I posted with a gmail account before, but there is no response. Now I am reposting w/ my edu account, and would really appreciate your opinion on this.
Hi All, We are thinking of migrating our captive portal wireless network to dot1x mobility wireless network. Given that we will need one or two years to totally migrate to Aruba controller based wireless network. We have enough aruba controllers, but not enough aruba AP to replace all of the fat AP/Arrays. We are thinking of having a /20 or /21 flat campus wide layer 2 vlan for dot1x ssid supporting mobility. For legacy fat AP/array, we will just use the dot1x provided by the fat AP/array. For new thin aruba AP w/ GRE back to controllers, we will use the controller based aruba dot1x authentication. Big flat layer 2 vlan is an attractive option. Roaming between aruba AP will be handled as L2 mobility. Roaming between aruba AP and fat AP/array will just need to reauthenticate with dot1x. This way, user does not need to type in username/password as in captive portal while roaming around. The session may still break up while roaming between thin AP and fat AP/array even user might get the same DHCP address. Since we have to trunk the layer 2 vlan to everywhere there is a fat AP/array. This basically turns our routed core to bridged core for that VLAN. If there is a network storm in this VLAN, then all core routers thus all campus units will be affected. It would be a nightmare and disaster. Would you do a campus wide /20 /21 layer 2 user vlan on your campus? If you did it before, what's the lessons you learned over this approach? Could you think of any scenario that we might have a network loop causing network storm given that we are using different wireless vlan and wired vlan? Since wireless client can only associate with one AP, can we safely assume that loop between one AP to another AP thru wireless client is not possible? Thanks, Shiling ******************************** Shiling Ding (850)645-6810 [email protected] Network Specialist Information Technology Services Florida State University ******************************** ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
