 32 vlans in there is not recommended

On the VRD HD it says

 

Do not have more than 10 VLANs within a pool so that broadcast or multicast traffic does not
consume too much air time access.

 

Collin do you know how this consume more airtime?


If you have just one VLAN and a user sends out a broadcast and you have "Drop Broadcast and Multicast" turned on, the user will send a broadcast to the controller.  All the users on the SAME access point will have to wait until that user sends that packet, which is not bad, at all.  If you use VLAN pooling is ON and users on more than one VLAN are on that access point, all the users in the OTHER VLANS will have to wait until that user sends that packet.  On a very small level, this is not significant.  If you are talking about pooling 10 VLANs, it could be significant based on your traffic pattern.

 

There is no single way to do it, but if you use a large VLAN and use Broadcast Suppression (Drop Broadcast and Multicast), you can *possibly* get more throughput.  If Running out of ip addresses is a bigger problem, use a bigger VLAN so that you only have to manage less of them.  Network design is about looking at all of the factors in detail and coming up with a solution.  With that being said, there is no one way to do everything....  Just try to do it both ways and see how things work each way.  There is nothing stopping anyone from using a /21 due to broadcast suppression controls...

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 2,948
Registered: ‎10-25-2011

Re: vlan pool limit

Okay Collin

Thank you for your explanation and time now its more clear!

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Frequent Contributor I
Posts: 93
Registered: ‎04-09-2007

Re: vlan pool limit

[ Edited ]


cjoseph wrote:

[...]

If you have just one VLAN and a user sends out a broadcast and you have "Drop Broadcast and Multicast" turned on, the user will send a broadcast to the controller.  All the users on the SAME access point will have to wait until that user sends that packet, which is not bad, at all.  If you use VLAN pooling is ON and users on more than one VLAN are on that access point, all the users in the OTHER VLANS will have to wait until that user sends that packet.  On a very small level, this is not significant.  If you are talking about pooling 10 VLANs, it could be significant based on your traffic pattern.

 

[...]

 


OK - needed to edit - lost my comments...

If broadcast and multicasts are dropped how does this change?

for a given AP with 10 clients on an ssid:

single vlan:

client send a bcast - 9 other clients on ssid (and same vlan) need to wait

 

vlan pooling:

client sends a bcast - 9 other client on ssid (regardless of vlan) need to wait

 

Is the 10 number specifically recommended if bcast and mcast are not being dropped?

 

or is 10 a sweet spot for the hashing algorithim... ie in steadof 32 vlans of /24's - I should go for 10 vlans of /22's?

ie size the subnets so that 10 of them will meet needed ip space?

 

 

Regular Contributor I
Posts: 236
Registered: ‎04-03-2007

Re: vlan pool limit

Thank everyone for the excellent suggestions. At the end of last semester we switched from 40 minute to 30 minute lease times for each of our 32 vlans (/23 subnets) in the pool. This has had a dramatic effect and so far this semester, even with slightly more devices, we have seen roughly a 30% reduction in utilized leases.

 

We'll hold the line for now. If and when we grow out of our current pools we'll probably move up to /22s.

 

Best,

Mike

Guru Elite
Posts: 20,764
Registered: ‎03-29-2007

Re: vlan pool limit

Mike,

 

Please keep us posted on your progress!



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: