cancel
Showing results for 
Search instead for 
Did you mean: 

SSID Spanning Multiple VLANs

SSID Spanning Multiple VLANs

Rick_Lester
New Contributor
We are a small IT department, so I don't have anybody in the office to bounce ideas off of. On top of that, I'm just starting to get comfortable with wireless. I hope this is an appropriate place for this type of conversation.

There is some backstory but I'll try to keep out details that are not needed. I'm working on the first network redesign of our campus since it was first built 10 years ago with most everything (user devices, servers, printers, control systems, etc.) on one /16 network. There are two multiple-floor buildings with edge switches on each floor. They are divided up into 8 distribution areas. When we recently installed IP phones, our Extreme Partner and I designed separate voice VLANs for each of these areas. It has worked so well that they suggested doing the same with our end user data, and I have almost fully completed that project. I'd love to exterminate that VLAN from the vast majority, or even all, of our network.

I'm now looking at our authenticated WiFi and hoping to move that off of the same /16 VLAN that everything else was on. My initial thought was to drop authenticated users onto whatever data VLAN is applicable to area where the AP is located and I have been doing some testing. Everything works fairly well, but I'm concerned about some of our applications when roaming between APs that are on different VLANS. There are a handful of areas that come to mind where overaggressive roaming could be an issue if it occurred because it would cross VLANs.

This VNS is bridged at the AP. We have others that are bridged at the controller, which is a pair of C25s. It has occurred to me that maybe the simplest solution would be to just bridge at the controller, but I wonder if that may cause congestion at the controller as we rely more on WiFi.

We have had Extreme Control on our wish list since I started here, but I don't see it getting approved in the budget any time soon. I feel like that product might give us some better options.

At this point I'm looking at five possibilities.

  1. Continue with the plan and accept that there might be a few applications that don't preform well roaming between APs.
  2. Continue with the plan and find a configuration option that I'm not aware of (perhaps something with Inter WLAN Roaming?).
  3. Create a new VLAN and drop all authenticated WiFi for the SSID on that. (bridge at AP or controller?)
  4. Some other option that I'm not thinking of.
  5. Leave it how it is.
Does anyone have any suggestions on the best way to proceed? I could go any number of directions, but I am trying to be intentional about the direction things are moving instead of reactive. I'd like to get it right and have less to change later if we finally do get something like Extreme Control.

Thanks in advance for any suggestions you might have.

13 REPLIES 13

Rick_Lester
New Contributor
Thanks for the comments Claudio, Stephen, Joshua, and Yury. There is some good stuff to chew on. Your comments are very helpful.

I'll have to look into the VLAN Pooling option with a common wireless VLAN as Plan B. I'm bridging at controller for all of my other traffic anyway and my controller links are hitting less than 3%. I can set that up and do some testing.

All of our new location specific subnets are /20s that easily summarize into a /16. We could easily get by with /22s today with room to at least double, but I'm with Stephen and planning for the eventuality that we are only going to add more devices.

I can easily put the general user Wi-Fi on one of the unused /20's that I have set aside for future use, if I go with one VLAN across the campus.

This project is making me think that I need to do some reading to understand how the controllers should be configured. I'm not sure they way they were originally setup was the optimal way, right down to the L2 ports, which might make life interesting moving forward.

I have a lag on both C35's, I've split them across my S4 blades. The GTAK helped me set that up and correct the vlan's as the prior admin has quite a mess. To the point where we were at a loss as to how it was working.

I don't see a reason not to at least have a two port lag per controller. The ports are there and available and in a pinch might bail you out.

Thanks. Good to know on the Admin port.

I tend to overbuild. We already have 2 controllers in HA, so maybe going with a LAG is overkill and the equivalent of building a concrete outhouse. I would think we should at least be able to move everything to one link, like you have there, whether it is one physical L2 link or a single LAG. What we have now seems rather random, like there was a plan that wasn't completed.

I can can give you other samples for comparison if there is something specific you're looking at.
GTM-P2G8KFN