Wireless Design - Routed L3 LAN Design Migration

dbroder · ‎05-10-2008

Hello everyone.

I'm in the process of testing a new network environment that replaces all of my existing L2 trunks with L3 routed links. I plan to use L3 routed links all the way to the access layer.

My existing environment consists of a variety of Cisco switches; all connected with L2 trunks. L2 trunks are used between the core and distribution, distribution and the access layer and between access switches as well. I've figured out what I need to do to migrate this environment from L2 to L3.

I've made a lot of progress so far and have dealt with several issues already. The only real problem left to figure out is what to do with my existing wireless networks/APs.

I currently have 60+ APs (1231Gs and 1242AGs) running in autonomous mode all over my LAN. These APs are deployed throughout the campus, connected to nearly every wiring closet in every building on campus. I have six spanned VLANs (140-145) for my six wireless LANs. These six VLANs are spanned across my entire network. This, of course, allows client workstation mobility. With a L3 routed LAN design, I can't have VLANs spanned across multiple wiring closets... hence, my problem.

So... I've been looking for solutions to the problem. With help here on NetPro, I've come up with the following possibilities:

1. A parallel network, trunked back at L2 to my server farm. This would allow me to keep my existing L2 and VLANs setup. I would, however, have to deploy a lot more hardware to build this parallel network. Cost isn't an issue - I have a bunch of old 2912XL/2924XL hardware I can use.

2. Creating six wireless VLANs on each and every floor of every building (~25 floors in total = ~150 VLANs) and not worrying about the roaming issues re: IP#s changing on the client.

3. Same as #2, but implementing Mobile-IP to solve the changing IP# issue.

4. Implementing LWAPP. Converting my wireless over to LWAPP APs, installing and configuring the WCS, etc., tunnelling traffic back to the WCS. This is my long-term plan... but I think it will take a lot of time to plan and implement. With LWAPP, do I have to create all the VLANs on each floor like I will with option #2?

I welcome your comments (positive and negative) and help! I'm not leaning in any particular direction -- all I know is that I'd like to move ahead with the overall distributed L3 routing project, but wireless is holding me up!

Thanks very much.

Darren.

(Cross-posted in the Network Infrastructure / LAN Switching forum.)

Scott Fella · ‎05-11-2008

Darren,

Since Lwapp was one of your options and that you are going to be migrating to L3 back to the core, I would suggest taking that route.

You will just need to have a wirelss vlan for the ap's to reside or you can put them into the floors management vlan. All traffic will be tunneled back to the WLC and not the WCS. you would create your subnets for your ssid's back in the core were the wlc's will be located. the wlc's will need an ip address on each of the subnets that wireless users will be placed on.

The WCS is just to help manage the wlc's and is an option.

So instead of 125 vlans, you justs need 6, unless you want to expand.

Just my opinion.

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎05-11-2008

Just to add.... if you are going to go l3 to the closets, then the time it takes you to configure all the autonomous ap's and verify that it working would take longer than if you migrated each floor one at a time. Once you get going with configuring the WLC's and then upgrading the ap's to lwapp, it becomes easy.

-Scott
*** Please rate helpful posts ***

dbroder · ‎05-12-2008

LWAPP remains the long-term plan and I do hope to go that route still.

What is encouraging is your statement that I won't have to create the VLANs per floor that I thought I would.

How does this work? I understand that the BVI interface will be in the floor's management VLAN - that's no problem. But, how are the SSIDs associated with VLANs if there are no discrete VLANs created per floor?

Or... are the 'same' VLANs created on each floor and just tunnelled back to the WLCs? If this is the case, I can see that the workstation's IP# would not change.

Is this how it works?

Thanks

Darren.

Scott Fella · ‎05-12-2008

Don't think autonomous.... The AP's only have an IP Address for their management and is connected to a switch via an access port and not a trunk. The traffic is tunneled back to the WLC's and the WLC's must have an interface on each subnets in with you want users to be placed on. So the connection from the WLC's to the switch is a dot1q trunk port only allowing the vlans that are configured on the controller. The WLC has an IP Address on each subnet... that's how the traffic gets routed around.

The IP Address of the clients will not change... this gives you the roaming capabilities that you really could not get in an autonomous side unless you had a WDS.

-Scott
*** Please rate helpful posts ***

dbroder · ‎05-12-2008

Thanks! That does clear things up for me... of course, It'll be clear as mud when I actually sit down to implement LWAPP... ;)

At least I think I have direction now... is there anything I have to watch out for? I know that I can only do 8 SSIDs on converted autonomous APs. I hope to not need more than 8 different security classes...

Darren.

Scott Fella · ‎05-12-2008

Well keep the list down as much as possible. Best practice is around 4, just because of the beaconing in the RF. Also... avoid the 5 code if possible. 4.1.185 has worked the best for us. 4.2 only if you are using the 1252 ap's which require the 4.2 code.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080810880.shtml

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml

http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps6307/prod_qas0900aecd802570be_ps6366_Products_Q_and_A_Item.html

-Scott
*** Please rate helpful posts ***