Q: Aruba allows multiple vlans to be added in a pool for a particular VAP. what are best practices regarding:
a. Vlan pooling algorithm.
b. subnet sizes.
c. Broadcast and multicast optimizations.
d. DHCP lease times.
A: 1. Use hash based pooling algorithm:
(Master) (config) #vlan-name pool-a assignment hash
(Master) (config) #vlan pool-a 1,2
(Master) (config) #show vlan mapping
Vlan Mapping Table
VLAN Name Assignment Type VLAN IDs
--------- --------------- --------
pool-a Hash 1-2
2. All the vlan subnet sizes should be the same.
3. Enable bc-mc optimization on the vlan:
(Master) (config) #interface vlan 1
(Master) (config-subif)#bcmc-optimization
(Master) (config-subif)#
(Master) (config-subif)#show interface vlan 1
VLAN1 is up line protocol is up
Hardware is CPU Interface, Interface address is 00:0B:86:6E:D8:2C (bia 00:0B:86:6E:D8:2C)
Description: 802.1Q VLAN
Internet address is 10.1.1.2 255.255.255.0
IPv6 is enabled, link-local address is fe80::b:8600:16e:d82c
Global unicast address(es):
2001::1, subnet is 2001::/64
IPv6 Router Advertisements are disabled
Routing interface is enable, Forwarding mode is enable
Directed broadcast is disabled, BCMC Optimization enable ProxyARP disabled Suppress ARP enable
Encapsulation 802, loopback not set
MTU 1500 bytes
Last clearing of "show interface" counters 1 day 9 hr 23 min 16 sec
link status last changed 1 day 9 hr 19 min 45 sec
Proxy Arp is disabled for the Interface
4. Configure broadcast filters on VAP:
(Master) (config-subif)#
(Master) (config-subif)#wlan virtual-ap default
(Master) (Virtual AP profile "default") #broadcast-filter arp
(Master) (Virtual AP profile "default") #broadcast-filter all
(Master) (Virtual AP profile "default") #show wlan virtual-ap default
Virtual AP profile "default"
----------------------------
Parameter Value
--------- -----
AAA Profile default
802.11K Profile default
Hotspot 2.0 Profile N/A
SSID Profile default
Virtual AP enable Enabled
VLAN N/A
Forward mode tunnel
Allowed band all
Band Steering Disabled
Steering Mode prefer-5ghz
Dynamic Multicast Optimization (DMO) Disabled
Dynamic Multicast Optimization (DMO) Threshold 6
Drop Broadcast and Unknown Multicast Enabled
Convert Broadcast ARP requests to unicast Enabled
Authentication Failure Blacklist Time 3600 sec
Blacklist Time 3600 sec
Deny inter user traffic Disabled
Deny time range N/A
DoS Prevention Disabled
5. Reduce the DHCP lease time.
a. For client server based applications like VOIP clients / Vocera badges, configure it a few hours more than the expected time that device will be alive on the network. For example for 8 hours shift, we can set the DHCP lease times to 10-11 hours.
b. For guest SSIDs, we can set the DHCP lease times to even lesser value. However if the client gets a different IP address from the DHCP server, it might be again presented with captive portal page once it gets a different IP address.