DHCP design

  • 2
  • Question
  • Updated 3 years ago
I need to design a DHCP network for  600 iPad in the same VLAN. There are 25 classroom. The LAN is 172.16.X.X /24. Every classroom has its own AP (25). Is it posible to configure the 25 AP ́s with a diferent range of DHCP?; for example 172.16.3.X /24 in AP1, 172.16.4.X in AP2, etc. All the AP ́s are in the same IP network . The lease time can be 15 days.  Other designs use the DHCP relay, but all the devices are in the same subnet (172.16.X.X) and I dont ́n know if the DHCP relay runs well in the same subnet. Please, any help will be well received.
Photo of Manuel Méndez

Manuel Méndez

  • 2 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 2
Photo of Tony Schaps

Tony Schaps

  • 28 Posts
  • 8 Reply Likes
I think you may be confusing VLANs with subnets. A VLAN can have multiple subnets (usually not advisable, though), and each subnet can be in only one VLAN.
Do you currently have them all using one IP subnet in one VLAN and one SSID? What would you be trying to accomplish by having a different IP subnet on each AP/in each classroom? 
A couple items which may help:
-- In your situation, a common reason to use different VLANs is to break up the broadcast domain. 25 subnets in one VLAN means a whole lot of broadcast traffic. You'd have less broadcast traffic with one subnet per VLAN. 
-- If you have 600 devices which could, theoretically, be connected to each of your subnets at some point or another over the span of a day, then you should use a subnet mask in each subnet allowing enough IP addresses for all your devices. A /23 network has 510 usable IPs, a /22 network has 1022 usable IPs.
-- When an iPad roams to a new AP with the same SSID, it assumes it is on the same subnet and will not request a new IP address. This could cause serious issues with your design.
-- The last point also means that it does no good to have leases more than 1 day, since when the students bring the iPads out of the school and back in, they will always do DHCP discovery upon connecting to a school network. As a practical matter, in modern switched networks, DHCP traffic is barely a blip of bandwidth, so until everything is running well, I advise shorter lease times to give you flexibility to make network changes. Start with an hour, inch it up from there, and no sense going more than 8 hours in any case.
-- A tip from my experience, I rolled out 1,500 iPads in a school with 65 APs, and due to various task, I didn't have time to create different subnets to break up the broadcast domain, but planned to in the first few weeks of school. Conventional wisdom is to never have more than 500 devices in a broadcast domain, but when school started, I found that 1,500 iPads work fine in a single subnet/VLAN. My emergency plan to break up into discrete VLANs and subnets was set aside, I waited until Christmas break to implement it, and even then, the performance improvement was slight. It already worked very well. Despite all the warnings I got, iPads actually are very good with bandwidth, much better than laptops. 

Give a little more background on why you want to do this, what are you goals or problems you hope to solve?

Regards--
Photo of Christopher Tawes

Christopher Tawes

  • 39 Posts
  • 4 Reply Likes
Tony,

Would you be willing to talk me through the process of setting up a /22 or /23 network?

I'm currently running a single /24 network (base network is 10.0.1.x) with 5 VLANs (10.0.2.x, 10.0.3.x, 10.0.4.x, 10.0.5.x, 10.0.5.x). I use a Mac Mini running OS X 10.9.5 as my DHCP server and an HP Procurve 2848 as my main router/switch implementing the vlans. 

I am using  PPSK logins on a single SSID for teachers (.2), students (.3) and guests (.6) and OS detection (iOS devices .5, Chromebooks .4) to steer my devices across those 5 vlans to segregate traffic and accommodate enough ip addresses for school owned, faculty owned, and student owned devices.  So far it is working, but I'm wondering if there is a better way. Reading your reply to the initial question above leads me to believe there might be, but I'm a bit out of my depth.

I manage the network for a 6-12 charter school with 70 full time employees and 365 students. I've got one building with multiple floors, 21 AP330s, 9 AP230s, 2 SR2024 switches, 1 SR2048 switch, and HMOL running 6.5r1. I've got a 50/50 fiber optic connection running into a pfSense firewall appliance.

It seems like every day I end up with more and more devices and I'd rather manage the traffic than try to manage the students bringing them into the building (let alone the teachers).

Thanks for your help (or for just letting me spell this out),

Christopher Tawes
Photo of Tony Schaps

Tony Schaps

  • 28 Posts
  • 8 Reply Likes
I am sorry to tell you that with your current IP address scheme, you are limited to /24 networks. For example, on 10.0.2.x/24 you have the useable IP range of 10.0.2.1 to 10.0.2.254. But the network 10.0.2.x/23 has a useable IP range of 10.0.2.1 to 10.0.3.254, which would trample over your 10.0.3.0/24. Same thing with 10.0.4.x/23 which would have the IP range 10.0.4.1-10.0.5.254. You need to make a major change now, before you get into a real mess running out of IP addresses, especially on your student network.At the school where I used to work, we used all /16 networks very successfully. There are two benefits to this: the subnet mask is easy to remember (255.255.0.0), and you'll never run out of IP addresses on a /16 subnet (65K+ hosts). The main downside to this is the occasional person who thinks using a /16 is insane because you'd never have that many hosts on your network, wasting IP addresses, too large a broadcast domain, etc. etc. which is all a bunch of hogwash. It works great. It's the total number of hosts on the subnet which really determines whether your broadcast domain is too large, not the number of potential hosts. 

If your 10.0.1.x/24 is your management VLAN, you can leave that, but I would then I would renumber the rest to 10.2.x.x/16, 10.3.x.x/16, etc. and be done with worrying about it. You can have both /16 and /24 networks together as long the IP ranges don't overlap. But for simplicity of design, I'd recommend all /16 (with 255.255.0.0 subnet mask) for all your networks. 
Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
Personally, I would advise against using /16 subnets as a wholesale, one size fits all solution. It sounds like it would work in Chrisotpher's environment, where it appears his network will be autonomous, not integrating with many (or any) other private networks.

For a network admin that will be interfacing with other private networks, creating VPNs, merging acquired entities with their own network schema, etc., network overlap will create a debacle, potentially requiring NAT and other laborious techniques. Proper use and scaling of CIDR and supernetting is essential.

Best,
BJ  
 
Photo of Tony Schaps

Tony Schaps

  • 28 Posts
  • 8 Reply Likes
I agree, it's not a wholesale, one size fits all solution, but for simplifying management of this small school networking environment just outgrowing the confines of /24 and where tech support is seldom adequate. VPN use, if any, is from home (usually Class C) networks, so IP conflict is unlikely with these IP ranges.
Photo of Christopher Tawes

Christopher Tawes

  • 39 Posts
  • 4 Reply Likes
Thank you both for your responses. I'm goint to think about this for a bit and I'm sure I'll have some simple deployment questins.
Photo of Manuel Méndez

Manuel Méndez

  • 2 Posts
  • 0 Reply Likes

Hi Tony;

Thanks for your quickly answer.  I have 125 ipadss, one broadcast domain, one DHCP (Mac Server) one VLAN , one subnet (172.16.X.X/24) one SSID, and one FTTH line outpout (100/10). Everything is working fine.

The problem is that the AP ́s are level 2 layer (no routing). The SWITCH too is level 2. So, I can ́t separate the network in subnet ́s with this SWITCH.

Also, now I have 600 ipad ́s , 4 FTTH lines (100/10) and I need to use them to distribute the load . My first idea was to use the DHCP in the AP ́s. Another idea is to use the 4 FTTH routers like DHCP ́s and the DHCP relay in the AP ́s (I don ́t know if this works in the same broadcast domain). Other people is using a Firewall - load balancing with its own DHCP.

What would you do in my case?

Thanks a lot for your suggestions.


Photo of Roberto Minotti

Roberto Minotti, Employee

  • 51 Posts
  • 5 Reply Likes
Consider the new VLAN Pooling feature from 6.6r1, this is the case! Have a look here:

http://www.aerohive.com/330000/docs/help/english/documentation/HOS-HM_6.6r1_NewFeatures_330183-01.pdf

it's a great way to solve the issue of "super-broadcasting" instead super-subnetting :)