cancel
Showing results for 
Search instead for 
Did you mean: 

One SSID with multiple subnets and clients roaming between subnets

randall_cohen
New Contributor II
I'm making some big changes to the LAN that will affect how our APs and ZoneDirector are configured. I'm at the planning stage so nothing is set in stone yet. This is what I would like, not necessarily what I'll end up doing.

We have a large site, about 200 acres, each building or open area has it's own subnet (about 12 subnets). APs have the ZD's IP set static. The APs get a local management IP address via DHCP and connects back to the ZD over the Layer-3 (routed) network. I'll need to have 3 or 4 SSIDs that ultimately need varying levels of security, I'll call the SSIDs LOW, MID, HIGH, and GUEST. I'd like to keep the number of WLAN subnets down and keep the same vlan on the SSID regardless of which LAN switch it is serviced through.

So two wireless clients who are relatively close and on the same SSID could be in different subnets, this wouldn't be a problem. But if a client roams from one subnet to another it would need to renew it's IP and some of our applications will not survive this. So how do I get around this? I've worked with other products that solve this issue by using L3 tunneling between APs and the controller so the wireless client can retain it's IP even when that subnet isn't directly attached to it's current AP. Of course this add to the LAN traffic on the APs and to the mesh traffic on APs that aren't root. Most of the security would be ACLs not vlans or subnets.

What are my alternatives? Am I over thinking this? Will it tunnel the L3 traffic? Is the extra traffic too little to be concerned with?

 Thoughts?

Thanks
10 REPLIES 10

randall_cohen
New Contributor II
Thanks for all the info, here's what I'm going with.

For a number of reasons I can't flatten the entire network. One of the SSID is already tunneling so I'll expand that. I also don't have a problem with all the communications coming back to one site, none of the wireless devices interact with anything on the building subnets. Our in-house applications aren't bandwidth intensive so even that won't be an issue. Guest/Internet might use a lot of bandwidth so I'll limit that in order to keep our primary apps working. Eventually I'm hoping to move up to something with a 10G port but for now this will work.

Thanks again