Wireless Access

Hello community

we heard that we should not exceed the amount of 32 access-points within the same layer-2 network segment in which the manamgent IP of the local mobility controller exists.

Can someone confirm this?

And if so, what is the reason for this limitation?

What problems can occour if we exceed this recommended limitation?

We already exceed this amount at one location but everything is still fine :)

I guess we may run into problems if the controller can handle only 32 APs.

And/or if the conroller can handly only 16 APs and we exceed 16 APs etc.

But we take care that this not happen.

Thanks for any feedback

Martin

Hi,

This is not correct information. that limitation may be referring to IAP deployment not the Campus AP deployment.

AP limitation is related to Controller model and AP license installed.

Aruba Controller 72XX series can handle max 2048 number of APs, Lowest model 7005 can handle 16 APs, medium range model 3000 series can handle up to 128 APs.

Hope got clarity on this.

---

@weinema wrote:

Hello community

 

we heard that we should not exceed the amount of 32 access-points within the same layer-2 network segment in which the manamgent IP of the local mobility controller exists.

 

Can someone confirm this?

And if so, what is the reason for this limitation?

What problems can occour if we exceed this recommended limitation?

 

We already exceed this amount at one location but everything is still fine :)

 

I guess we may run into problems if the controller can handle only 32 APs.

And/or if the conroller can handly only 16 APs and we exceed 16 APs etc.

But we take care that this not happen.

 

Thanks for any feedback

Martin

---

This limitation is only if you have a bridged SSID on access points on a mobility controller.  There is a shared state table  (firewall session synchronization) on a bridged SSID that shares state information about all clients connected to it, so that users can roam seamlessly.  Please see the article here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/Does-an-AP-in-bridge-mode-support-firewall-session/ta-p/179504

I would also suggest that you not put your APs in the same subnet as your controller.

What if someone unplugs an AP and floods that subnet? They'll take down your controller.

Many thanks for your posts!

Sorry, yes...
what I didn't told is that we're ...

• running all Campus APs in forward mode BRIDGE
• we do not tunnel becasue our master controller (which is backup) is at a remote location and each local firewall handles the communication
• some locations have the APs in the default office LAN, the local controller is in a separate segement or there is no local controller
• some locations have the APs beside the controller IP in a dedicated segmet 
• all APs are PEF licensed.

Looking forward to upcomming projects we're now in trouble where to place our APs correctly :-}
Additionally it seems we're a special customer because we're running Campus APs in bridge mode.

Ok, as far as I understand ...

• in bridge mode only 32 APs within one Layer2 Segment are supported 
  because the (PEF's?) IP and session sync only supports 32 APs in bridge mode. IP and session sync is neeed for roaming between the APs.
• If we exceed 32 APs running in bridge mode within one Layer2 segment the roaming between APs will work (?) but not perfectly? Or will it not work at all?
  (at some locations we already exceed 32 APs)

I'm wondering now ...

• is firewall session sync activated by default or whre do we have to configure/activate this feature
• do we need the PEF licenses to have this session sync feature? (We have PEF)
• does this mean that you cannot perfectly roam between bridge mode APs which are not in the same Layer2 subnet because there is no session sync?
  Some locations have Layer2 segements for building levels.

I don't wand to move away from the main post topic but
in the end does it maybe point out better to use tunnel mode? :-(

• But then we must have a local backup at each location because a controller backup via the remote master will not work fine ... think about the tunnels across Europe or Americas :-D
• Maybe run IAPs? But IAPs are tunneld and we're wondering about available bandwidth because the virtual controller (IAP) has only up to 2 Gbit

Maybe someone of you can clearify my questions.

All best

Martin

Martin,

You should contact your local Aruba SE for information on how to design your whole network.  The limit on 32 APs using a bridged SSID on a single subnet only applies to that specific situation.  The state synchronization cannot be turned on or off, it just exists.  It does not require PEF.  Clients will have difficulty roaming to the 33rd access point, but you don't want to have that issue.  Sites that large, if you cannot deploy a controller, you might want to deploy IAPs.  Again, your local Aruba SE or partner would be the best person to discuss design with...