I've recently taken over a large (to me, anyway) network at a university campus.

One of my current projects is to upgrade WCS to NCS. I'm also expanding the wireless capability in several of our classroom buildings. (The previous wireless installation focused on coverage - I'm upgrading now for capacity. One building in particular is going from 16 APs to 49 APs. Another one is going from 9APs to 39 APs.)

We have a couple of WISMs in a 6509 chassis and the controllers are on the same subnet.

Each building has a subnet for the APs themselves. IP addresses are assigned to the APs via DHCP.

Each building has 3 subnets for wireless clients - a student subnet, a faculty/staff subnet, and a guest subnet.

These are all full class C subnets.

This just seems inefficient to me. In a few buildings, I have had to create DHCP superscopes to add more IP addresses for clients as one class C network wasn't enough. In most other buildings, the class C DHCP scope utilization is under 50%. It seems there must be a better and more efficient scheme.

I should also mention that one of our networking goals is to eliminate Layer 2 links between buildings or between buildings and the core. Links from the buildings to the cores will be Layer 3, with each building having a Layer 3 switch. (OSPF routing protocol, one big Area 0).

Is this the best design for this wireless network, specifically with regards to IP addresses? Or is there a better way to do it?

Hmm.. 250+ wireless clients in a single building sounds way too much, did you try lowering the DHCP lease time?
Btw there's no such thing 'best design', you should choose the one which suits best for your scenario. Look for SRNDs (desgin guides) on cisco site for best practices..

Yes, the lease time is 4 hours.

250+ wireless clients in a single building is not that odd. This is a university campus, we have classroom buildings that are 4 stories tall, with as many as 12 large classrooms per floor and several smaller ones plus faculty offices and meeting rooms. We could potentially have 250 students just on one floor of one building. And just about every student has a smart phone, tablet, laptop, iPod touch, etc.

Yea, I remember. Design is simple then: get as many APs as you can

And then try your hardest to balance the clients on them automatically lol. With students and laptops I know my biggest gripe in college was the LACK of coverage they had in most buildings at my school... soooo make sure you cover and double cover the classrooms so students can use the network

We have the APs for coverage. We're now expanding for capacity. We just received our order of a couple hundred Cisco 3600 APs and should begin installation in the next few weeks.

My main question, I guess, is related to IP address management. Is superscopes the way to go? And just add an additional /24 subnet whenever the existing scope starts to fill up? Any reason not to use a /23 or even a /22 subnet?

OK stupid question, but if you are having a problem with having enough IP addresses for the subnet, is it possible to resubnet with a private class A network and the you should have plenty of IPs for the students? I know it would be a pain at first but it should pretty much make it so that you don't run into this problem again in a could years... That is if we are not all running IPv6 by then.

-J

Have a look at the VLAN Select feature added in 7.0.116.0, might be useful in a growing installation: http://www.cisco.com/en/US/docs/wireles ... l#wp692430

_________________
som om sinnet hade svartnat för evigt.

I've had to let this issue slide for a while, but it needs some re-examination now.

The question has become, do I keep adding additional child /24 IP scopes to my SuperScopes? Or do I re-subnet to a larger network?

The network I inherited is a mix of wireless IP scopes/SuperScopes per building, and multiple buildings using a scope or SuperScope. Many of those scopes/SuperScopes are running out of available IP addresses.

Do I keep patching and add another scope where necessary? Or, do I re-subnet?

We use 3 primary SSIDs. Staff, Students, Guests. Plus a couple others for very specialized use.

Can I replace these multiple /24 networks with a /19 network for each SSID? That would give me the possibility of 8,190 hosts per network/SSID. Our average number of wireless clients per day is around 2,500 with 2,000 being on one SSID. That's over the course of a day, not all at once. But that will only grow. And a /19 network would be so much cleaner than the hodge-podge mess of /24 networks I have now.

Is /19 too big of a network? How will that impact performance? Security? The DHCP server (Windows)? Why might this be a bad idea?

(I'm running a WiSM2 in a 6509, using Lightweight APs).

Large networks in wireless are the norm. The big downside to large networks in LAN environments is the broadcast. In wireless the broadcast does not get propogated so it isn't an issue.

One thing you want to think about though is client location awareness. If you are using NCS then it isn't much of an issue. If you are using wifi phones then you will need location by IP subnet for 911 location. This is even when you have MSE and NCS/WCS as they do not integrate with CER.

Sent from my ADR6400L using Tapatalk 2

The problem you will run into with large networks is broadcast and multicast. You can run really large wireless networks if you keep broadcast forwarding disabled and you drop peer-to-peer traffic. If you ever need to enable those features, large network sizes can have a huge impact on performance.

As mentioned before, VLAN Select and Interface groups is designed to allow you to deal with aggregating smaller networks into a pool. This allows you to create a group of interfaces and load balance clients into those interfaces. This feature is available in 7.0.116, but it is better to use 7.2+ as these versions include additional functionality to deal with clients roaming and solves some challenges with round-robin dhcp scope depletion.

The nice part about interface groups is you can take a class B and subnet it into /24 networks. As you need more capacity, you can add additional /24 networks from the class B to the controllers and add it to the interface group.

This allows you to grow your wireless network without having to create enormous networks.

This design can be called as good or better than available design but can not referred to best. There may be a better design than this after some time. Your's is a nice design.

I am .edu as well, and our WLAN has one SSID for students and staff. We use RADIUS to then put them on different vlans. We use one vlan for students, and one for staff. This is on a WiSM2/6500 as well (3 WiSM2s actually). The vlans are terminated locally on the 6500 as SVIs. So I don't think it is crazy at all to consolidate down to one vlan per group of users (staff, students, guest) and have a large enough network for what you need. We too are using a /19 for students and a /23 for staff. If we need to go any larger on the student side, I would be looking into interface groups to handle that vs. a /18.

I made the chances and so far I'm happy with the results.

We have 4 WLANs - student (student owned devices), staff, managed (university owned devices, but used by students) and guest. The previous network admin has built AP groups for some of the individual buildings on campus. Some buildings were part of the default group. The APs in some buildings were in the AP group for another building. Some of those AP groups had their own dedicated vlans (/24 network) and interfaces for each of the wlans. Some used the default. The networks that had exhausted their /24 address space were expanded by using a secondary IP address on the vlan interface, and a DHCP superscope. None of these various superscopes were using sequential /24 networks. It was a mess and it was time to stop patching it and clean it up.

10.3.x.x is the range of addresses/networks reserved for wireless. 10.3.0.0/24 and 10.3.10.0/24 were in use for specialized purposes and would be too difficult to reconfigure. So I started re-subnetting into /22 networks at 10.3.12.0. From there, I broke the /22 networks into groups. 10.3.12.0/22 through 10.3.108.0/22 for the student wlan. 10.3.112.0/22 through 10.3.196.0/22 for the staff wlan. 10.3.200.0/22 through 10.3.204.0/22 for the managed wlan. 10.3.208.0/22 through 10.3.212.0/22 for the guest wlan. And 10.3.216.0 and up available for future use - overflow in the unlikely event one of the other wlans maxes out again, or additional special purpose wlans, etc.

Addresses up through 10.3.45.0/24 were already in use with the original design. So I set up 3 student networks starting with the 10.3.48.0/22 network (create vlans, define routes, configure firewalls, etc). I created a "student-wireless" Interface Group on the WLC and added the interfaces for these networks to it. I built 4 staff networks starting at 10.3.112.0/22 and added them to a "staff-wireless" Interface Group on the WLC. Then one /22 network each for "managed" and "guest." I still created an Interface Group for each of them even though there's only one interface in that each of those "groups." If needed in the future, I can easily drop another interface into that group. Same for all of the wlans. Then I went through the WLC and created an AP Group for each building that didn't already have one. In those, I set up the wlans using the interface groups. On the DHCP server, I set up the scopes for each of those new networks.

This was all done during a maintenance period, but this was as far as I could go without impacting current users, so I went over everything again and verified the configurations and made a new backup (in addition to the one I made before I started making changes).

Then, I deactivated the old DHCP scopes. In the WLC, I put all the APs in their correct AP groups and reconfigured the wlans on the existing AP groups to use the new interface groups. At this point, everything should have been working so I had some guys from User Support go out and about on campus to verify first hand. No problems were reported.

So then I had a lot of cleanup to do. On the WLC, I had to delete the old interfaces, delete the old vlans and interfaces on the core L3 switches and the firewalls, and delete the old DHCP scopes.

Then, I went back and created new networks, routing and firewall rules, WLC interfaces, and DHCP scopes for the student networks using 10.3.12.0/22 through 10.3.44.0/22 and added them to the "student-wireless" interface group in WLC.

Re-verify and re-test. Update documentation. Done!

The process went very smooth and I think that was due to the level of preparation I went through. I created a "script" to follow that outlined every step in detail, pre-wrote my configuration commands so I could just copy and paste to the various devices, etc. The maintenance window was on a Friday, so I took almost the entire week leading up to that to prepare the "script" and review it for omissions or errors.

As I said, I'm very pleased with the results. We have plenty of address space available now for each wlan. Watching the DHCP scopes, they are each around 30% utilized (4 hour lease time). Everything is a lot cleaner and better organized. The next big change is IPv6!

That is a lot of Mac's. Kids can barely afford education let alone get a job afterwords but they all got a Mac. Odd.

That's what student loans are for!

At the risk of derailing the thread... Student loans. They're too cheap and easy to get. Students don't think about having to pay it back later or think it will be easy to do so. For now, it's just "free money." When I was in college 15 years ago, my broadcast journalism instructor tried to convince me to take out a student loan to buy a Mac for video production assignments in her classes. I was debt free at the time (scholarships and summer construction jobs) and as tempting as it was to get a high-end computer for "free" and not have to worry about paying for it for a few years, I just didn't think that was a good idea. And I was right. Later, I fell into the student loan trap, though. I got married, was out of work, and went to graduate school just for the student loan money to live off of and took the max I could get. And that was when the economy was great. Even though that gave me a good graduate degree and a good paying job (but a job I could have gotten without the Master's degree and ton of student loan debt), I'll spend the rest of my life paying that off. If all of those Macs in that picture are owned by the students, then I'd make a wager that a large percentage of them were purchased with student loan money.

Came across this blog post on high density WIFI design that has some interesting points. More geared towards stadiums and large event centers but you might find some good design suggestions in it.

http://justdowifi.blogspot.co.uk/2012/0 ... witterfeed

Never thought about using directional Antennas to shrink the cell size and limit the number of clients.

_________________
http://blog.movingonesandzeros.net/