cancel
Showing results for 
Search instead for 
Did you mean: 

Help with VLAN Pool, Guest access, and DHCP

matt_jusko
New Contributor II
Hi,

First time poster, long time reader...

  1. We're running 2 ZoneDirector 3000's v9.10.1.0 build 59 in active/standby mode. 
  2. We have a Guest Access WLAN setup with VLAN pooling for public access. 
  3. VLAN Pool is setup with option 2 (least used).
  4. The Guest Access WLAN only requires the user to accept our "terms and conditions" and then they're allowed Internet access. 

Everything works as expected, except I see the same client in multiple DHCP scopes.  It's like each time an AP sees them, but the client doesn't actually use the WLAN, they're given a new IP from whatever VLAN they're on at that moment.

I only created /23 vlans and we could have upwards of 2,000 clients potentially on this WLAN

Looking for any suggestions.  I'm considering changing the 'inactivity timeout' to something like 60 minutes, but don't know what ramifications that might have.  Also thinking about changing the DHCP lease to something ridiculously low like 1hr, but the whole point of the VLAN pooling was to reduce broadcasts.

Any suggestions or advice is greatly appreciated.
3 REPLIES 3

matt_jusko
New Contributor II
Thought I'd update the resolution to this for anybody else that may experience this issue:

If you're using Guest Access and VLAN pooling together, upgrade to release 9.12.1 build 140 and leave the VLAN pool option at the default (Option 1 - MAC Hash). 
Options 2 & 3 (Round Robin and Least Used) will continue to hand out IPs from multiple VLAN DHCP scopes until the client actually authenticates.

If you are looking at limiting broadcast traffic you can also accomplish this by means of ACL's and enabling Proxy ARP.

Also ensure you DHCP server is inline with you WLAN config in terms of inactivity timeout as if they ar not you may find client connectivity issues.

Hi Sean -
Can you expand on what you mean by "DHCP server is inline with WLAN config... inactivity timeout..."?
 
I'm using Win2008 as my DHCP server, and I'm handing out IP's with a 12 hour lease.  My inactivity timeout is set for 5 minutes as I don't want clients taking up AP slots if their not using their not actively using their device.  I assumed that by granting them a long lease time, if their kicked off by the inactivity timeout, they'll get the same IP they had before provided the controller puts them back on the same VLAN (original issue being it wasn't).  I  want to ensure I'm not missing something here.

Thanks