This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
- Community
- RUCKUS Technologies
- RUCKUS Lennar Support
- Community Services
- RTF
- RTF Community
- Australia and New Zealand – English
- Brazil – Português
- China – 简体中文
- France – Français
- Germany – Deutsch
- Hong Kong – 繁體中文
- India – English
- Indonesia – bahasa Indonesia
- Italy – Italiano
- Japan – 日本語
- Korea – 한국어
- Latin America – Español (Latinoamérica)
- Middle East & Africa – English
- Netherlands – Nederlands
- Nordics – English
- North America – English
- Poland – polski
- Russia – Русский
- Singapore, Malaysia, and Philippines – English
- Spain – Español
- Taiwan – 繁體中文
- Thailand – ไทย
- Turkey – Türkçe
- United Kingdom – English
- Vietnam – Tiếng Việt
- EOL Products
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- RUCKUS Forums
- RUCKUS Technologies
- ZD
- Re: One SSID with multiple subnets and clients roa...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
One SSID with multiple subnets and clients roaming between subnets
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-04-2016 01:06 PM
I'm making some big changes to the LAN that will affect how our APs and ZoneDirector are configured. I'm at the planning stage so nothing is set in stone yet. This is what I would like, not necessarily what I'll end up doing.
We have a large site, about 200 acres, each building or open area has it's own subnet (about 12 subnets). APs have the ZD's IP set static. The APs get a local management IP address via DHCP and connects back to the ZD over the Layer-3 (routed) network. I'll need to have 3 or 4 SSIDs that ultimately need varying levels of security, I'll call the SSIDs LOW, MID, HIGH, and GUEST. I'd like to keep the number of WLAN subnets down and keep the same vlan on the SSID regardless of which LAN switch it is serviced through.
So two wireless clients who are relatively close and on the same SSID could be in different subnets, this wouldn't be a problem. But if a client roams from one subnet to another it would need to renew it's IP and some of our applications will not survive this. So how do I get around this? I've worked with other products that solve this issue by using L3 tunneling between APs and the controller so the wireless client can retain it's IP even when that subnet isn't directly attached to it's current AP. Of course this add to the LAN traffic on the APs and to the mesh traffic on APs that aren't root. Most of the security would be ACLs not vlans or subnets.
What are my alternatives? Am I over thinking this? Will it tunnel the L3 traffic? Is the extra traffic too little to be concerned with?
Thoughts?
Thanks
We have a large site, about 200 acres, each building or open area has it's own subnet (about 12 subnets). APs have the ZD's IP set static. The APs get a local management IP address via DHCP and connects back to the ZD over the Layer-3 (routed) network. I'll need to have 3 or 4 SSIDs that ultimately need varying levels of security, I'll call the SSIDs LOW, MID, HIGH, and GUEST. I'd like to keep the number of WLAN subnets down and keep the same vlan on the SSID regardless of which LAN switch it is serviced through.
So two wireless clients who are relatively close and on the same SSID could be in different subnets, this wouldn't be a problem. But if a client roams from one subnet to another it would need to renew it's IP and some of our applications will not survive this. So how do I get around this? I've worked with other products that solve this issue by using L3 tunneling between APs and the controller so the wireless client can retain it's IP even when that subnet isn't directly attached to it's current AP. Of course this add to the LAN traffic on the APs and to the mesh traffic on APs that aren't root. Most of the security would be ACLs not vlans or subnets.
What are my alternatives? Am I over thinking this? Will it tunnel the L3 traffic? Is the extra traffic too little to be concerned with?
Thoughts?
Thanks
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2016 09:53 AM
@ Bill: He is asking for alternatives.
If you want to apply group security and be able to roam between buildings with application survivability, then Dynamic VLANs is the best option in my opinion.
Then you can control who gets access to what and where by means of Radius config.
If you want to apply group security and be able to roam between buildings with application survivability, then Dynamic VLANs is the best option in my opinion.
Then you can control who gets access to what and where by means of Radius config.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2016 09:37 AM
@Sean
Do you have a case number you can share for the Force DHCP issue? We've been experiencing the issue as well and have not gotten a clear response from Ruckus.
Do you have a case number you can share for the Force DHCP issue? We've been experiencing the issue as well and have not gotten a clear response from Ruckus.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2016 02:04 AM
I cant share case numbers unfortunately as we had an NDA with Ruckus, but realise that we are chasing and they are working on it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2016 09:44 AM
I don't use tunneling w/ Ruckus but that may be what you need to solve your problem.
Some other (non Ruckus) Wireless Controller based solutions tunnel *all* traffic back to the controller in order to avoid the problem you're experiencing.
That way, all your wireless VLANs are able to exist in all locations.
(and you don't end up w/ the "DHCP" problem where you end up using the wrong IP in the wrong building/subnet)
Without doing any investigation:
(so don't take my word on this)
Tunneling may not be compatible w/ Ruckus Mesh.
So, if you use Mesh anywhere and you plan to use tunneling to solve your problem, you need to confirm that you can Tunnel and Mesh traffic to/from an AP.
Also:
If you've got limited bandwidth on the routed connections between your buildings, you need to watch out for the problem that Sid is describing, as this will force all WiFi traffic to be tunneled out of the building you're in (over a limited bandwidth connection?) only to be routed right back over the same link to reach a wired device in the same building.
This is a big problem when multi-building school districts tunnel traffic back to one centralized wireless controller. It works fine for internet access, but whenever wireless devices try to access local servers (at high bandwidth) it causes the WAN connections to get clogged and breaks the network.
If that ("incompatibility" w/ limited bandwidth) is a show stopper for you, then tunneling is not your solution.
Some other (non Ruckus) Wireless Controller based solutions tunnel *all* traffic back to the controller in order to avoid the problem you're experiencing.
That way, all your wireless VLANs are able to exist in all locations.
(and you don't end up w/ the "DHCP" problem where you end up using the wrong IP in the wrong building/subnet)
Without doing any investigation:
(so don't take my word on this)
Tunneling may not be compatible w/ Ruckus Mesh.
So, if you use Mesh anywhere and you plan to use tunneling to solve your problem, you need to confirm that you can Tunnel and Mesh traffic to/from an AP.
Also:
If you've got limited bandwidth on the routed connections between your buildings, you need to watch out for the problem that Sid is describing, as this will force all WiFi traffic to be tunneled out of the building you're in (over a limited bandwidth connection?) only to be routed right back over the same link to reach a wired device in the same building.
This is a big problem when multi-building school districts tunnel traffic back to one centralized wireless controller. It works fine for internet access, but whenever wireless devices try to access local servers (at high bandwidth) it causes the WAN connections to get clogged and breaks the network.
If that ("incompatibility" w/ limited bandwidth) is a show stopper for you, then tunneling is not your solution.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2016 12:55 PM
The first option mentioned above is
a) Reconfigure your wired LAN to have a flat VLAN for WiFi throughout the entire property. Management of the APs can be on different VLANs, but the WiFi clients would all be on the same VLAN irrespective of which switch they are on.
This will certainly allow client to roam since wifi is one big flat network. What if you have a few thousand clients though, wouldn't a single vlan of this size be a problem with broadcast and multicast traffic?
a) Reconfigure your wired LAN to have a flat VLAN for WiFi throughout the entire property. Management of the APs can be on different VLANs, but the WiFi clients would all be on the same VLAN irrespective of which switch they are on.
This will certainly allow client to roam since wifi is one big flat network. What if you have a few thousand clients though, wouldn't a single vlan of this size be a problem with broadcast and multicast traffic?
Labels
-
DHCP
1 -
IP lease
1 -
license snmp
1 -
Proposed Solution
1 -
Ruckus
1 -
server
1 -
VLAN
1 -
wap
1 -
zone director
1 -
ZoneDirector
1
