Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AP's in same subnet of users, or in other vlan?

This thread has been viewed 0 times

  • 1.  AP's in same subnet of users, or in other vlan?

    Posted Nov 16, 2013 05:48 AM

    Hello all. I'll be planning an pilot wifi deployment in my company and I've got a doubt about best practices.

    Should I configure AP's in the same subnet of the users or get it in a mgmt vlan?

    To configure the AP's in the same subnet (10.1.172.0/22)

    10.1.172 .1 - .254 (for AP's)

    10.1.173.1- 174.254 (for users)

    But I was also thinkig to put the AP's in a different vlan, or a mgmt vlan

    10.1.63.1-254 (for AP's)

    10.1.172.1- 174.254 (for users)


    I'll be deploying a aruba 105 AP's



  • 2.  RE: AP's in same subnet of users, or in other vlan?

    EMPLOYEE
    Posted Nov 16, 2013 06:32 AM
    You want nothing to be in the same subnet as your users. They are two entirely different classes of devices and you want the flexibility to teach them differently.


  • 3.  RE: AP's in same subnet of users, or in other vlan?

    Posted Nov 18, 2013 10:23 AM

    This approach is valid for big and small deploys?

    In some sites I'll deploy 50 AP's for 300 users

    in other sites its just 1 AP for 20 users at the most.




  • 4.  RE: AP's in same subnet of users, or in other vlan?

    EMPLOYEE
    Posted Nov 18, 2013 10:37 AM
    It is much more important in larger deployments than in smaller ones. If you adhere to this principle when a network is small, if it grows suddenly, you won't have the problems associated with mixing wireless clients and other devices in the same network.

    I would say to keep it separate even with 50 access points.


  • 5.  RE: AP's in same subnet of users, or in other vlan?

    Posted Nov 18, 2013 06:34 PM

    I'll add that with separate subnets, whatever bad-thing happens to a client (whether defect or malicious) will be largely shielded from the management plane of your network -- whether that's one AP in a coffee-shop or 200+ in a large office.

     

    Much easier to troubleshoot when you can easily see which VLAN has the issue.



  • 6.  RE: AP's in same subnet of users, or in other vlan?

    EMPLOYEE
    Posted Nov 18, 2013 07:58 PM
    @msabin wrote:

    I'll add that with separate subnets, whatever bad-thing happens to a client (whether defect or malicious) will be largely shielded from the management plane of your network -- whether that's one AP in a coffee-shop or 200+ in a large office.

     

    Much easier to troubleshoot when you can easily see which VLAN has the issue.

    Msabin,

     

    Thank you for your insight.  I hope others chime in as well.