Wireless Access

Reply
Frequent Contributor I

Placing APs on their own VLAN?

I am in the process of tighting up our local network VLANs and Subnets in order to place physical firewalls (sandwich) between some of our core network services (AD, DNS, etc...).

 

I am wondering about moving our APs to their own VLAN as well.  This would be a non-routed VLAN and would end up being tagged on the controller side.  I could not find anything on this topic so was wondering the pros/cons of doing this.

Guru Elite

Re: Placing APs on their own VLAN?

You can put APs on their own VLAN, but don't place a firewall between the access points and the controller.  You will increase your administrative burden, if you do.  There are quite a few ports that need to be opened in a few directions with that setup.  In addition, if requirements ever change, you would have to edit more rules on your firewall.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor I

Re: Placing APs on their own VLAN?

Excellent!  I was not planning on putting a physical firewall between the APs and the controller it would be like so:

 

[Controller] (T Port) <==> [Tagged VLAN] Switch [Untagged VLAN] <==> [AP]

Guru Elite

Re: Placing APs on their own VLAN?

That looks good.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Highlighted
Frequent Contributor I

Re: Placing APs on their own VLAN?

Is there any downside to doing this?  I was having a hard time determining "best practice" here...

Frequent Contributor I

Re: Placing APs on their own VLAN?

I'm looking forward to the responses to this question. Personally I run the AP's in a VLAN which also houses end-users. Is there a performance benefit to be had by placing AP's in a quiter VLAN?

One thing to keep in mind is that your AP's most likely GRE tunnel back to the controller. From that perspective your traffic is fairly secure. A user in the same VLAN as the AP would not have the opportunity to intercept the L2 traffic.

Frequent Contributor I

Re: Placing APs on their own VLAN?

TBH a lot of this is simply my want to have a nicer looking network diagram with everything in their neat little boxes ;)

Guru Elite

Re: Placing APs on their own VLAN?

No drawbacks to putting access points in their own VLAN.  No problems putting access points in user space either, because Rogue AP detection works better when the APs are in the same layer 2 vlan.  In terms of broadcasts, it is more important to protect the management  VLAN interfaces of controllers from alot of broadcasts, because you don't want things like VRRP advertisements to be throttled, dropped and missed.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor I

Re: Placing APs on their own VLAN?

"don't want things like VRRP advertisements to be throttled, dropped and missed."

 

Never even thought about that aspect. This forum is an awesome learning tool!!!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: