We're looking to deploy a retail location with VoWLAN using HREAP APs that will talk back to a WiSM. This is the first store, but I'd like to design it so it will scale well in the future should more locations get similar setups down the line. I'm having trouble coming up with a solid design that I'm happy with.
For VoWLAN Cisco seems to recommend CCKM to allow for faster roams, which from what I read it looks like it is only supported in HREAP when using HREAP Groups. I started looking into HREAP Groups and it appears that there is a limit of 20 groups with 25 aps per group (Is this still the case in the 188.8.131.52 code, or has this number increased?) From a design perspective, many of these future stores may only have one or two APs and there are hundreds of store locations. So I'm having trouble coming up with a logical way to group these in HREAP Groups.
I can't create a group per store because of the limitation on number of groups, and I'm not sure if there are any negative effects of grouping together APs in different stores that clients will never be able to roam between.
I would really like to use some type of user based authentication like EAP-FAST instead of using a PSK because it would give me the ability to kill a device remotely if I needed to rather than update the key on potentially hundreds of devices in the future.
The cost of a controller is too much to justify putting one in a location with only one or two APs, but the HREAP solution doesn't seem to fit when you have a huge number of locations either.
Has anyone done any large scale deployment of HREAP/VoWLAN and what security methods have you used or how did you organize the groups and APs?