Wireless Build - IP Addressing

Answered Question
May 26th, 2009

I'm about to commmence the deployment of 4 x 4402-50 WLCs and 170 Access Points into a 3 storey building, and have a couple of questions around the IP addressing, which I'd like to clarify with those more knowledgeable than I.

Current plan is to install each WLC using LAG, and create a Management and AP Manager on each device from within the same subnet. All good so far. My query comes when connecting the Access Points on an IP level. From what I've read, clients connecting to the APs will connect to the network on an address within the same vlan as the Access Point connects, so if I were to connect the APs to the WLCs on the same vlan as the Mgmt/AP Managers are configured within, I'd need quite a large vlan (WLCs + APs + DHCP Scope for clients) to accomodate everything. Correct?

Moving forward, I think a solution would be to create the the Mgmt/Ap Manager in Vlan A, then add the Access Points (and DHCP Scope) within another vlan, lets say vlan B, for all the APs across the building. Whilst this scenario may work, I'd again end up with quite a large vlan, probably a /22 in trying to accomodate all the Access Points and DHCP scope for all the wireless clients.

The solution that seems to fit best, would again be to create all the Mgmt/Ap Manager interfaces within a single vlan, then create a vlan for each floor of the building (3 in total) for the Access Points/wireless clients within that floor, in effect, cutting down on the size of the vlans required. In this scenario, I'd then be able to use mobility groups on the WLCs, to allow for roaming throughout the building.

Obviously, going with either of the last 2 options, I'd need to look at DNS/DHCP in order to have the Access Points initially register with the WLCs.

Thoughts appreciated on the above

TIA.

I have this problem too.
0 votes
Correct Answer by weterry about 7 years 6 months ago

Clients do not need to be in the same subnet as your APs nor Management interface. You can, but it isn't a requirement. You just make a new dynamic interface in a vlan that you put your clients in.

So, a typical design you may see in your situation could be the following:

All controllers MGMT/AP-MGR in the same subnet/vlan.

All APs on Floor 1 in a different vlan.

All APs on Floor 2 in a different vlan.

All APs on Floor 3 in a different vlan.

So 4 vlans so far.

Then you can actually create a different vlan to put all clients in (5th vlan), or you could create 3 vlans to put clients in based on the floor they are on (with AP-Groups).

Make sense?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
weterry Tue, 05/26/2009 - 18:42

Clients do not need to be in the same subnet as your APs nor Management interface. You can, but it isn't a requirement. You just make a new dynamic interface in a vlan that you put your clients in.

So, a typical design you may see in your situation could be the following:

All controllers MGMT/AP-MGR in the same subnet/vlan.

All APs on Floor 1 in a different vlan.

All APs on Floor 2 in a different vlan.

All APs on Floor 3 in a different vlan.

So 4 vlans so far.

Then you can actually create a different vlan to put all clients in (5th vlan), or you could create 3 vlans to put clients in based on the floor they are on (with AP-Groups).

Make sense?

George Stefanick Fri, 05/29/2009 - 09:25

I would also further add:

Network Design

These are the best practices for network design:

*

Limit the number of access points per VLAN. A good number is around 60 to 100 if you use a later code version. This helps to minimize reassociation problems in case of network failure. Cisco IOS based APs can be deployed on higher densities subnetworks. Always make sure that the underlying layer 2 and layer 3 topology is properly configured (spanning tree, loadbalancing, etc).

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080810880.shtml

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode