AP Groups, Single SSID, Different VLANs, DHCP problem

Unanswered Question
Sep 17th, 2010
User Badges:

I have a WLC 4404, Cisco 4506 core, 3560G edge switches, and cisco 1142 AP.  I have a single SSID and have created two AP groups.  One for each building.  Each AP group is part of its own separate VLAN. 


My goal is to split up my network to shrink my broadcast domain.  If you are in building A, then I want you to be in AP group A and which means you have the subnet/ip info of VLAN A.  If you decide to close your laptop down, walk across campus to building B, then I want you to be part of AP group B and have your subnet/IP info match that of VLAN B.


The problem I am having is when a user connects to AP group A, and they move over to the other building which puts them on AP group B, they keep the same IP address as AP group A.  This is a problem because I have certain projectors that use broadcasts to announce themselves.  So if you are not a part of that broadcast domain, you cannot connect wirelessly to the projectors.


I have tried no ip proxy-arp on both VLAN interfaces and I have disabled DHCP Proxy on the WLC but the same results.  Again I am not having any problems with things working fine with email/internet/servers, no matter which AP group you are in.  But I want your IP address to come from which AP group you are connected too aka which building you are in.


VLAN A

172.25.0.0/240


VLAN B

172.26.0.0/240


Any thoughts on how to do this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
George Stefanick Fri, 09/17/2010 - 13:38
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Dover,


Great question... I had a similar issue as well...


First, your understanding of AP grouping is SPOT on. Its the logical separation of broadcast domains while using the same ssid.


By design you keep the same IP so that a client isn't interrupted during the layer 3 roam process between AP groups. Whereby causing lost of network connectivity during the re-DHCP process.


Thinking outside of the box. If you have 2 controllers. Building A on controller 1 and Building B on controller 2, remove the mobility group between the controllers. This would prevent the controllers to share mobility packets, thus causing your clients to re-IP.


your other option would be to have your clients disconnect and then reconnect (i know its not a good option)


However, not knowing your network design you would want to think this process through especially for failover...

dover0033 Mon, 09/20/2010 - 11:50
User Badges:

gstefanick wrote:


Dover,


Great question... I had a similar issue as well...


First, your understanding of AP grouping is SPOT on. Its the logical separation of broadcast domains while using the same ssid.


By design you keep the same IP so that a client isn't interrupted during the layer 3 roam process between AP groups. Whereby causing lost of network connectivity during the re-DHCP process.


Thinking outside of the box. If you have 2 controllers. Building A on controller 1 and Building B on controller 2, remove the mobility group between the controllers. This would prevent the controllers to share mobility packets, thus causing your clients to re-IP.


your other option would be to have your clients disconnect and then reconnect (i know its not a good option)


However, not knowing your network design you would want to think this process through especially for failover...



My understanding of AP groups has alot to do with your site and videos that you made.  So thank you.  I think I might just have to do different SSIDs.  Which is not what I wanted to do but that will fix the issue.

George Stefanick Mon, 09/20/2010 - 11:56
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Dover,


Yea, a different SSID is another option. Not want you wanted to hear for sure ... Thanks, im glad folks get value from the videos. Makes it worth the effort and time.


If you found this informative, do you mind rating the post ? I would really appreciate it !


Thanks

George Stefanick Tue, 09/21/2010 - 19:20
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Dover,


Have you thought about doing a dynamic vlan assignment for these users who need to access the projectors? This would work ...

scrye Fri, 08/23/2013 - 15:18
User Badges:

Hi;


Not really a solution, but something to think about. I manage a largish network, where every subnet is a /22 (we have thousands of them). From your question, I think you have two /24's (not /240s :-) )


I bet you would be surprised to discover, via Wireshark or some other monitor, that broadcast traffic is a trivial fraction of your network bandwidth. None of our /22's has a problem with excessive broadcast traffic, even with over 800 clients on a subnet. In modern fast networks, the old rules and FUD about broadcast domains are just  not as much of a factor as in the old days. (and I'm old so I remember those days ...)


If all the above is true and you measure your bcast traffic and find it low, then just expand your subnet size to /23 or /22, use one subnet for both buildings, and problem solved.


Steve


Message was edited by: Stephen Crye - corrected typo

Actions

This Discussion

 

 

Trending Topics - Security & Network