On 18/02/11 14:52, schilling wrote:
I can explain my environment.
This is getting OT for the list, and will be my last post.
We are migrating from traditional captive portal to new 802.1x WPA2-Enterprise, from fat AP to controller based wireless architecture, Wireless mobility comes into play too. At the same time, how to maintain the traditional source-based IP ACL/Firewall? We already implemented MPLS VPN based network virtualization, so we want to utilize both MPLS VPN and newer wireless architecture. That's why.
I'm not suggesting that you shouldn't do *any* VLAN assignment. We do VLAN assignment on wireless, and in fact each VLAN is inside an MPLS VPN, so we're doing something similar to you.
I'm only suggesting that hashing or any other "load balancing" scheme to keep ~N clients in each of X VLANs might be either unnecessary or possibly even harmful.
Another thing is big VLAN broadcast scalability. So we want to chop off users in different VLANs at first by hash, later will try to implement group based VLAN assignment.
But why? Many (most?) controller-based wireless systems don't suffer from broadcast scalability problems. For example, our Cisco WiSMs simply don't forward broadcasts. They proxy ARP requests and handle the DHCP internally, so there's no need for clients to send broadcasts.
I would talk to your vendor to see if they have a similar solution. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
