Wireless Access

last person joined: 24 minutes ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Wired Ports on Hospitality AP's in student residences

This thread has been viewed 23 times
  • 1.  Wired Ports on Hospitality AP's in student residences

    Posted 23 days ago
    Hi,

    I was wondering what the consensus on best practice is for the wired ports on our AP203h AP's we have installed in student residences.
    Should you tunnel all the traffic back through the controller or change the port to a trunk and drop it locally onto its own vlan?

    I've been doing a few tests to see if there are performance benefits to either and noticed something odd. When you give the wired port a role so you can see it in the MM all the speed test uploads drop right down. Wonder if this is something to do with how the bandwidth policies handle that kind of traffic... odd.
    Doesnts seem to affect real world speed though and Fast.com seems to be the only one unaffected.

    thanks.


    ------------------------------
    matt pollard
    ------------------------------


  • 2.  RE: Wired Ports on Hospitality AP's in student residences

    Posted 23 days ago
    Matt, we currently just assign vlans to the ports.  I imagine if you wanted to leverage Network Access Controls through Clearpass (or other similar systems) you might need to tunnel traffic back to the controller.  If you don't really care about that, it's probably best to keep it simple.

    ------------------------------
    Jim Lucas
    ------------------------------



  • 3.  RE: Wired Ports on Hospitality AP's in student residences

    Posted 23 days ago
    Thanks, I'm currently leaning towards that myself. Being able to see what users are connected in Airwave and all the various other logging is nice, but its a lot of extra traffic for the controllers and adds a bit of complexity to fault finding.

    Once you trunked the ports the Ap's are connected to , did you use STP at the edge on the AP's?

    ------------------------------
    matt
    ------------------------------



  • 4.  RE: Wired Ports on Hospitality AP's in student residences

    Posted 23 days ago
    Good, question.  I'm not sure and will need to look.  We don't use the hospitality AP's in residence halls though, so it's typically not a concern.  I'm sure it is a big concern for you.  Have you tried it yet?

    ------------------------------
    Jim Lucas
    ------------------------------



  • 5.  RE: Wired Ports on Hospitality AP's in student residences

    Posted 23 days ago
    Not yet, i've mainly been playing with tunneling and gaining visibility. This is our first year with per room points so have gone from just being able to look at a port and see the mac of whats connected to having to trawl the controller CLI.

    I'm going to try tunneling next. I might be able to do it with a hybrid port instead of a trunk so i could still use STP at the switch edge. That will be my first try i think.

    ------------------------------
    matt
    ------------------------------



  • 6.  RE: Wired Ports on Hospitality AP's in student residences

    Posted 23 days ago
    I take my earlier statement back.  We actually are tunneling traffic back to the controller.  I think the reason was that it simplified our switch configuration.  In our case, the config would be the same everywhere for AP uplink ports, no need to trunk vlans throughout the network.  I'm still looking into what, if any, protection we have for STP loops.

    --





  • 7.  RE: Wired Ports on Hospitality AP's in student residences

    Posted 23 days ago

    We have around 600 RAPs deployed. We tunnel all traffic back to the controller.

    As for loops, you can enable spanning tree. You can also limit each port to only one MAC with 802.1x.

    Also, watch out for the 203's. They aren't compatible with Central - If that's on your road map!



    ------------------------------
    Aaron Klugherz
    ------------------------------



  • 8.  RE: Wired Ports on Hospitality AP's in student residences

    Posted 23 days ago
    We do not have loop protect enabled currently, however, now that you mention it, I'd like to enable it. I'll check with my staff to set up a test environment.  We have loop protection everywhere else, so it makes sense to do it here as well.

    --





  • 9.  RE: Wired Ports on Hospitality AP's in student residences

    Posted 23 days ago
    If you are tunnelling on an access port you shouldnt need to worry about it at the edge and i assume the controllers have built in loop protection? i've never actually looked...

    ------------------------------
    matt
    ------------------------------



  • 10.  RE: Wired Ports on Hospitality AP's in student residences

    Posted 23 days ago
    I would still be concerned about looping in the sense that someone brings a mini-switch in and creates a loop outside the port.

    --