Butch Evans wrote: > In the deployments I've done with similar designs, most are running > fine, still. There is one instance where the original design needs to > be redone because the parameters I was given were WAY under what they > ended up with. I was given a total number of hosts to be 50 and they > now are running with 360+ hosts. YIKES! Either way, I have used VLAN > for this type of thing, L2TP and even (only once) EoIP. All 3 do what > we needed to do, so the design choice you mention should hold up well.
Not a problem on the BelAir units. There are two cool features on the BelAir units that I use to filter out "crap traffic" at the layer two level. (a) secure port mode: once enabled, prevents wireless clients associated with different APs from communicating with each other (b) wireless bridging: once disabled, wireless clients on an AP cannot talk to other wireless clients on that same AP (they can only go OUT to the Internet). When I want everything ona big flat network and don't want to properly VLAN everything, then I just (a) enable secure port mode and (b) disable wireless bridging. The commands for each are as follows: (a)/interface/wifi-<n>-1/setssid<ssid_index> secure-port enabled (b)/interface/wifi-<n>-1/setssid<ssid_index> wireless-bridge disabled I know BelAir admins who have *giant* "flat" networks out there (seriously, like 10x bigger than any of my networks) with just these two settings, and they can take enormous layer 2 traffic pounding in broadcast traffic without missing a beat. If, however, I'm just itching to VLAN tag everything I might consider doing something like the following: (1) on my router, associate IP addresses with these VLAN tags. These, of course, will be separate broadcast domains: e.g. VLAN 1: 192.168.1.0/24 VLAN 2: 192.168.2.0/24 VLAN 3: 192.168.3.0/24 (2) assign two SSID to every BelAir AP, one hidden and one visible (3) on whatever arbitrary groups of hidden SSID tags for each BelAir access point, I assign a VLAN ID tag e.g. AP1-AP5: CityWifi (hidden) - VLAN 1 AP6-AP10: CityWifi (hidden) - VLAN 2 Etc, etc (4) And on *all* the visible roaming ones, I assign ONE VLAN tag. AP1-AP10: CityWifi-roaming (shown) - VLAN 3 Step (3) ensures that broadcast traffic (say those who are connected via Ruckus) only affects the VLAN assigned to that group of APs; step (4) assures that people running around the neighborhood don't lose connectivity (i.e. their IP address doesn't change, even when they switch from AP to AP, they keep their same 192.168.3.0/24 address). Planning out these steps are more time intensive than just writing those other two commands on the BelAir units. However, they really give you a lot more flexibility and control on your network, which you may want at a later time... > My only advice is to watch the number of hosts that will sit on a > bridged segment, ESPECIALLY the wireless portion of that segment. > Wireless is not always as forgiving or bad network design choices as > hard wired ethernet. :-) Do you have these features on other wireless solutions that you deal with? -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
