Help with VLAN Pool, Guest access, and DHCP
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2015 08:38 AM
Hi,
First time poster, long time reader...
Everything works as expected, except I see the same client in multiple DHCP scopes. It's like each time an AP sees them, but the client doesn't actually use the WLAN, they're given a new IP from whatever VLAN they're on at that moment.
I only created /23 vlans and we could have upwards of 2,000 clients potentially on this WLAN
Looking for any suggestions. I'm considering changing the 'inactivity timeout' to something like 60 minutes, but don't know what ramifications that might have. Also thinking about changing the DHCP lease to something ridiculously low like 1hr, but the whole point of the VLAN pooling was to reduce broadcasts.
Any suggestions or advice is greatly appreciated.
First time poster, long time reader...
- We're running 2 ZoneDirector 3000's v9.10.1.0 build 59 in active/standby mode.
- We have a Guest Access WLAN setup with VLAN pooling for public access.
- VLAN Pool is setup with option 2 (least used).
- The Guest Access WLAN only requires the user to accept our "terms and conditions" and then they're allowed Internet access.
Everything works as expected, except I see the same client in multiple DHCP scopes. It's like each time an AP sees them, but the client doesn't actually use the WLAN, they're given a new IP from whatever VLAN they're on at that moment.
I only created /23 vlans and we could have upwards of 2,000 clients potentially on this WLAN
Looking for any suggestions. I'm considering changing the 'inactivity timeout' to something like 60 minutes, but don't know what ramifications that might have. Also thinking about changing the DHCP lease to something ridiculously low like 1hr, but the whole point of the VLAN pooling was to reduce broadcasts.
Any suggestions or advice is greatly appreciated.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2016 09:22 AM
Thought I'd update the resolution to this for anybody else that may experience this issue:
If you're using Guest Access and VLAN pooling together, upgrade to release 9.12.1 build 140 and leave the VLAN pool option at the default (Option 1 - MAC Hash).
Options 2 & 3 (Round Robin and Least Used) will continue to hand out IPs from multiple VLAN DHCP scopes until the client actually authenticates.
If you're using Guest Access and VLAN pooling together, upgrade to release 9.12.1 build 140 and leave the VLAN pool option at the default (Option 1 - MAC Hash).
Options 2 & 3 (Round Robin and Least Used) will continue to hand out IPs from multiple VLAN DHCP scopes until the client actually authenticates.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2016 01:18 PM
If you are looking at limiting broadcast traffic you can also accomplish this by means of ACL's and enabling Proxy ARP.
Also ensure you DHCP server is inline with you WLAN config in terms of inactivity timeout as if they ar not you may find client connectivity issues.
Also ensure you DHCP server is inline with you WLAN config in terms of inactivity timeout as if they ar not you may find client connectivity issues.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2016 03:18 PM
Hi Sean -
Can you expand on what you mean by "DHCP server is inline with WLAN config... inactivity timeout..."?
I'm using Win2008 as my DHCP server, and I'm handing out IP's with a 12 hour lease. My inactivity timeout is set for 5 minutes as I don't want clients taking up AP slots if their not using their not actively using their device. I assumed that by granting them a long lease time, if their kicked off by the inactivity timeout, they'll get the same IP they had before provided the controller puts them back on the same VLAN (original issue being it wasn't). I want to ensure I'm not missing something here.
Thanks
Can you expand on what you mean by "DHCP server is inline with WLAN config... inactivity timeout..."?
I'm using Win2008 as my DHCP server, and I'm handing out IP's with a 12 hour lease. My inactivity timeout is set for 5 minutes as I don't want clients taking up AP slots if their not using their not actively using their device. I assumed that by granting them a long lease time, if their kicked off by the inactivity timeout, they'll get the same IP they had before provided the controller puts them back on the same VLAN (original issue being it wasn't). I want to ensure I'm not missing something here.
Thanks
