We are a small IT department, so I don't have anybody in the office to bounce ideas off of. On top of that, I'm just starting to get comfortable with wireless. I hope this is an appropriate place for this type of conversation.
There is some backstory but I'll try to keep out details that are not needed. I'm working on the first network redesign of our campus since it was first built 10 years ago with most everything (user devices, servers, printers, control systems, etc.) on one /16 network. There are two multiple-floor buildings with edge switches on each floor. They are divided up into 8 distribution areas. When we recently installed IP phones, our Extreme Partner and I designed separate voice VLANs for each of these areas. It has worked so well that they suggested doing the same with our end user data, and I have almost fully completed that project. I'd love to exterminate that VLAN from the vast majority, or even all, of our network.
I'm now looking at our authenticated WiFi and hoping to move that off of the same /16 VLAN that everything else was on. My initial thought was to drop authenticated users onto whatever data VLAN is applicable to area where the AP is located and I have been doing some testing. Everything works fairly well, but I'm concerned about some of our applications when roaming between APs that are on different VLANS. There are a handful of areas that come to mind where overaggressive roaming could be an issue if it occurred because it would cross VLANs.
This VNS is bridged at the AP. We have others that are bridged at the controller, which is a pair of C25s. It has occurred to me that maybe the simplest solution would be to just bridge at the controller, but I wonder if that may cause congestion at the controller as we rely more on WiFi.
We have had Extreme Control on our wish list since I started here, but I don't see it getting approved in the budget any time soon. I feel like that product might give us some better options.
At this point I'm looking at five possibilities.
- Continue with the plan and accept that there might be a few applications that don't preform well roaming between APs.
- Continue with the plan and find a configuration option that I'm not aware of (perhaps something with Inter WLAN Roaming?).
- Create a new VLAN and drop all authenticated WiFi for the SSID on that. (bridge at AP or controller?)
- Some other option that I'm not thinking of.
- Leave it how it is.
Does anyone have any suggestions on the best way to proceed? I could go any number of directions, but I am trying to be intentional about the direction things are moving instead of reactive. I'd like to get it right and have less to change later if we finally do get something like Extreme Control.
Thanks in advance for any suggestions you might have.