Architecture overview
Your address plan ought to be created in conjunction with your wireless design. Wireless APs among your four-building campus, managed by controllers in your off-campus data center, can have address allocation significantly different from a worldwide environment with controllers in every workplace. Additionally, forcing all wireless traffic through a tagged VLAN on your centrally placed controllers instead of dumping traffic local to the end-user LAN changes the plan and troubleshooting strategies.
As I run through an address plan for wireless, I approach it in IP address-to-User ratios based on SSID function and region. Sound odd? Follow me on this.
- Corporate-user SSID: Most company users have a laptop, company-issued mobile phone and perhaps a tablet. Expect {that each|that every} of these devices can connect with the wireless network at the same time each consuming an IP address. If there are four hundred staff within the campus connecting to that SSID, you’ll want a minimum of a 4:1 ratio for coverage. During this example, that’s 1,600 addresses, therefore, you should reserve a /21.
- Vendor SSID: For your vendor guests giving presentations, you’ll be able to expect every user can have a laptop and a mobile phone (2:1 ratio). how frequently these guests show up to your workplace are some things for you to analyze but plan for an average of one-hour conferences. Add an extra 30 minutes to that time, shorten the DHCP lease to avoid address exhaustion and you’ll be able to avoid DHCP exhaustion. If you carved out a /24 you’d probably have enough addresses. it’d be laborious to imagine a region hosting 255 simultaneous devices.
- Guest SSID: Guest access gets a bit difficult. For the company environment, I plan a similar ratio as I do vendor access. For the service industry—bars, restaurants, and retail—I’ll consider only mobile devices, and perhaps add a “point” for the occasional man that’s “working from home.” The good thing concerning the service industry is you recognize the absolute most quantity of bodies you want to support. Look on top of the doorway and you’ll see the fire marshals required, “maximum occupancy” sign. If it’s a hundred individuals, use a 1.5:1 ratio. meaning a /24 would work for your operation.
The CIDR mask might change depending on how wireless traffic is offloaded to the local area network. When I mentioned the off-site controllers handling all the campus access points, you’d probably want a complete /21 for four hundred users with four devices. The situation changes if you offload that traffic locally to the building, tho’ the address block might stay the same.
In that case, you’ll only want a /24 per building to service those DHCP needs and you’re taking that from your supernet. It’s necessary to understand the function, estimated device count and where wireless is offloaded on a per SSID basis when considering your address allocations.
Carving Out Space
When I begin planning an addressing scheme in a brownfield environment, I prefer to start with the present IP address usage. Let’s use the medium-sized campus example. There’s an off-site data center, however, Wi-Fi traffic is offloaded to the wire nearest to the client. Let’s additionally assume that there are 5 branch offices connected via a wide area network.
In the figure, I show IP address blocks in use for this instance. For Wi-Fi, I’d open a brand new block within the RFC 1918 area for wireless clients. Keep in mind to keep your subnets within the natural CIDR boundaries so that your route lookups and summarization is optimal.
Within the campus, you may expect a hundred users per building and at a 4:1 ratio, that’s four hundred IP addresses per building for your company wireless SSID. I’d reserve a /23 for every building. Your WAN connected offices are a bit smaller and a /24 would meet their needs, even at the device ratio, we’re considering. With a remote data center, you wouldn’t expect loads of wireless devices at once. planning a /25 with 126-usable addresses, or a /26 with 62-useable addresses would be enough for engineers needing to work in the data center.
I recommend utilizing address space outside the “normal” corporate wired network blocks. within the figure, I showed usage within 10.0.0.0/8. If this were my network, I’d assign wireless to 192.168.0.0/16 or 172.16.0.0/12. After I log into a router to examine routes, seeing the 172’s or 192’s within the routing table instantly informs me of these are wireless networks. It’s just one of those “hints” that facilitate me with troubleshooting and I’ll take all the hints I will get at 3 am!
This exercise applies to IPv4. If you wish to induce bold, reserve and assign IPv6 address space for your Wi-Fi clients…then you merely think about subnets instead of host IPs. However, that’s another discussion.
Parting Thoughts
Some of these ratios won’t apply to your organization. I wouldn’t expect them to. What I’m attempting to do in this article is to offer some concepts concerning correct planning. In my experience, improper planning causes massive problems but is one that is most easily avoided.
I have worked in organizations that owned massive swaths of non-RFC 1918 subnets that they used internally. You wouldn’t need to re-IP your data center for an unforeseen IP conflict. However, I never needed to burn that space for wireless. Using RFC 1918 blocks for wireless sounded like a decent plan because it was simple to adjust within the event of overlap and you preserved valuable IPv4 addresses. Your situation might vary, however, the concept remains the same.
The troubleshooting problem at the start of this article related to a) offloading all wireless traffic in the data center instead of on the local LAN, b) junior employees assuming all subnets were /24’s, and c) poorly documented global address assignments. Your address plan must be thought out, documented, and versatile. Particularly in the IPv4 space. If you’re adjusting your Wi-Fi infrastructure, have all the heat maps, all the BOMs, however, leave address planning to chance and you’re hurting yourself and therefore the guys who help fix problems.
Download Free Aruba Resource
Get access to authentic content from one of the leading experts in the world from the Philippines’ premiere technology provider.