It makes sense, but I'm still not sure I follow the logic. Let me state it another way and pose it as a different type of question(s).
Let's say I have a network that looks roughly like this
|Area 1 | |Area 2 | |Area 3 | |Area 4 |
[Switch 1 ] [Switch 2 ] [Switch 3 ] [Switch 4 |
[VLAN: 10,15,5 ] [VLAN: 20,25,5 ] [VLAN: 30,35,5 ] [VLAN: 40,45,5 ]
| | | |
+----------------------------+---------------+-------------+----------------------------+
|
|
| NOC |
| VLAN ID: 50 |
[ Backbone Routing Switch ]
[ VLAN: 5,10,15,20,25,30,35,40,45,50 ]
So in this case we have 4 subnets in different distribution areas of a building. The gateway for all is a central L3 routing backbone switch which ties all the edge switches together.
Let's assume that VLAN 10,20,30 and 40 are for wired clients. So each area has it's own broadcast domain and therefore excess traffic is kept to a minimum.
What I'm getting from the docs I've read so far combined with what you're saying is this. That if we want to use VLAN 15, 25, 35, and 45 respectively for our wireless clients, the ONLY way to do this would be to put the IAPs native VLAN to 5, but then we would need to set up VLAN pooling on the IAPs and use all 4 VLANs. Which means that ALL four areas, area 1,2,3 and 4 switches would need to be configured to have all four VLANS sent to them, 15,25,35 and 45. Or alternatively we just choose one of these VLANS (let's say 15) and put ALL clients on that VLAN and send that vlan to all 4 distribution switches.
Doesn't anyone else see a problem with that? I swear I'm not trying to be dense, I'm just trying to understand.
If we have to send all 4 VLANS to EVERY distribution point we have, then aside from isolating a small amount of broadcast traffic, what have we gained at all from even using VLANS? We're sending all the traffic to all our distribution poinits anyway, so what isolation have we really gained? Our fiber uplinks to our edge switches instead of containing traffic for just 2 or 3 VLANS now has to pass traffic for 6 VLANS... So what's the point?
Wouldn't it make a LOT more sense to have each client VLAN seperated except the management for the cluster? So that all APs can talk on a single VLAN, but that is management traffic which is somewhat minimal. So a client connects in Area 1 and receives an IP address on VLAN 15. That client then roams to Area 3. When the AP there see's the client it knows that it is not directly attached to that VLAN, but it knows that the AP in Area 1 is, so a tunnel is established and any traffic for the client is forwarded to the AP in Area 1, which then passes it on through VLAN 15. That's how I undertstood this all to work when talking to the sales rep, and to me it makes the most sense.
As I stated before, if we have to configure all the wireless VLANS to go out to ALL our edge switches anyway, then what's the point of even having separate VLANs?
Is there something I'm just not getting here?