Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAP distributed, L3 or Local, L3 dhcp services

This thread has been viewed 2 times

  • 1.  IAP distributed, L3 or Local, L3 dhcp services

    Posted May 12, 2015 11:42 AM

    I will be deploying a rather large Instant network which will be managed by Airwave or at least I hope it will :)

    I am trying to determine the best configuration for DHCP for this network. I don't want it to go over the IAP-VPN tunnel. I would like for the scopes and gateway to be the IAP as everything will be locally egressed but certain traffic will be tunneled back through the IAP-VPN using routes.

     

    What you recommend in terms of DHCP? Distributed, L3 or Local, L3.

    I don't mind if all the scopes are the same across all of the stores and it is probably preferable from a management point of view.

     

    Is there something I need to look out for that I may be forgetting. I know the Distributed, L3 method will divide the subnet chosen by the number of clients from the controller level but that seems to be the only difference between that and Local, L3.

     

    Thoughts?

     

     



  • 2.  RE: IAP distributed, L3 or Local, L3 dhcp services

    EMPLOYEE
    Posted May 13, 2015 08:02 AM

    I would go with Distributed, L3.  In this way, you are making a truly resilient and scalable network, the IAP (VC) is the client's gateway and will receive it's scope from the VPN controller in the datacenter.  In addition, you will have full L3 connectivity to each branch and be able to route and distribute those routes throughout your LAN with static or OSPF enabled.  



  • 3.  RE: IAP distributed, L3 or Local, L3 dhcp services

    Posted May 13, 2015 09:30 AM
    Hi Seth, thanks for the feedback, I thought about it a bit more, read a bit more and we won't be managing then LAN unfortunately only the wireless so we will only get to the IAPs through the VPN IP (VC IP) for management and/or Airwave, only traffic going through the tunnel would be RTLS back to the datacenter, everything else is straight internet (at least for the Guest SSID).

    I don't want nor don't need I think the user subnet to be present to the VPN controller as there is no need for that which is what Distributed L3 and Local, L3 will give me since the scopes are handled by the VPN controller.

    Even if I use a local dhcp scope, with the IAP-VPN I can get access to the VC and simply route what I need (RTLS).

    There will be a corporate SSID (WPA2) that will strictly give internet access so users will receive a DHCP address from a local VLAN onsite and print from a printer on the same VLAN.

    Even I do decide to go with Distributed, L3, it will probably leave me more flexibility in the future but for this type of design not sure it is required.