Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2859
Views
0
Helpful
8
Replies

Too large IP subnets for wireless clients ?

Steven Shelton
Level 1
Level 1

‎05-11-2017 04:37 AM - edited ‎07-05-2021 07:00 AM

Has anyone experienced broadcast issues with subnets larger than /22?   Customer want to increase subnet size to /19, which seems like a problem waiting to happen.

Does Cisco have recommendations on sizing subnets for wireless?

Thank you for your response

Labels:
0 Helpful
8 Replies 8

Ric Beeching
Level 7
Level 7

‎05-11-2017 06:08 PM

I recall reading somewhere that no more than a /23 is recommended but I can't remember where! I have seen networks working fine with /21 and /20 but it depends on what types of traffic you are expecting (e.g. if high in Apple devices there will be lots of Bonjour traffic) and, if there's a local WLC, are you forwarding broadcasts? IPv6 and LLMNR are also common protocols that can use up switch resources and flood the VLANs.

Ric

-----------------------------
Please rate helpful / correct posts
0 Helpful

Steven Shelton
Level 1
Level 1
In response to Ric Beeching

‎05-12-2017 04:16 AM

Ric,

The number of Apples device using wireless is about 50% of the total 7000 clients.

For the most part, the WLC is local to the APs, this is a campus environment with three remote sites. Two remotes are relatively small, less than 20 APs, the other remote site will reach around 100 APs once the new building is finished. 

Currently, no IPv6 and probably no LLMNR since we have no older Windows desktops or servers.

I assume that broadcast traffic is forwarded from the wired vlan via the SSID to its wireless clients.  I am not aware of any controls in place that would prevent it.   Should we block or limit b'cast traffic? How would you do that?

Thank you for your reponse

0 Helpful

Ric Beeching
Level 7
Level 7
In response to Steven Shelton

‎05-12-2017 08:41 PM

For your remote offices are the APs in FlexConnect mode or do you tunnel all that back to your WLC? I'm assuming they do all tunnel back if you're using the same subnet for everything?

Broadcast traffic is not forwarded across the WLC by default (from wired to wireless and vice versa) so you should be ok there.

By default layer 2 multicast is also not forwarded unless multicast snooping is enabled. This will prevent apple devices from seeing each other using bonjour but also limit the mDNS traffic smashing your LAN.

The other issue with running many devices will multicast capabilities is these message are unicast between APs from the WLC and also then to each client. To mitigate this you can use ap multicast mode but there is still a risk the amount of traffic will result in a flood of unicasts on your wireless network.

Ric

-----------------------------
Please rate helpful / correct posts
0 Helpful

Rasika Nayanajith
VIP
VIP

‎05-13-2017 01:50 PM

what WLC model in use ? If it is 5508, then keep 7K is the max client limit. So even you allocate /19 (8192 hosts), WLC cannot handle that many clients in its database (if it is 8540/5520 you should be ok).

With increase subnet size, you need to look at the ARP table size of L3 switch these wireless client terminate. It will mostly become bottleneck when it handles large MAC address table.

Regarding wireless side as Ric pointed, as long as you do not enable "broadcast forwarding" feature, you should be fine with /19 network.

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

Steven Shelton
Level 1
Level 1
In response to Rasika Nayanajith

‎05-13-2017 06:10 PM

here is partial output from "show network summary", Ethernet broadcast forwarding is enabled.


Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
Secure Web Mode SSL Protocol................ Disable
OCSP........................................ Disabled
OCSP responder URL.......................... 
Secure Shell (ssh).......................... Enable
Secure Shell (ssh) Cipher-Option High....... Disable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Enable
Ethernet Broadcast Forwarding............... Enable
IPv4 AP Multicast/Broadcast Mode............ Multicast Address : 239.240.240.1
IPv6 AP Multicast/Broadcast Mode............ Multicast Address : ::
IGMP snooping............................... Enabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
0 Helpful

Rasika Nayanajith
VIP
VIP
In response to Steven Shelton

‎05-14-2017 04:21 PM

This is not looking good. 

do you see high channel utilization in this network ? If you forward all broadcast over the air, that should consume most of valuable air time, resulting degraded performance for clients.

In a large network, this is not an recommended setting. By default this is in "disabled" state.

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

Steven Shelton
Level 1
Level 1
In response to Rasika Nayanajith

‎05-18-2017 06:06 AM

As simple as this seems, I'm not sure I fully understand exactly what this function does.  Are these statements correct?

If Ethernet Broadcast Forwarding is disabled then broadcast packets are only forwarded to a specific AP?

If Ethernet Broadcast Forwarding is enabled then all broadcast packets are forwarded to all APs?

The Ethernet broadcast traffic would be from the vlan which is mapped to the SSID in the AP group. 

And since Ethernet Broadcast Forwarding is a global setting, the broadcast traffic would include all vlans/SSIDs in the all AP groups.

0 Helpful

Ric Beeching
Level 7
Level 7
In response to Steven Shelton

‎05-18-2017 06:16 AM

If Ethernet Broadcast Forwarding is enabled then the WLC will pass any broadcasts like network discoveries through which can result in significant performance impact. For example, if you have 7000(!) clients in one subnet and half of those are wireless half are wired. For every device that sends out some form of broadcast, e.g. a network discovery broadcast, that packet will be unicast to each of your Cisco APs to start with (unless you have AP Multicast enabled) and then after that it will be unicast to every single one of your wireless clients so that's 3500 wireless unicasts + the number of APs you have as overhead. Now what happens when two clients start broadcasting etc etc... you get my point.

If Ethernet Broadcast is disabled (common) then basically the WLC blocks those sorts of things traversing it which seems to have very little affect on most networks and is recommended.

Correct on the global front, it would affect everything if the APs are in local mode or central switching with FlexConnect.

Ric

-----------------------------
Please rate helpful / correct posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card