cancel
Showing results for 
Search instead for 
Did you mean: 

Avoiding huge broadcast domains

temur_kalandia
New Contributor III
hello,
For avoiding huge broadcast domains will be great if Ruckus has the feature "vlan range" or "vlan pooling" (it has different naming depending on vendor). with that feature you can configure one SSID and bind to it Vlan ranges. in such way each time when user connects to that SSID it will get an IP address from the different vlan.
One of our costumer has about 5k user in one building. they used above mentioned feature with previous vendor AP's. After migrating to Ruckus wireless we sew that there no such feature, with ruckus you have two options to avoid huge broadcast domains : 1) configure different ssid with the different VLAN , with causes clients to reconnect when they change location in the same building(NOT good idea ) , 2) create wlan groups and bind different vlan to the same SSID, which causes disconnections when roaming occurs, clients sometimes have to disconnect and reconnect(NOT good).

So if there anyone interested in that feature ,please give a support and may be w'll see it in near releases.

regards
22 REPLIES 22

bill_burns_6069
Contributor III
The feature is called "mac authentication bypass". I haven't tried it with ruckus APs (yet) but it passes the mac address of the client to the radius server as both the username and the password.
(It should also set a number of other attributes)
The trick then becomes getting your radius server to respond appropriately.
The last time I checked, the microsoft radius server it was not very flexible.
(but nowadays there might be a way to integrate with powershell for customization?)
I ended up rigging a linux/freeradius server to call an external script and was able to get the radius server to provide any response I wanted.

In my case, the script searched a registration "database" (text file) to force registered machines into a particular VLAN and unknown machines into a "guest" VLAN.

If you're willing+able to script the logic yourself, you could tailor RADIUS responses to balance the number of machines in each VLAN, etc.

Also, most NAC solutions (like packetfence) can integrate with wireless devices using mac authentication bypass.
(but I'm not sure they'd provide the exact feature / customization you're looking for)

Let me know if/what other details you need.

temur_kalandia
New Contributor III
hello Bill,

this must be slimier then you have done.. struggling with radius server is not a good solution, you still need authenticate users and unauthenticated users you are putting into one vlan... i think that solution is not accurate and appropriate for my task.

i have working previously with several wireless vendors , they have that feature with simple configuration steps. there is no need for radius and any of external authentication mechanisms, authentication is completely removed .

task is simple : one open SSID, several VLAN's. to each connected user will be randomly allocated IP addresses from these VLAN's and they can roam seamlessly between AP's. :)

if someone in ruckus development group is really needs to deeply understand that feature i can provide all information to implement this great feature in Ruckus wireless.

bill_burns_6069
Contributor III
I agree that implementing this feature through an external RADIUS server would be a "project". (as opposed to having a convenient vendor feature)

The level of difficulty may make my solution inappropriate for you.
I'm just pointing out that (if you're willing to put in the time effort and resources) you can have a large number of clients in one SSID but balanced between a number of VLANs.

I'm assuming a single, unauthenticated SSID.
The solution would change slightly if you require both authenticated and unauthenticated clients.

... In theory, you *could* put authenticated and unauthenticated users in a single VLAN but I'm not sure I understand the use-case for that.

alex_cordova
New Contributor II
hi there... i was reading to understood what happens when an AP has for example 4 SSID... the antena radiates 4 RF signals to that...or how it ocurss ???

regards...

daniel_kuchensk
New Contributor II
This is a great feature that is implemented by Cisco and Aruba, and should definitely be on Ruckus' radar to implement as well. There should be no need for a complicated radius based vlan solution.

Why is this important? You can assign a vlan pool to a SSID (ex: VLANs 10, 20, & 20), and when a client joins, they are automatically assigned to one of the VLANs (and receive an IP address for that VLAN's subnet). This enables you to easily expand your wireless network without changing the subnet of the existing vlan (by added another VLAN to the ssid), and allows you to decrease the broadcast domain from a single huge vlan/subnet.