Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2969
Views
0
Helpful
7
Replies

Wireless LAN Subnet Size and Design

Go to solution
de1denta
Level 3
Level 3

‎04-28-2012 03:27 AM - edited ‎07-03-2021 10:04 PM

Hi,

We have 2 5508-25 wireless controllers in our Data Centre and 5 remote offices. We have a new office that has resilient WAN connections to our DC and will provide wireless to about 300 users using HREAP mode for the corporate wireless LAN (clients need local switch connection). I have read posts regarding subnet sizes for wireless LANs and a /23 /22 seems to be quite common as the WLC proxys broadcasts for the clients. Do the access points proxy broadcasts in the same way when HREAP is enabled or is it best to create multiple smaller subnets when using HREAP for a LAN of this size, is this possible or can HREAP only map a single SSID toa single VLAN?

Also, we have 2 switches in our DC and the 2 5508-25s are each connected to a single switch using LAG (switches are not cross stack etherchannel capable). We have a total of 30 APs in our network with 25 APs on WLC1 and 5 on WLC2. If a switch fails then we loose 5 APs so I have thought that if we switch to multiple AP manager interfaces instead of LAG then if a single switch fails we will still be able to have all APs registered, has anyone got any experience/ideas behind this?

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to de1denta

‎04-29-2012 08:38 AM

Well come to think of it, roaming wouldn't work for you because users would get an ip from floor 1 but then moves to floor 2 and the SSID would be mapped to a different vlan, so that would break. So in your situation would would need to have one subnet per SSID to ensure roaming. Also I you are using 802.1x, using FlexConnect groups will prevent full auth back to the wlc. The only limitation is 25 APs per FlexConnect group and you would have to figure out how to breakup the group. A device that roams from one group to another would have to authenticate back to the wlc. The hard part is you can break up the floors per FlexConnect group, but if you have bleed through, client device can associate to an ap on the above or lower floor.

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎04-29-2012 05:03 AM

Well as far as h-reap, I have used a /20 on some installs with no issues. I do like to use a /24, but that is due to my preference. With h-reap, you can map an SSID to a group of APs if you want. When you put an ap in h-reap/FlexConnect, you specify what vlan that SSID is assigned to. So you can group APs on a floor level to one vlan or a section of a building to a vlan, really your choice. It depends on the design. The reason I might of went with a /20 might of been due to application and clients had to be on the same subnet. This is true for Apple TV and maybe for multicast. I have a client that does Mac reservation because an application required the laptop Mac address to have the same ip all the time, well I they have 500+ devices, you need a subnet that can support that many devices and still have room for growth.

As far as AP management, I would not create multiple ap managers. You have LAG enabled and you have mobility configured between the two 5508's so you are fine. Any type of failover is going to disrupt your clients no matter what you do. As long as the APs can communicate to both 5508's, the APs will move when they loose connection to its primary. I never use multiple ap managers in any of my installs, I just don't see any benefit to doing it that way. With the 5508, the ap need to also communicate the the management interface unlike the 4400's.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
de1denta
Level 3
Level 3
In response to Scott Fella

‎04-29-2012 07:56 AM

Hi,

Thank you for the response.

I like the idea of multiple /24 subnets as well. The wireless network will be covering 5 floors so we can map each floor to a different VLAN. Will this cause any issues with roaming? I suppose this depends if roaming is going to happen between floors, correct?

Thanks,

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to de1denta

‎04-29-2012 08:38 AM

Well come to think of it, roaming wouldn't work for you because users would get an ip from floor 1 but then moves to floor 2 and the SSID would be mapped to a different vlan, so that would break. So in your situation would would need to have one subnet per SSID to ensure roaming. Also I you are using 802.1x, using FlexConnect groups will prevent full auth back to the wlc. The only limitation is 25 APs per FlexConnect group and you would have to figure out how to breakup the group. A device that roams from one group to another would have to authenticate back to the wlc. The hard part is you can break up the floors per FlexConnect group, but if you have bleed through, client device can associate to an ap on the above or lower floor.

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
de1denta
Level 3
Level 3
In response to Scott Fella

‎04-29-2012 11:05 AM

Ok, that does make sense. We will be using 802.1x and the new office will have approx 30 access points so I will need to decide how to split the access points into Flexconnect Groups. Per floor seems logical but I wont know if signal bleeding will cause issues untill I test.

Thank you very much for your assistance.

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to de1denta

‎04-29-2012 11:24 AM

Depending on you link utilization, you might not have an issue if you don't use FlexConnect groups. I have installs again with much more APs not using FlexConnect with no issues with laptops. If your using 802.1x for wireless voice, then you should look at FlexConnect groups. Try it both ways, it won't hurt.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
jino_jacob
Level 1
Level 1
In response to Scott Fella

‎04-30-2012 06:16 PM

Scott,

From what I have read, Flexconnect group would make roaming faster only if using CCKM? Does it apply when using 802.1x PEAP/EAP-FAST without CCKM.  Appreciate if you could throw some light on it.

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to jino_jacob

‎05-02-2012 04:09 AM

You are right... Fast roaming is only supported by CCKM or OKC.

FlexConnect Groups FlexConnect Groups provide the functionality of Local Backup Radius, CCKM/OKC fast roaming and Local Authentication.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card