I have been having issues lately running out of ip addresses on my Windows Server 2012R2 DC because the wireless mobile devices are just too numerous. I would like to get all of the wireless traffic onto it's own VLAN and use Option 82 so that my DHCP server will hand out IP Addresses to the clients from a pool created specifically for the new VLAN. My current network is as follows.
VLAN 1 Default: 192.168.2.x/24 VLAN 10 Voice VLAN 10.10.10.x/24 (this is for my VoIP Phones/Devices VLAN 20 WLAN 10.10.20.x/24 (I created this VLAN specifically to use with the wireless network)
I have HP Procurve L3 switches that I have created all the VLAN's on. I also have a Sonicwall firewall UTP that I created a virtual interface on using 10.10.20.251 as the ip address VLAN 20 and bound that to the LAN interface.
I attempted to read through the admin guide and configure the Zone Director 1100 but just could not get any further for some reason as I am not sure exactly what the settings on the ZD1100 should be or what ports need to be tagged/untagged on the switches in order for this all to function correctly? Would someone be willing to walk me through this a little deeper so that I can get this working? I have setup the DHCP scope policy to use Relay Agent Information and enumerated the MAC Addresses of the AP's should I also enumerate the ZD1100 MAc Address too? Thank you for any and all assistance.
First off, how many wireless devices are you talking about? 100? 200? 500?
Secondly, let your your VLAN on yor HP switch do the work for you. You are using other interfaces on your SonicWall so I am assuming that your SonicWall is doing the routing on your network. Depending on your ProCurve switch and your SonicWall model, I would recommend that you let the ProCurve do the routing - That willt ake the pressure/load off of the SW and make thing easier on your network (Just my opinion)
On the ProCurve, use UNTAGGED for the ports that the APs and the ZD are plugged into (ie AP 1, 2 and 3 are plugged into switch ports 10,11,2 - untagged 10-12)
Then make sure that you use TAGGED on any switch uplink ports (ie switch 2 is plugged into switch 1 port 48 - tagged 48)
One more item for you - use the IP HELPER COMMAND command on your ProCurve VLAN (ip helper-address 192.168.2.x - where your server address is X)
On your Windows DHCP server, create your scope. If you will have more than 240 wireless devices using the same SSID, consider creatingf a larger network. Use a /23 instead of /24. I use 240 as a number so incase you need room to grow, you can do the work now or have to redo some things later.
On your ZoneDirector, you can just leave the VLAN tagging options as default since you will have already put the APs and ZD on their own VLAN by untagging the port.
Why are you using the DHCP address policies (option 82)? That's just a complication... KISS 🙂 Let the ProCurve ip helper take care of things...
I almost forgot... On your DHCP server, add SERVER option 43 and put the IP address of your ZD in there. That way, if you decide to put your ZD on another VLAN, the APs will know where to find it.
Let me know if you have more questions and how this works out for you!
Tim Global CTI Ruckus, ProCurve and Microsoft Certified
Tim, Do I configure the ZD and AP's on the 10.10.20.x subnet? I am not familiar with Option 43 will have to research that one. If I don't use Option 82 how does the DHCP server know to give out addresses to the wireless clients in the 10.10.20.x subnet that I setup for this purpose? I probably will have less than 100 clients at any given time so no need to increase the size of the VLAN subnet. What should the ZD1100 Access VLAN settings be? Thanks for your assistance.
I have the following HP Switches 3 HP 2910al-48G-PoE Switch 1 HP Switch 3500yl-24G-PoE+ 1 HP 2920-48G-POE+ Switch Sonicwall is a NSA 2600 ZD1100 2 R500 AP's 1 7962 AP 1 Staff WLAN 1 Guest WLAN