Panayiotis Kanaris
asked on
Wireless network for around 2000 users
Hello,
We are looking a way to setup a network for a mall. The target is to be able to connect to this network around 2000 clients ( customers of that mall).
We will cover the area with Ubiquinti AP-Pro. We are not sure on the network structure to be able to give ip's to at least 2000 concurrent clients that are expected to be in the mall in the peak hours.
If anyone knows or has experience in such a case, please assist.
Thank you
We are looking a way to setup a network for a mall. The target is to be able to connect to this network around 2000 clients ( customers of that mall).
We will cover the area with Ubiquinti AP-Pro. We are not sure on the network structure to be able to give ip's to at least 2000 concurrent clients that are expected to be in the mall in the peak hours.
If anyone knows or has experience in such a case, please assist.
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I can't say if the Watchguard will be able to cope managing about 2000 DHCP requests at peak hours, I would not set the DHCP leases to more than 1 to 2 hour tops, I can imagine that most people only browse their mobiles for short moments and for the few people that will be using the network extensively I don't feel like you should make an exception, it's a free service after all if I'm not mistaking?
ASKER
We are thinking of limiting the bandwidth of each connection. Also we calculated that an average visit time is 3-4 hours, (shopping, eating, recreational). It will be a free service. The clients will have to accept the terms of using free internet and then redirected to a landing page (mall's home page). We will block torrents and services like that, Also the home page will be installed on a web server running in the same network. Via the Ubiquinti management console i can block access to specific ip's so this will not be a problem. Did you have any "bad" experience with Watchguard? Series 3 is supposed to be able to handle 40.000 simultaneous connections accordingly to their specs.
I used to support Watchguard Firewalls a while back, the only "bad" experience I had was mostly to do with clustering of the Watchguard Firewalls, besides that not any more "bad" then similar devices, I'm comparing apples with apples of course ... I'm sure most of the issues I encountered back then are taken care of by now.
3-4 hours, if you take into account that leasetime (not saying you will use it) I'd definitely choose for a big enough IP-range, just to make sure you have some room for expansion.
3-4 hours, if you take into account that leasetime (not saying you will use it) I'd definitely choose for a big enough IP-range, just to make sure you have some room for expansion.
ASKER
We are considering to use the 10.1.1.0/20 range. Probably it will be more than enough. And since we are a Watchguard distributor, we will probably go for that.
Do you have any other concerns that should also be my concerns ?
Do you have any other concerns that should also be my concerns ?
Besides security, which you probably already are taking into account (e.g DHCP snooping), you covered all bases pretty well. Avoid unnecessary services, block "dangerous" ports and software. Scan the network for rogue AP's regularly...
The /20 range gives you more than 4000 nodes/hosts/clients... So yeah, it'll probably be enough for your goals.
Since you're a Watchguard distributor, I wouldn't doubt using them.
The /20 range gives you more than 4000 nodes/hosts/clients... So yeah, it'll probably be enough for your goals.
Since you're a Watchguard distributor, I wouldn't doubt using them.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dear Nammit,
The network will be only for giving internet access to the clients of the mall. Nothing else. We will use the XTM33 with dual wan / load balancing configuration. We will setup 2 x 50 MBPS lines.
Can you please be more specific on the troubles that we might get ?
The network will be only for giving internet access to the clients of the mall. Nothing else. We will use the XTM33 with dual wan / load balancing configuration. We will setup 2 x 50 MBPS lines.
Can you please be more specific on the troubles that we might get ?
Hi,
Nammit is referring to the fact that DHCP is in itself a broadcast protocol, having many clients on the network can indeed cause network congestion.
This is something you can monitor and adjust for in a later stadium if it seems necessary.
I'd like to refer you to following paper, it's for Dell switches, but the prinicipal stays the same:
http://www.dell.com/downloads/global/products/pwcnt/en/app_note_5.pdf
It will give you an idea what to look out for.
Nammit is referring to the fact that DHCP is in itself a broadcast protocol, having many clients on the network can indeed cause network congestion.
This is something you can monitor and adjust for in a later stadium if it seems necessary.
I'd like to refer you to following paper, it's for Dell switches, but the prinicipal stays the same:
http://www.dell.com/downloads/global/products/pwcnt/en/app_note_5.pdf
It will give you an idea what to look out for.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
] Use a short DHCP lease time - around 1 hour.
- Think of how many people may come to the mall during the day, and not just how many people might be in there at the same time. If you use a 4 hour lease time that might mean you can only ever allow 4000 clients to use the network per working day (based on 8 hours in a working day). If you use a 1 hour lease time though you could see up to 16000 clients per day. Also, the AP or authentication server doesn't usually track a user's session by IP so even if the client has to lease a new IP address after a period of inactivity their session should continue without having to reauthenticate.
That's what I was thinking as well ...
Some extensive advice here!
ASKER
We are planning to install a watchguard 3 series for that reason with lease no more than 6 hours.