Sunday, June 17, 2018

Private VLANs with Ubiquiti APs, the right place or not?

Hi there

I've been loosely planning a replacement of switches with a Wireless LAN network that uses Ubiquiti UniFi access points due to need for more ports after steady growth and the need for a bit more PoE budget and likely some more uplink bandwidth. I'm not a network admin on a day-by-day basis thus I'm not yet certain wether or not introducing Private VLAN at the trunk ports of each AP but the limit the scope broadcast packets can reach.

For some context: Ubiquiti APs need to have the management LAN for the APs untagged and then the SSID are are tagged. I don't yet do RADIUS-assigned VLANs (announcing multiple SSIDs) since back then UniFi didn't support that and I need to keep some of my user groups separated from each other. (I do plan on using it it after some tests that I've made in the lab).

If private VLANs might be a really good thing to do, this might affect the choice of switches we're replacing the old ones with. I.e. HPE/Aruba's 2540 does not support PVLANs, but every switch from 2930F onwards does.



No comments:

Post a Comment