Higher Education

Hi,

 

Building Blocks are saparated by two virtual AP's with same SSID name (different vlan), but occasuionally  vlan sticks to same ip even if moved across building, but connection shows to the respective building AP the user is in, but ip doesnt match to the ssid vlan, then disconnect reconnect is required, any help?

 

Thanks

 

You have 2 choices:

 

- Make both buildings the same virtual AP

- Enable VLAN mobility in the Virtual AP profile; that will allow users coming from a different virtual AP to retain their VLAN when roaming to an access point in a different virtual AP on the same controller.

we dont want to retain the ip, we want to change the ip according to the buliding, our experience is that in occassionally ip retains.

Not possible unless the client sees that the link goes down.  You cannot roam between buildings on the same SSID and make the client change ip addresses, period.

 

Network administrators should design their networks so that users who roam maintain the same ip address for seamless performance.  There is no advantage to changing ip addresses within the same network.

 

but SSID's are different in different VAP, however with same SSID name.

If you want users to connect to Apple TVs in the same building, make the VAP in the second building have the same VLAN, but a different role that blocks bonjour traffic from subnets in other buildings.  With that being said, the client will still maintain a "memory" of Apple TVs that it saw before, so it will not be perfect.  

we use /24 subnet, otherwise we end up a big broadcast subnet.

I am not sure how you would do this without airgroup.

Our issue is with Airgroup, can I ask your advise related to this,

 

Should we enable igmp in vlan ip interface in ARUBA controller for AppleTv to work efficiently ?, also snooping to be checked or not.

 

Thanks

 

 

 

No, you should not have to do that.

 

What is not working with Airgroup?  

 

FYI, soon there should be a 6.3.1.0 release that will probably have improvements.  You should probably wait on that..

 

Fifty APpleTv's, sometime no mirroring happening to the big screen eventhough mirrored from ipad.

You need to work closely with support to find out what your issue is, or determine if it is a bug.  There are many factors that will determine if you can support that number of devices and it would be painful for us to go through all of them here.  Please open a support case.

we do this to separate AppleTV's, we had hard time with AirGroup.

---

@cjoseph wrote:

Not possible unless the client sees that the link goes down.  You cannot roam between buildings on the same SSID and make the client change ip addresses, period.

  

---

This is not always true. Only with Windows laptops have we noticed this behavior. Other clients (e.g., iOS, Android, MacOS) will roam and perform 802.1X authentication, followed by sending a DHCPREQUEST for the IP the last had. DHCP servers should then respond with a DHCPNAK (assuming they're now on a different network), forcing the client to go ahead with a DHCPDISCOVER packet and obtain an address in the new network. We see this correct behavior all the time.

 

---

@cjoseph wrote:

Network administrators should design their networks so that users who roam maintain the same ip address for seamless performance.  There is no advantage to changing ip addresses within the same network.

 

---

I agree - no advantage. However, with large geographic networks like ours, changing IP is inevitable. ArubaOS' vlan pooling hash algorithm deteriorates the more vlans you have in the pool, so I cannot maintain a single vlan pool across the campus. Thus, I must establish hard roaming boundaries wherein users will change their IP.

Ryan,

 

At what level are you noticing the vlan pool deterioration? We have 30 /23 vlans in a pool and have not noticed any issues (yet).

By deterioration, I'm referring to the exponential increase of wasted address space. If you're not NATing like we currently are, this is very bad. With ~23 vlans, we observe nearly 20% variance between the most and least utilized vlans. With /23s, this equated to 1,000 to 1,500 wasted addresses.

We are NAting, so that is not as big a concern for us. 

---

@Ryan wrote:

---

@cjoseph wrote:

Not possible unless the client sees that the link goes down.  You cannot roam between buildings on the same SSID and make the client change ip addresses, period.

  

---

This is not always true. Only with Windows laptops have we noticed this behavior. Other clients (e.g., iOS, Android, MacOS) will roam and perform 802.1X authentication, followed by sending a DHCPREQUEST for the IP the last had. DHCP servers should then respond with a DHCPNAK (assuming they're now on a different network), forcing the client to go ahead with a DHCPDISCOVER packet and obtain an address in the new network. We see this correct behavior all the time.

 

---

@cjoseph wrote:

Network administrators should design their networks so that users who roam maintain the same ip address for seamless performance.  There is no advantage to changing ip addresses within the same network.

 

---

I agree - no advantage. However, with large geographic networks like ours, changing IP is inevitable. ArubaOS' vlan pooling hash algorithm deteriorates the more vlans you have in the pool, so I cannot maintain a single vlan pool across the campus. Thus, I must establish hard roaming boundaries wherein users will change their IP.

---

Ryan,

 

If something does not work with all clients, it is not a solution.  I do not want noninterference to think that something is worth pursuing, when it does not work, in general for all clients.

 

Noninterference does not have a large geographic network, so devices maintaining the same ip address for good client experience is definitely applicable.  The answer was specific to his question and to his environment.

 

Understood Colin. Since the community also serves as an archive for others to seek information (ie, not just for the benefit of the original poster), I wanted to point out those details. I trust that I am permitted to add my personal experiences to this forum without having to frequently expect a rebuttal to said experience.

---

@Ryan wrote:
Understood Colin. Since the community also serves as an archive for others to seek information (ie, not just for the benefit of the original poster), I wanted to point out those details. I trust that I am permitted to add my personal experiences to this forum without having to frequently expect a rebuttal to said experience.

---

Ryan,

 

This community benefits from and relies on full explanations and context.  Thank you for providing both to this thread.