Apartment block deployment,


Userlevel 1
Hello all

What would be the best way to deploy a wifi solution to a block of 500 residentual apartments with each apartment isolated from the others? The only authentication would be PSK, so I don't think policy won't work. I did think of using multiple controllers with SSID based seperation, but I would need 5 or more C5210 controllers.

3 replies

Userlevel 6
Hello

Is this article helpful: https://gtacknowledge.extremenetworks.com/articles/Solution/Block-MU-to-MU-enabled-but-users-can-still-communicate

Regards

-Gareth
Userlevel 7
Hi J,

if the traffic is passing thru the controller (bridge@EWC and routed topology) just enable "block MU to MU traffic" in the WLAN service in the advanced settings.

If it's bridge@AP just follow the link that Gareth posted for a configuration example.

But the result is that also clients from the same apartment couldn't talk to each other i.e. no streaming from your noetbook to Chromcast via WLAN.

With only PSK and no authentication method policy will not work as there is no way to know whether the client in apartment#1 is connected to the AP in aparment#1 - might be that the signal from AP in apartment#2 is better and he'll connect to this one.

So what we'd do with authentication i.e. EAP-PEAP username/password.
A C5210 supports up to 256 topologies and 1024 roles and you need at least two for redundancy.
Set up a topolgy/VLAN for every apartment and also a role per apartment.
Client#1 of apartment#1 connects to the AP with username/pw and get's the role-apartment#1 back from the NAC (or RADIUS).

In that case you've the apartments isolated but clients from the same apartment could transmit data to each other and you only need a controller pair for it.

-Ron
Userlevel 1
Thanks Guys. Really helpful. As we won't have a radius or NAC, i suspect authenticating as Ron suggested can't be done

Reply