90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!
2000 possible wifi connections, network design questions
Hi experts, i have a question on network design. I will be setting up a wireless network for some 2000 possible 5ghz wireless clients. I will be bringing in a 100m pipe into the venue for the internet. This will only be for internet access, simple browsing. I have a FortiGate-100D router that i will use for the router and dhcp. I have some netgear GS7487 switches laying around, so i want to used those. I will be using Xirrus access points for the wireless. Here is my question: Would it be best that i create Vlans to break down the network? I can create vlans on the switches and the router supports creating multiple dhcp scopes and vlan tagging. Or would i be ok just making a class B /20 network and let it ride?
Who is Participating?
2000 wifi connections is a lot. Here's the thing, windows machines are very chatty, so you usually don't want to put in more than 200 computers on one subnet.
The other thing to consider is security. Do you want your wireless computers to be able to see each other and talk to each other. Some people dont have a software firewall and they might expose their files.
Lastly, I would recommend you talk to Xirrus and try to get their opinion on designing this because of how many access points you are going to have to put up to give a good signal and bandwidth. They might even lend you an access point controller with a guest wireless feature. This would address your security and would allow your access points to be centrally and better managed.
You can try out a class B network and let it ride, but you'll get complications from just how chatty the network will be. If you divide the network into VLANs then you will run into issues with roaming if you use the same SSID.
You need to think this through a little better.I would suggest you go the access point controller way.
The other thing to consider is security. Do you want your wireless computers to be able to see each other and talk to each other. Some people dont have a software firewall and they might expose their files.
Lastly, I would recommend you talk to Xirrus and try to get their opinion on designing this because of how many access points you are going to have to put up to give a good signal and bandwidth. They might even lend you an access point controller with a guest wireless feature. This would address your security and would allow your access points to be centrally and better managed.
You can try out a class B network and let it ride, but you'll get complications from just how chatty the network will be. If you divide the network into VLANs then you will run into issues with roaming if you use the same SSID.
You need to think this through a little better.I would suggest you go the access point controller way.
chatty is why i thought breaking it down to vlans would be best, but then the roaming issue comes in to play because it will need to get a new dhcp lease. I'm not too worried about the security because i can set up the access point to create a walled garden and have it drop all station to station packets. So if the source it wireless and the destination is wireless it will get dropped. I have the access points and the central management software, that is not an issue. i am looking for more back-end networking, not necessarily the wireless portion.
If you can do the walled garden, then I'd go with the class B network. That way you dont have to worry about the roaming, and having to dhcp renew.
Yeah if you can block inter-client communication across the wireless network you can use a /20 network no problem.
For 2000 clients you'd need somewhere close to 66 APs +/- if you want to give them any kind of decent service (going on 30 clients per AP). That's being nice. If it was me I'd be looking at 20 clients per AP maximum.
This might be interesting...
http://www.xirrus.com/cdn/pdf/xirrus_solutionbrief_highdensity
For 2000 clients you'd need somewhere close to 66 APs +/- if you want to give them any kind of decent service (going on 30 clients per AP). That's being nice. If it was me I'd be looking at 20 clients per AP maximum.
This might be interesting...
http://www.xirrus.com/cdn/pdf/xirrus_solutionbrief_highdensity
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month7 days, 12 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
1] I posted a link to Xirrus' High-Density Design Guide. Design guides (more often than not) suggest how best to design the access and distribution systems.
2] I suggested that you might not need to do any 'back-end networking' if the APs support blocking intra-client communication.
Point [2] would completely mitigate the need for creating smaller subnets and therefore relieves any complex network design, therefore you should determine whether this is an option or not before you get into the nitty-gritty of VLANs and routing.