Wireless plan segmentation design
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-07-2015 09:28 AM
Hi!
I need to setup a wireless network with one SSID and around 3000 clients. The topology will be bridged@controller.
I found this example in a internet document that sums it all nicely:
"Company A decides to follow its desktop subnet model and use a single subnet per floor for the WLAN. This setup introduces complications because now the roaming domains are restricted to a floor, not the entire building as before. With the new subnet model in place, application persistence when roaming across floors is lost. The application most impacted is Company A's wireless VoIP devices. As users move between the floors (and subnets) on their wireless phones, they drop their calls when they roam. Figure 5-8 illustrates this scenario. In this figure, an 802.11 VoIP phone is connected to a wired VoIP phone. As the user roams from AP1 on Subnet 10 to AP2 on Subnet 20, the session drops because the roaming user is now on a different subnet.”
"The scenario described for Company A is common. Many applications require persistent connections and drop their sessions as a result of inter-VLAN roaming. To provide session persistence, you need a mechanism to allow a station to maintain the same Layer 3 address while roaming throughout a multi-VLAN network. Mobile IP provides such a mechanism, and it is the standards-based, vendor-interoperable solution to Layer 3 roaming for WLANs.”
That's when they introduce the Mobile IP standard.
Since we are planning for 3000 clients I would never consider a single network to service them. I was planning to create several /24 IP networks, and assign them to the same SSID, distributed by AP groups (geographically close).
Is this the right approach?
Will the controller apply the described mechanism of mobility?
Thank you!
TM
I need to setup a wireless network with one SSID and around 3000 clients. The topology will be bridged@controller.
I found this example in a internet document that sums it all nicely:
"Company A decides to follow its desktop subnet model and use a single subnet per floor for the WLAN. This setup introduces complications because now the roaming domains are restricted to a floor, not the entire building as before. With the new subnet model in place, application persistence when roaming across floors is lost. The application most impacted is Company A's wireless VoIP devices. As users move between the floors (and subnets) on their wireless phones, they drop their calls when they roam. Figure 5-8 illustrates this scenario. In this figure, an 802.11 VoIP phone is connected to a wired VoIP phone. As the user roams from AP1 on Subnet 10 to AP2 on Subnet 20, the session drops because the roaming user is now on a different subnet.”
"The scenario described for Company A is common. Many applications require persistent connections and drop their sessions as a result of inter-VLAN roaming. To provide session persistence, you need a mechanism to allow a station to maintain the same Layer 3 address while roaming throughout a multi-VLAN network. Mobile IP provides such a mechanism, and it is the standards-based, vendor-interoperable solution to Layer 3 roaming for WLANs.”
That's when they introduce the Mobile IP standard.
Since we are planning for 3000 clients I would never consider a single network to service them. I was planning to create several /24 IP networks, and assign them to the same SSID, distributed by AP groups (geographically close).
Is this the right approach?
Will the controller apply the described mechanism of mobility?
Thank you!
TM
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-08-2015 07:08 AM
I found the documentation using your answer! Thanks again!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-08-2015 07:03 AM
Hey nice answer! Thank you very much.
You said that:
"Clients on floor#1 will get the VLAN#1/topology#1/IP#1 and keep that even if they roam to another floor."
Do you know this from experience? I'd like to read a bit about how this processes. Can you point out a good document?
NAC it's going to be the challenge in this deployment. Any pitfall you remember so I don't go that way?
Best regards!
You said that:
"Clients on floor#1 will get the VLAN#1/topology#1/IP#1 and keep that even if they roam to another floor."
Do you know this from experience? I'd like to read a bit about how this processes. Can you point out a good document?
NAC it's going to be the challenge in this deployment. Any pitfall you remember so I don't go that way?
Best regards!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-07-2015 01:23 PM
So let's go thru the scenario.. prior to 9.21 & no NAC
You'd use the "Inter-WLAN Service Roaming" feature,
Let's assume you've a 10 floor building - you divide up the clients per floor = one VLAN/subnet / floor.
Configure 10x SSIDs with the same name, config 10x VNS, role, topology....
Tx WLAN#1 on floor#1, WLAN#2 on floor#2 and so on.
Clients on floor#1 will get the VLAN#1/topology#1/IP#1 and keep that even if they roam to another floor.
The difference to the new function is that you can't distribute clients that equally- they will use the VLAN/subnet which the first connect to.
So in case for mobiles that would mean that as everyone is entering the building via the main entrance all mobiles will connect to this AP first and end up in this VLAN/subnet (if auto-connect is enabled on the phones).
With a NAC:
I'd setup different roles and let the NAC put the in different VLANs/subnets.
So i.e. put the mobiles in a VLAN with only INet access as they don't need to access internal resources = higher security.
Put Admins in a mgmt VLAN to access ALL internal infrastructure.
You'd do a lot with NAC - in my own network I only have one SSID and my NAC takes care which user/role is getting which access level and what the client could do in the network.
-Ron
You'd use the "Inter-WLAN Service Roaming" feature,
Let's assume you've a 10 floor building - you divide up the clients per floor = one VLAN/subnet / floor.
Configure 10x SSIDs with the same name, config 10x VNS, role, topology....
Tx WLAN#1 on floor#1, WLAN#2 on floor#2 and so on.
Clients on floor#1 will get the VLAN#1/topology#1/IP#1 and keep that even if they roam to another floor.
The difference to the new function is that you can't distribute clients that equally- they will use the VLAN/subnet which the first connect to.
So in case for mobiles that would mean that as everyone is entering the building via the main entrance all mobiles will connect to this AP first and end up in this VLAN/subnet (if auto-connect is enabled on the phones).
With a NAC:
I'd setup different roles and let the NAC put the in different VLANs/subnets.
So i.e. put the mobiles in a VLAN with only INet access as they don't need to access internal resources = higher security.
Put Admins in a mgmt VLAN to access ALL internal infrastructure.
You'd do a lot with NAC - in my own network I only have one SSID and my NAC takes care which user/role is getting which access level and what the client could do in the network.
-Ron
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-07-2015 12:11 PM
Hi Ronald! That's great news!
I will definitly use the new feature. Anyway I will have NAC installed also.
Prior to v9.21 would it work? How would you do it without the new feature?
Can you please consider a scenario without the NAC?
Thanks a lot!
TM
I will definitly use the new feature. Anyway I will have NAC installed also.
Prior to v9.21 would it work? How would you do it without the new feature?
Can you please consider a scenario without the NAC?
Thanks a lot!
TM
