Wireless Access

We currently have a vlan pool with 10   /24 subnets in it that is used for campus staff access.  We want to move those to private addresses and expand the pool to greatly increase the address space. 

What is Aruba's best practice recommendation for configuring this?  Keep adding /24 networks to the pool?  Do fewer but larger vlans?  I've looked through the white papers and didn't really find any info.

 

What aruba recommend is the fallowing:

 

1- You should Keep each VLAN subnet within a VLAN pool to a 24-bit subnet mask.



2- You should  not have more than 10 VLANs within a pool so that broadcast or multicast traffic does not consume too much air time access.

 

How many users do you have?

you have over 3000 users?

What do you mean with moving those addresses to private addreses? do you have public addresses?? incorrectly in your internal network?

More info can help us to help you

 

Cheers

Carlos

 

 

We have around 2500 users at the moment.  We also have a full class b public network for the campus and have been using it for wireless also.  We would like to move the wifi over to private addresses and save our public addresses for wired users.

You should not use public ips for wireless neither for wired..

You should move both to private ips....

 

You could also use a /23 in one of the vlan pool but you will need to enable drop broadcast and multiacst for more addresses its possible but if you dnot need that then dont go for /23

 

Still you can enable this feature even if you have/24 it will help with the performance....

 

 

Still you can enable this feature even if you have/24 it will help with the performance....

what kind of improvement in performance??? throughput increase??? i think processsing on AP and controller will increase

it will improve the performance because everytime there is a bradcast clie ts cant transmit... wireless is half duplex medium and just one clie t can access it at once.... having that in mind everytime there is a broadcast noone an transmit so of courae it affect the performance....

thank...

it mean we should implement it every deployment.. is there any side effect of it ?

It will break protocols that require/use broadcast/multicast on a LAN.

 

Typically many OS discover network services using multicast/broadcast - so It can break discovery of resources...

printers, filerserver, peoples itune's libraries etc...

 

Typically clients are chatty - constantly trying to discover neighboring services/clients etc...  without blocking this it needs to goto to   all AP's that have that essid on the same vlan - and multicast/broacast is typically sent at lowest speeds - since its one packet meant for all/multiple devices on a LAN.   so everyone on the bssid needs to acknowledge it.    Just use wireshark to see how much bcast/mcast a typical windows/macosx client sends - then extrapolate that for your number of clients... and you get lots of airtime consumed by packets at lowest rate.   Clients will still do this so you'll still see this locally on a single AP from clients, but blocking it on the controller keeps bcast/mcast from one AP needed to go to all other AP's - and keeps any wired sources of bcast/mcast from going to all AP's. 

 

 

I've had it blocked from day-one - and have not run into any negative impacts - in general people want net access to known internet sites etc.... and can care less about discovering and seeing Joe's Vacations pictures shared via itunes... :)

 

The only negative from enabling it is for places where people expect things to work between wireless devices, like they do at home... ie sharing between iOS devices, DNLA, etc- so might be an issue in a Dorm/Personal environment  - look at ClearPass for airgroups as a way to have cake and eat it to