Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Large-Scale AP Deployments...Static IP or DHCP?

Simple question(s):

If you are a large enterprise customer who monitors devices with HP OpenViiew, do you deploy hundreds of wireless AP's with DHCP, taking advantage of the ease and convenience DHCP gives you or,  do you statically assign the AP IP addresses so OpenView always knows where to find them, accepting the hassle of having to do the IP address assignment task any time there is an AP replacement?

(Please don't tell me that you need to manage all the AP's with a proprietary Cisco management console - doing without HPOV in this case, is not an option.)

If you've worked on or been around large-scale wireless AP deployments, let me know what approaches you've seen out there and why.

If you have a Cisco reference architecture that recommends one method over the other, just point me.

Thanks,
Mike Prescher

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Large-Scale AP Deployments...Static IP or DHCP?

Well... I stage all the AP's so it's easier for me to create a spreadsheet with the hostname, scan in serial number, mac address, enter ip address and location.  I have done large installs that entailed 12 WiSM's and still growing... all with static and small implementations all with static.  How I see it is and access point is a network device, so are any of your other network devices using dhcp or even servers configured for dhcp?  Clients usually will have some sort of monitoring tool and having an ip change for some wierd reason and the monitoring tool showing a different device is not a good thing.  DHCP is easy and is not a bad option.

-Scott
*** Please rate helpful posts ***
20 REPLIES
Hall of Fame Super Gold

Re: Large-Scale AP Deployments...Static IP or DHCP?

Hello Mike,

I'm not sure whether you are asking about Autonomous AP or LWAP.  In case of autonomous, everything was pre-configured with static IP address.  In LWAP, I allow the APs to get DHCP and then configure static IP address.

Hope this helps.

NOTE:  Static IP address on LWAP will depend entirely on the WLC firmware.  6.X support static IP address.

New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

This is LWAP-like with Aruba at the moment (Cisco under consideration).

You said: "Static IP address on LWAP will depend entirely on the WLC firmware.  6.X support static IP address."

Is there a Cisco LWAP provisioning feature that allows an AP to do all its initial provisioning with the controller using a DHCP-derived IP address but then as the last interaction, switch the AP to a pre-configured static IP address?

(If there is, can you point me to a reference guide?

This approach would answer two concerns, 1) allow easy field replacement by unskilled installers and 2) provide static predictable IP connectivity for HPOV SNMP queries for monitoring.

I know we can just go life-time leases but that still requires some significant DHCP scope process and maintenance on multiple servers in very large-scale environments.

m.

Hall of Fame Super Gold

Re: Large-Scale AP Deployments...Static IP or DHCP?

Hi Mike,

As you have read, when the LWAP joins the controller the WLC will push the configurations to the LWAP.  Depending on you, you can configure static IP address on the LWAP by "priming" them or let the LWAP get DHCP upon first installation and then configure the static IP address (along with the hostname and location) later.

Does this answer your question?

New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

Can the static assignment procedure be automated by any specific controller/management feature (that is to say,  you can pre-assign the static address to be applied to AP's prior to deployment, and only after the DHCP address is acquired and any updates or config applied). Or, is in the Cisco case that you would need  to manually go in to the management interface and convert the AP from DHCP to a static address (click a radio or Apply button for the change)?

(If there is any manual intervention required through within any management console to move an AP from DHCP to static, then that's another minor argument for just leaving the implementation at long-lease or permanent-lease DHCP.)

m.

Hall of Fame Super Silver

Re: Large-Scale AP Deployments...Static IP or DHCP?

Mike,

Static address has to be manually applied to each LAP.  I usually implement static addresses to access point no matter what.  I use DHCP if I'm staging the APs, but at the end, they have all static address.

-Scott
*** Please rate helpful posts ***
New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

Thanks for that info...

Follow-ups: I'd be curious to know the size of installations you are responsibile for, and, what your own compelling argument is for static assignment?

(I've gotten differing opinion and approaches on this question for large enterprises.  In my case we are trying to strick a balance between the ease of install by un-skilled field techs vs. definittive identification of the AP's through a single management/monitoring console HPOV. Eg. if we go with static, we can eliminate all but temp maintenance scopes for all AP's. MUCH easier to manage, when your looking at AP numbers in the hundreds, spread out over a large metropolitan area.)

Thanks for any further info,

- Mike

Hall of Fame Super Silver

Re: Large-Scale AP Deployments...Static IP or DHCP?

Well... I stage all the AP's so it's easier for me to create a spreadsheet with the hostname, scan in serial number, mac address, enter ip address and location.  I have done large installs that entailed 12 WiSM's and still growing... all with static and small implementations all with static.  How I see it is and access point is a network device, so are any of your other network devices using dhcp or even servers configured for dhcp?  Clients usually will have some sort of monitoring tool and having an ip change for some wierd reason and the monitoring tool showing a different device is not a good thing.  DHCP is easy and is not a bad option.

-Scott
*** Please rate helpful posts ***
New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

"How I see it is and access point is a network device, so are any of your other network devices using dhcp or even servers configured for dhcp?"

This is another argument for static, because no, in almost all instances network devices are static in any large network. While we can apply port security to AP switch ports, (known device assurance...to a certain degree) the interaction with the monitoring console, (SNMP queries) is by IP address, and the same support processes will apply where addressing comes in to play, you don't have that additional DHCP unknown to think about.

Well, between the responses here and all the other colleagues who have responded, it appears the answer is...wait for it....it depends! ;-}

Thanks for your time.

m.

Hall of Fame Super Gold

Re: Large-Scale AP Deployments...Static IP or DHCP?

Our organization have >900 APs and over 80 sites.  The APs are stored in a secure location a few kms away from me (I'm considered as a "threat" to the inventory).

We have IT support staffs (knowledge with WLAN is zero) who would go to the storage area and take the APs to their rightful locations to be installed.  We wait for the APs to appear on the switch and WLC and we configure the static IP address and DNS servers.  It's my job to configure the APs to WCS, CiscoWorks and Spectrum.

Because of the new 6.X firmware, we don't require the APs (1140, 1240 and 1250) to be "primed". 

New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

Leolaohoo,

Thanks - great info. Follow-up question...

"We wait for the APs to appear on the switch and WLC and we configure the static IP address and DNS servers."

1) So, you still use DHCP (Option 43?) for initial device management console...still need to maintain at least one initial contact "install maintenance" DHCP scope so the AP's can find the controller?

2) With your network's architecture and number of AP's, are multiple maintenance scopes required, (one for each possible VLAN a given AP may be located)?

Thanks very much.

Hall of Fame Super Gold

Re: Large-Scale AP Deployments...Static IP or DHCP?

1.  I know about Option 43 but ever since I've been doing wireless I've never taken advantage of Option 43.  Ever since the 6.X firmware, I've noticed that the WLC discovery is alot more "robust" than 4.X and 5.X.  When we were using 4.X and 5.X, I always "prime" the LWAP prior to deployment so I've never used Option 43.

2.  You can have one wireless VLANs per site or just one wireless VLAN for the entire network.  It's how your network is initially designed.

Re: Large-Scale AP Deployments...Static IP or DHCP?

I think you might also want to consider how you/your customer manages IP addresses for other devices.  For example, I have one customer that uses static IP assignments via the DHCP server (I believe that's called a DHCP reservation).  They have one place to look for documentation as to what device is using what IP address (even if they manually set the IP address on a given device, they create a reservation on the DHCP server).

They use the DHCP reservation, along with Option 43, and do not prime their AP's (many scopes, more than 200 APs spread out over 35 different buildings).

New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

Robert,

Good points. There are several drivers here to consider for this AP deployment addressing decision:

- Security (risk factors with where and how to lock down and monitor a network access device without borders)

- Network Monitoring (multiple monitoring tools or single master interface or portal ala HPoV SNMP queries or Ciscoworks)

- Ease and reliablility of access, (Static with perhaps DNS naming vs. DHCP with Dynamic DNS, if at all)

- Existing networking standards and practices, (switches and routers are typically statically addressed)

- Deployment scope, (hundreds of AP's in a larger network may equate to hundreds of scopes to monitor and maintain or risk campus wide L2 spans)

- Simplification of support process (DHCP easy to deploy but adding the overhead of DHCP servers with additional tracking, monitoring, auditing)

Beyond NetPro, we've gotten feedback from other engineers and designers from large integrators, profiessional services consultants, university admins, Cisco and Aruba SME's, etc.  All have at least locally sound reasoning why they choose to deploy hundreds of AP's with either DHCP or static addressing.

For everyone, one approach or the other may come with additional process. Some don't mind maintaining long leases to get around the predicable addressing issue. Some are satisfied with just mac-address security. Some don't mind not having a single portal for network monitoring or status. Some don't mind a different or additional process for security audits, etc. In the end, the "It depends." answer wins the day again.

I will say, knowing what I know now after all the investigation, if it were up to me I think there is more good than harm in rolling out AP's with the mindset that they are critical network access resources like switches, routers and critical servers. For that reason, I'd prefer the predicability, visibility and familiarity of process that static addressing brings. If that means, (as one resondent here mentioned) a step of discovery and then address reconfig at time of install, I'd take that on.

Thanks everybody for a very helpful discussion on this topic.

ADDENDUM:

I just had a chat with another Cisco SE and haven't verified all his info: when considering WLAP deployments, apparently their controllers are the SNMP respondant for ALL LWAPs it is responsible for, and, barring H-REAP (Hybrid Remote Access Point) deployments, all traffic passes through the controllers.  That certainly knocks down several arguments that favor static addressing. In other words, in an LWAP environment, from a management perspective, the controller is the critical network access device, not the AP's.

New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

I started with Static and finally moved to DHCP. Here is why..

Static sounds like having more control. But after going over 300 AP's I dont need to know what AP goes to what IP. Plus.... every time I update the code there is 20% AP's become ZOmbies... means after the WLC code is upgraded they loose contact.  Happened twice and TAC is helpless.

There is noway I can climb to roof and get the logs to TAC when there is an issue...(new 6.0.188 does help because of SSH access) So moved to DHCP model,,

When AP goes to Zombie... the DHCP gives it an IP and tells to which controller to join.

So every time a new AP join joins it picks the least populated controller (in my case backup controller to 4 others). I then manually hard code the values of primary and backup. It then sticks to those values. The reason being AP VLAN groups are different for each WLC.

Soon I may end up all the WLC have same config so it does not matter which WLC the AP belong.

New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?



Thanks. Interesting info.

m.
New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

Hello

We have over 800 LWAPP deployed and we MAC register the AP against a specific IP address prior to deployment on the netowrk so we know exactly what IP address an AP is using.

The number of AP's we have had to replace is negligible, so the admin overhead associated with this (compared to ease of DHCP) is nothing to worry about.

We manage the LWAPP through WCS obviously, but we also then run basic up/down monitoring through polling from Intermapper (similar to HP Openview I am lead to believe).

thanks

Bryn

it
New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

I'm not sure if someone else has suggested this, but perhaps you could have the best of both worlds with a simple DHCP Reservation?  That way your APs would always get the same IP so your network monitor wouldn't get confused but you still have the flexibility to manage/change/update the IPs from a central location.

New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

ITCS,

Yes, this has been considered and in fact it's the way we've ended up proceeding.

The most compelling argument against the long-lease approach was the requirement for the DHCP care and feeding - yet another component/service to include in the move/add/change process and otherwise maintain to keep everything running correctly.

However, after considering pro's and con's of any required new (and existing) process,  monitoring, security and infrastructure, it was decided that the indefinite reservation approach was perhaps while not the "best of both worlds",  at least the best compromise solution.

In my own perfect-world-network, all things considered, I'd go with static assignments. Alas, I'm still trying to find that perfect world network environment. Gotta be out there somewhere...;-}

m.

New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

You guys are kidding right?

Why would you not just stick an LWAP right out of the box and into the VLAN immediately?

The AP uses option 43 with suption 241 to find a controller that is desired for the VLAN.

Dude!  If you "need" a static IP - You can assign it after the fact.

If we are truly talking about Large Scale Deployments  - this is the best thing since sliced bread.

Actually, it's not quite that new (but I'll pretend we all knew that already).

Darby Weaver

http://www.darbyslogs.blogspot.com

Doing the CWNA or Bust! Challenge...

New Member

Re: Large-Scale AP Deployments...Static IP or DHCP?

Dreamw,

You raise a good point, while noting that Option 43 was indeed discussed within this thread on April 7th.

Since it sounds like you are faimililar with true large-scale, multi-team deployments you are also aware that project teams responsible for them often wisely choose to stage the 100's or 1000's of network devices for burn-in, pre-config, and functional testing. This activity ensures that projects of this size do not encounter a ripple of delays due to even nominal field deployment device failure rates and the associated logistical costs involved to remediate them.

In other words, a large-scale project team would rather deploy 500 devices they know for a fact work and are already configured as appropriate, than have their $1m project dependent upon the assumption that all devices will become mission-ready in the field using option 43, or otherwise. Also expressed at points in this thread...assuming automed field deployments on this scale can sometimes end up having you co-starring in the sequel to 'The Night of the Living Dead'...zombies everywhere during automated field image upgrades - an argument against statics.

There are many time-tested reasons to stage network gear for large-scale roll outs so, relatve to any kind of infrastructure or overlay. If the staging activity is going to occur, than the convenience of remote priming and option 43 is dubious since you can automate the config locally as well, and in a controlled environment without dedicated field personnel's cost-clock ticking away on-site.

I do agree that option 43 remains a very valuable option for deployments and for general moves/adds/changes activity on any scale. But whether or not an individual organization should leverage it is, not a forgone conclusion.

To-reiterate more of the thread conversation...and this has been a GREAT thread...how the devices get address provisioning is only one of the myriad of considerations a large orginzation must consider. Others are overall network management standards, budget, security, existing process, project time-frames, go-live SLA's, support personnel, skill-sets, spares inventories, deployment architectures, monitoring standards, etc... Answer is,  "It depends".

m.

2442
Views
0
Helpful
20
Replies
CreatePlease login to create content