Wireless Access

Reply
Occasional Contributor I

AP's in same subnet of users, or in other vlan?

Hello all. I'll be planning an pilot wifi deployment in my company and I've got a doubt about best practices.

Should I configure AP's in the same subnet of the users or get it in a mgmt vlan?

To configure the AP's in the same subnet (10.1.172.0/22)

10.1.172 .1 - .254 (for AP's)

10.1.173.1- 174.254 (for users)

But I was also thinkig to put the AP's in a different vlan, or a mgmt vlan

10.1.63.1-254 (for AP's)

10.1.172.1- 174.254 (for users)


I'll be deploying a aruba 105 AP's

Guru Elite

Re: AP's in same subnet of users, or in other vlan?

You want nothing to be in the same subnet as your users. They are two entirely different classes of devices and you want the flexibility to teach them differently.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: AP's in same subnet of users, or in other vlan?

This approach is valid for big and small deploys?

In some sites I'll deploy 50 AP's for 300 users

in other sites its just 1 AP for 20 users at the most.


Guru Elite

Re: AP's in same subnet of users, or in other vlan?

It is much more important in larger deployments than in smaller ones. If you adhere to this principle when a network is small, if it grows suddenly, you won't have the problems associated with mixing wireless clients and other devices in the same network.

I would say to keep it separate even with 50 access points.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
MVP

Re: AP's in same subnet of users, or in other vlan?

I'll add that with separate subnets, whatever bad-thing happens to a client (whether defect or malicious) will be largely shielded from the management plane of your network -- whether that's one AP in a coffee-shop or 200+ in a large office.

 

Much easier to troubleshoot when you can easily see which VLAN has the issue.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Guru Elite

Re: AP's in same subnet of users, or in other vlan?


msabin wrote:

I'll add that with separate subnets, whatever bad-thing happens to a client (whether defect or malicious) will be largely shielded from the management plane of your network -- whether that's one AP in a coffee-shop or 200+ in a large office.

 

Much easier to troubleshoot when you can easily see which VLAN has the issue.


Msabin,

 

Thank you for your insight.  I hope others chime in as well.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: