Wireless Access

Reply
Contributor I

Air Monotir Best Practice

Hello everybody,

 

Can you give me some informations about good practices regarding air Monitor installation.

 

from this thread (from 2013) : https://community.arubanetworks.com/t5/Wireless-Access/Installing-Air-Monitors/td-p/14587

 

It seem that only one AM need to have all vlan trunk to it.

Is it still relevant  to do so ?

 

Regards

Highlighted
MVP Guru

Re: Air Monotir Best Practice

Hi, if the Air Monitor is able to see a rogue AP on a VLAN different to the one it resides on then it will require the VLAN to be trunked. The Air Monitor would not be able to correlate a wired and wireless rogue AP unless it has visibility into the VLAN.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)

Re: Air Monotir Best Practice

lso, it's best practice, if the intent is to monitor all VLANs, to not trunk all VLANs on just a single AM for monitorig, but to do so for all APs and AMs. A single AP is not scaled to listen to an entire L2 broadcasts of ALL VLAns on a large enterprise network, which can have thousands to tens of thousands of devices ARPing on all the VLANs. Best practice is to trunk all VLANs at the edge switch the AP or AM is connected to. That way all the VLANs are divided up and the AMs and APs can share the load more naturally.

 


Jerrod Howard
Distinguished Technologist, TME
Contributor I

Re: Air Monotir Best Practice

Hi Jerrod ,

 

Is there any security issue in trunking vlan on all AP ?

I mean, some of our AP are apparent, we dread that someone could access the entire network by connect instead of the AP.

Re: Air Monotir Best Practice

if securing the physical port is a concern, dynamic segmentation could be one solution. Otherwise deploy AMs and secure the AP physically.

 


Jerrod Howard
Distinguished Technologist, TME
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: