@Sk3l3tor wrote:
Recently started a new job and have inherited an existing Aruba wlan (running v3x code). Im new to Aruba and wifi in general, so its a steep learning curve, and inevitably quite easy to get things wrong. So, Im after a bit of guidance!
We broadcast approx 8 ssids (which I cant help think is way too many, and should be about half that at most). For arguments sake, there are also 8 /24 networks, leases for which are serviced by an external dhcp server. Some of the ssids have multiple vlans assigned to them, and we are now running out of available leases for some. Many of these lease pools are shared between multiple ssids.
In the case of one ssid, it has 2 vlans assigned to it, however, these vlans are also used by other ssids. I could move some of these lesser used ssids onto other vlans so that the primary campus ssid has more available addresses, or simply add a third vlan. I dont know how aruba load balances between these vlans, but as it obviously doesnt talk directly to the dhcp server, it wont know how many active clients a lease pool has. Consequently, one lease pool is exhausted, whilst the other is at 60% capacity.
What are the best practices where the following is concerned:
Max amount of SSID being broadcast
Network size associated with each ssid (large subnet, or many smaller?)
Would aruba better manage the leases and load balances more efficiently rather than external dhcp server?
Any assistance would be appreciated!
Thanks
Others will probably comment, and it will be good so that you get an idea of what others are doing, but here goes:
- Try to keep the number of wireless networks to 4 and below. Why? The wifi overhead created by advertising more than 4 SSIDs will dedicate much more traffic to management duties and much less to actual data. Please see the article here: http://community.arubanetworks.com/aruba/attachments/aruba/115/1358/1/AppNote.MultipleBSSIDs.pdf
- You might want to plan to move (with the help of TAC) off of 3.x code, because there is no active development of features, just security fixes. More recent codes has more features to deal with performance and manageability.
- You should redesign your SSIDs based on the lowest common denominator of encryption type supported by devices. If your devices support the same encryption, newer versions of code allow you, through roles and VLANS to put them in the VLAN and apply the security needed to keep them separate from other clients if necessary. VOIP clients are frequently an exception to this rule.
- Last but not least, if you have alot of clients, you either have the option of having a large subnet (we have seen people go up to /21s) or short DHCP leases or a combination of both. Broadcast suppression has improved in later versions of code to support such a deployment.
And of course, the devil is in the details and you should work with support and/or a consultant so that they can give you specific information on how to improve things.