VLAN pooling is not recommended in general for WLAN (with Aruba). The recommended approach is to have a single VLAN and use broadcast/multicast control to avoid the reason that you have smaller subnets on most wired networks. What you describe would be expected as the AP does not track DHCP scopes, and due to the distributed nature of Instant APs, it would be hard to track if scopes are full. Also, IF you use pooled VLANs, make sure that all subnets are of an equal size as clients will be (more or less, statistically) equally distributed over the different VLANs. With unequal sizes, if one out of 3 VLANs runs out of the DHCP scope, one third (statistically) of new clients won't get an IP. With statistically, I mean that a 'hash' of the client MAC address is used to determine to what VLAN a client is assigned; this is one of the few methods that work in a distributed environment.
I would go back to your customer and explain that not allowing /21s is breaking the design rules, wastes available IP addresses and results in the issues that you have seen. If you allocate 3x /21, it should be good, and if you stay below the maximum number of clients per VLAN (which may be what the customer tries to achieve/means), you'll get a similar result. But, I would just stay away from VLAN pooling unless you absolutely have to, and in that case design accordingly.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jun 03, 2024 05:56 PM
From: xovrtechs
Subject: VLAN Pools and DHCP scope exhaustion
Hi
I've just implemented VLAN Pooling for a client whose IP range does not, for various reasons, allow for one contiguous /21 to be assigned to their main wifi vlan. I've had to split out a few contiguous /24s and /23s from the /21 and define multiple (3) vlans on their switches (2930s and 2530s).
The relevant bits from the instant config:
vlan-name wifi-2
vlan-name wifi-3
vlan-name wifi-1
vlan wifi-2 21
vlan wifi-3 22
vlan wifi-1 20
and
wlan ssid-profile "xxx Primary School"
enable
index 0
type employee
essid "xxx Primary School"
wpa-passphrase xxx
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 20,21,22
rf-band all
captive-portal disable
dtim-period 1
broadcast-filter arp
g-min-tx-rate 11
a-min-tx-rate 24
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 128
The issue we're seeing is that clients seem to get allocated one of the three vlans just fine and lease an address from the DHCP server. But once that particular VLAN's DHCP scope is full the Instant controller doesn't seem to know about this and so the client simply can't lease an address and the user is left without Internet access. When I've implemented VLAN pooling on some other vendors equipment there has been an option to tell the wifi controller how many IP addresses are in the scope or set a maximum number of clients per vlan member of the pool. Is there anything like this with Instant (v8) otherwise I can't see the feature being of much use?
Many thanks