Wireless Access

Hi,

Generally i create AOS8 L2 cluster simple with a link-aggragation to the coreswitches and tag all vlans on it. A customer have a building that is shared multi-ple companies in one building that share the same WLAN / AOS8 L2 cluster. The customer don't want the VLANs of the in-house companies on his network.

The idea is to give each company one SSID with one dedicated vlan and uplink interface on the 7210 controllers.

Will this design works?

- Companies don't have captive-portals and manage there one firewall/routing/dhcp/internet.
- For the L2 cluster we allow only cluster hearthbeats on the corporate wifi and management vlans.

On the other hand i more like one link-aggragation 2x10Gbps LACP to a distribution switch and split the VLANs there out to each company, give more flexibility in my opinion but that's not what the customer want.

Any pro or cons? Suggestions are welcome.






------------------------------
Marcel Koedijk | MVP Expert 2022 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
------------------------------

Hello,

if evry V-LAN is present on both controllers and the controllers are L2 connected to each other over this vlans, the cluster should work as L2 connected clusters.

But from management perspective, it may be difficult if evry company want to have access to the wifi management.
Therefore the multizoning would be nicer.

If they don‘t care, from technical perspective it will work.
I have similar designs for customers who devide guest and internal traffic physically to different switches at core layer but „reunite“ the traffic from controllers down through the access layer to the AP‘s.

The 7210 only got two 1000BASE-T/X combo ports and four SFP+ ports.
That means you have just 6 Ports in summary.
So, there is no redundancy possible if evry company should get a dedicated port and the management uplink to the building 2 core should stay at 2x 10GBe….

May it would be possible to place a additional aggregation switch in between the companies and the controllers, and use a second 2x 10GBE LACP bond.

OR use a different controller type as DMZ cluster in connection with the multizone feature… (needs an additional conductor … but nice)…



---------------------------------
Best regards, mom
---------------------------------



Original Message:
Sent: Feb 22, 2022
From: mkk
Subject: AOS8 L2 Cluster Uplink Design

Hi,

Generally i create AOS8 L2 cluster simple with a link-aggragation to the coreswitches and tag all vlans on it. A customer have a building that is shared multi-ple companies in one building that share the same WLAN / AOS8 L2 cluster. The customer don't want the VLANs of the in-house companies on his network.

The idea is to give each company one SSID with one dedicated vlan and uplink interface on the 7210 controllers.

Will this design works?

- Companies don't have captive-portals and manage there one firewall/routing/dhcp/internet.
- For the L2 cluster we allow only cluster hearthbeats on the corporate wifi and management vlans.

On the other hand i more like one link-aggragation 2x10Gbps LACP to a distribution switch and split the VLANs there out to each company, give more flexibility in my opinion but that's not what the customer want.

Any pro or cons? Suggestions are welcome.






------------------------------
Marcel Koedijk | MVP Expert 2022 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
------------------------------

Hello, 
you have two options to avoid 3rd party company VLANs in your core
1) simplest and cheapest - do bridge WLANs. you will use the company's local VLANs and route traffic locally, without stretching it to your data center.
2) multi zoning -  you can place a controller for each company and tunnel that VLANs locally at the company level. the multizone controller does not require any license itself, even more, you can have a virtual controller for free, but you need to have RFP licenses in the parent controller.

in your case, 1st option will be fast and effective.

------------------------------
Temur Kalandia
------------------------------

Original Message:
Sent: Feb 22, 2022 02:34 PM
From: marcel koedijk
Subject: AOS8 L2 Cluster Uplink Design

Hi,

Generally i create AOS8 L2 cluster simple with a link-aggragation to the coreswitches and tag all vlans on it. A customer have a building that is shared multi-ple companies in one building that share the same WLAN / AOS8 L2 cluster. The customer don't want the VLANs of the in-house companies on his network.

The idea is to give each company one SSID with one dedicated vlan and uplink interface on the 7210 controllers.

Will this design works?

- Companies don't have captive-portals and manage there one firewall/routing/dhcp/internet.
- For the L2 cluster we allow only cluster hearthbeats on the corporate wifi and management vlans.

On the other hand i more like one link-aggragation 2x10Gbps LACP to a distribution switch and split the VLANs there out to each company, give more flexibility in my opinion but that's not what the customer want.

Any pro or cons? Suggestions are welcome.






------------------------------
Marcel Koedijk | MVP Expert 2022 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
------------------------------