Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Guest VLAN Size

This thread has been viewed 0 times

  • 1.  Guest VLAN Size

    Posted Feb 14, 2012 09:26 PM

    I am wondering how others are sizing their VLAN's for guest users.  I am running out of address space due to users camping on the SSID and never authenticating.    Right now I have 11 local controllers with GRE tunnels bringing all traffic back to the master on VLAN 404.  Vlan 404 is currently a /24 and would need to be at least double if not tripled in size.  I am concerned about the amount of broadcast traffic.  I have bcmc-optimization enabled however I still have concerns about this many clients on a single vlan broadcasting accross WAN links.  I am considering creating a smaller local VLAN and not tunneling the traffic back for some of our larger sites.  Are others running into similar issues?



  • 2.  RE: Guest VLAN Size

    EMPLOYEE
    Posted Feb 14, 2012 10:03 PM

    One thing you can do is to reduce the DHCP lease time on the guest SSID. As you say some user devices will grab an IP address but never authenticate. By reducing the DHCP lease time you will refresh the DHCP pool if a user happen to wander in and out of coverage without actually using the guest wifi. If you would typically expect your guests to only use the wifi for a few hours then I would start with a 2 hr lease time and see what impact that has on the available addresses.



  • 3.  RE: Guest VLAN Size

    Posted Feb 15, 2012 08:18 AM

    Thanks for the info.  I have my lease time currently set for 2 hrs.  I was thinking of going lower but am concerned about all the broadcast traffic accross the tunnels.  I have a feeling it may be users who dont even know they are connected but may not be transient.  I can simply make the scope larger or I could not tunnel some of the traffic back to the master and carve out smaller subnets locally for some sites that have their own internet egress.  Wondering I guess how others have designed their guest network.

     

    Thanks



  • 4.  RE: Guest VLAN Size

    EMPLOYEE
    Posted Feb 15, 2012 08:47 AM
    @jmadej wrote:

    Thanks for the info.  I have my lease time currently set for 2 hrs.  I was thinking of going lower but am concerned about all the broadcast traffic accross the tunnels.  I have a feeling it may be users who dont even know they are connected but may not be transient.  I can simply make the scope larger or I could not tunnel some of the traffic back to the master and carve out smaller subnets locally for some sites that have their own internet egress.  Wondering I guess how others have designed their guest network.

     

    Thanks

    Jmadej,

     

    When clients renew their DHCP address it is normally a unicast to the DHCP server, not a broadcast.  If you are dropping broadcasts at the Virtual AP the majority of broadcasts are eliminated, as well.