You will always want the controllers to be on the smallest broadcast domain possible to maintain and improve performance. If you have a choice, keep the access points, clients and controller on different subnets. Of course you need to trunk the client VLANs to the controller, but do not put ip addresses on the client VLANs on the controller, unless you have a captive portal.
EDIT: If it didn't make it clear, there are no problems with having traffic routed at the core.
EDIT#2: If you put an additional ip address on a controller and the access points discover the controller on that ip address, the access points will be redirected to the controller IP and that is the ip address that the controller will use to communicate with the access point. You would have to change the "controller-ip" to the new ip address for the controller to only communicate on that new ip address..
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides:
https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card------------------------------
Original Message:
Sent: Sep 16, 2022 01:46 PM
From: Paul Jackson
Subject: Controller VLAN IP on same VLAN/subnet as APs - anything to watch out for?
We have a pair of 7210 controllers (aka MDs) and a virtual MM. Controllers are running 8.10.0.1.
We currently have our APs on two VLANS (call them A and B), and our controllers have management IPs on VLAN C. Traffic to the APs is routed via the management IP using the default route set in the controllers. We would like to add VLAN IPs on VLANs A and B on the controllers so traffic doesn't have to be switched at the core, and so that production traffic is separate from AP - controller traffic. I would assume once we create these IPs, the IP stack on the controller would begin sending packets destined for APs from the new VLAN IPs. Is this a safe assumption? Is there anything we should keep in mind while making this change?