Wireless Access

Hello Folks, 

I was convinced years ago (since I read Aruba campus VRD) that VLAN pooling is the best practice when we have SSID (RF contiguous) with a very high number of users. 

reading the new HPE book ACDP, get confused, the book said the best practice is to have a single large VLAN, the controller has the ability to manage the broadcast and multicast traffic. in addition, VLAN pooling may introduce roaming issue ...etc. 

 

as far as i understand now, I'll need to recommend VLAN pooling deployment on AOS6 and single VLAN deployment on AOS8 (as the ACDP book is all about AOS8)

 

thanks.

 

 

Hi!

 

I´ll go down to a /21 for client subnet these days if it´s a wireless only subnet. I´m pretty sure that nothing has really changed functionality wise so doing VLAN pooling and large, wireless only, VLANs should be roughly the same on 6.5 as it is in 8.x. I don´t see why it would introduce roaming challenges if you use "hash" in the VLAN pool since a client would always end up on the same VLAN. Perhaps I´m missing something?

 

I guess it comes down to personal preference and Aruba perhaps changed it because it´s easier and goes more hand in hand with their role-based security approach.

 

Cheers,

 

 

Hey, just to add some more info. Take a look at the attached, it details further information on the single vlan architecture.

 

Hope it helps, Craig

I agree with you Christoffer, I don´t see why VLAN Pooling would introduce roaming challenges, however, seems it does as the ACDP book is all about best practice and recommendations,
Zalion0, thanks forsharing Single Vlan deployment VRD, i'll go through it soon, seems to be deep dive description for why to use Single Vlan and non Vlan pooling,

thank you all

Vlan pooling does NOT introduce roaming challenges. 

 

At first VLAN pooling was recommended because there were issues containing broadcasts in large subnet environments, and Vlan pooling provided flexibility in adding more subnets easily.  As time went on, broadcast suppression improved and so the reality of allowing devices to be in the same large VLAN was realized.  In addition the last hurdle which is clients seeing many gratuitous ARPs and having their tables filled up was solved by "Optimize Duplicate Address Detection" in the table below.  

The current recommendation is large subnets if possible.  Please see the Single VLAN infrastructure document that @Zalion posted above for more details.

I pressed this question hard at an Airheads one year because I believe in smaller broadcast domains over flat and didn't quite buy into the explanation that I was getting as to why I should stop using vlan pooling.  I mean even if Aruba mitigated all the old issues why not do vlan pooling anyway...smaller broadcast domains just makes more sense...

 

I was eventually told going flat was actually due to a problem related to IPv6:  (aside from below URL explation I also recall the conversation reagrding something about not having a one to one relation of bits when concatenate takes place..)

 

A quick search finds:

https://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/IPv6.php

"Do not use VLAN pooling if you enable IPv6 forwarding on the controller, as VLAN pooling will flood IPv6 multicast packets for all VLANs that are part of the VLAN pool. This can cause autoconfigured clients to acquire multiple IPv6 addresses (one for each vlan in the pool) making those clients behave unpredictably. If you need to work around this limitation, you can unicast BC/MC traffic to every station. To enable this workaround, you must enable the wlan ssid-profile battery-boost option, and install a Policy Enforcement Firewall Next Generation (PEFNG) license."

With clustering available in ArubaOS 8.x it is much easier to add controller capacity and to troubleshoot with fewer vlans if a single large VLAN is in play vs. 6.x, VLAN pooling and multiple controllers.

 

It would be interesting to hear what others users have to say.

IPv6 potentially breaks in VLAN pooling scenarios, since RAs are multicast and there is no concept of a VLAN tag across the RF medium. As the adoption of IPv6 increases, the recommendation to go to a single large VLAN and use broadcast suppression techniques provides more value with less risk long term.