Any way to get more than 16 VLANs supported on one SSID?

  • 1
  • Question
  • Updated 1 year ago
Hi all, I just ran into the 16 user profile cap for a single SSID within HiveManager NG.  The reason I need more is at my facility we rent out part of space to 26 tenants.  We gave all the tenants their own VLAN for privacy.  We were looking forward to taking advantage of the Aerohive system by giving all our tenants their own private key that would allow them access to their private network from any where at our facility, and in return we get them to remove their private APs cleaning up the airwaves. 

So, at this point all i can think of doing is creating another SSID to add more VLAN support.  Though every where i look, they recommend keeping SSIDs to minimum.

The question is:  Is there another way to associate VLANs to user/user group besides user profiles?
Photo of Manoly Manios

Manoly Manios

  • 3 Posts
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Rob Burgoyne

Rob Burgoyne

  • 19 Posts
  • 0 Reply Likes
You can push VLAN via radius if you're doing 802.1x, however I would not recommend it since radius is much harder to support than ppsk for this type of environment. Is there any other way to logically separate out tenants that makes sense, such as an SSID per floor? Another option would be to drop tenants into the same VLAN and block all local traffic, so they only have internet access (like a hotel). However, this would block anyone from connecting to their own devices, such as a laptop streaming to Chromecast, AppleTV, or printing to a Wireless Printers etc. 

Typically you don't see a drop in performance if you keep SSID's below 4 per AP. 
(Edited)
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Manoly,

You could use RADIUS MAC address authentication to have access to more VLANs where the VLAN in the user profile is overridden.

Nick
(Edited)
Photo of Manoly Manios

Manoly Manios

  • 3 Posts
  • 0 Reply Likes
Thanks for reply's.  In regards to Radius, would we be able to assign VLAN based on user, or is it solely based on mac address?

Rob is right, we need to allow end users to connect between all their devices, both wireless and wired devices.  In addition, we want to allow our tenants to roam our facility, such as the court yard and when they visit other tenants. 

Currently we have 4 SSIDs being broadcast: One for the company proper which we plan to convert to a Radius based authentication, one for a specialty department, one for our tenants and with "Guest" in the name to help reduce end user confusion when giving out guest passwords.

So, if you were me, would you add a 5th SSID, or replace the Guest SSID?
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Manoly,

Yes, you would need to keep track of the MAC addresses which would not be ideal...

You could mitigate the airtime impact of offering additional SSIDs by disabling all of the 802.11b data rates.

The overhead can be calculated via:

http://www.revolutionwifi.net/revolutionwifi/p/ssid-overhead-calculator.html

Cheers,

Nick
Photo of Manoly Manios

Manoly Manios

  • 3 Posts
  • 0 Reply Likes
So if we assume the aerohive APs will make sure they are on different channels, we look at the line with 1 ap per channel.  So we'd be going from a 13% overhead to a 16% overhead. 

As for disaling 802.11b data rates, where would i do that?  In the SSID settings, or under the radio profile?

Thanks for you explaining some of the advance options available.
Photo of Chris B

Chris B, Official Rep

  • 93 Posts
  • 10 Reply Likes
Hi Manoly

The data rates can be modified in the SSID optional settings, just select rates 1-11 as N/A.

Chris