Solved: Re: "Per-site" vs "Estate-wide" WLC WLAN Interfaces and subnets

Jim Blake · ‎03-21-2019

I have built a few wireless networks, based upon the 5500-series WLCs, and have made it my practice to provide a single interface on the WLC for "Corp", another single interface for "Guest", and possibly a third for "BYOD", depending on requirements. These interfaces have each been associated with a single SSID, so for example, I have all "Corp" users associating with the "Corp" SSID, and their traffic emerging from the WLC on the "Corp" interface, using a single large subnet for all users. I find this makes for simpler operation, and better address space utilisation.

Now I have encountered a situation where I'm upgrading an existing Wireless network, in which the architect before me gave each site its own "Corp" "Guest" and "BYOD" interfaces, associated with their own (small) subnet. The sites all use the same set of SSIDs. Is there any benefit from doing this? From my experience (but I could be wrong!) a single subnet per SSID delivers better address utilisation, and is a whole lot simpler, both to build and to debug. You could argue that fragmenting the subnets so that each site has its own could improve user authentication and accounting, but I would dispute that: the Authentication mechanism does not rely on the IP address, so although you could say from the IP address of a user what site they were on, you are still reliant on other information to fully identify the user.

Any comments or shared experience would be very welcome.

Thanks

Jim

Haydn Andrews · ‎03-22-2019

Are there any different requirements per site for the corp/ BYOD and Guest subsets?

If the wireless is all local mode APs, then you could use AAA override to use a single SSID for CORP, one for BYOD and one for GUEST and in the backend assign which subnet to place them in.

You are correct if there is no difference in security / management for each site, then it would be easier with a large subnet.

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

View solution in original post

Jim Blake · ‎03-22-2019

You wrote "Are there any different requirements per site for the corp/ BYOD and Guest subsets?"

No, on the contrary, the requirement is identical across the estate...if it were not, then using site-specific subnets my have been an answer, though I'm not convinced thats the best way to deliver differences.

However, your comments chime pretty much exactly with my thoughts, so thanks for confirming my original thoughts.

Thanks

Jim

View solution in original post

Haydn Andrews · ‎03-22-2019

Are there any different requirements per site for the corp/ BYOD and Guest subsets?

If the wireless is all local mode APs, then you could use AAA override to use a single SSID for CORP, one for BYOD and one for GUEST and in the backend assign which subnet to place them in.

You are correct if there is no difference in security / management for each site, then it would be easier with a large subnet.

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

Jim Blake · ‎03-22-2019

You wrote "Are there any different requirements per site for the corp/ BYOD and Guest subsets?"

No, on the contrary, the requirement is identical across the estate...if it were not, then using site-specific subnets my have been an answer, though I'm not convinced thats the best way to deliver differences.

However, your comments chime pretty much exactly with my thoughts, so thanks for confirming my original thoughts.

Thanks

Jim