SK NZ
Server and AP(s) under the same VLAN, will it work? or it has to be a physical LAN?
Is there any limitation for the number of AP? If I have 20+ AP under the same server, will it be stable? Any real-life benchmark done on it?
Is it work on KVM?
Michael Raynor
On the VM side these NICs have no VLAN - they are just untagged plain vanilla NICs presented to Ubuntu/Debian and Grase.
On the VMWare/Hyper-V side the vNICs are attached to their respective networks and the VLANs are trunked through the physical network and tagged as per normal.
One of the sites I look after has 20+ Ubiquiti APs - one of the SSIDs is the Guest Wifi which is associated with the same VLAN as the guest side on Grase. It has to be a boring layer 2 VLAN as Grase takes care of DHCP, DNS etc.
All we do is make sure the VLAN is trunked and tagged all the way from our Hypervisors through to all the APs. Since the APs support VLAN tags for the SSIDs, guests just end up on the network when they connect.
On the other side, we tag through the management/internet VLAN through to our router (which appears as a vlanned sub-interface - but you could also present it on an untagged switch port) and then set up the rules for internet and management access to Grase. This keeps guest traffic completely separate to our staff network.
As for KVM support - it doesn't hurt to try but I haven't had experience with it. I would recommend making sure that you present vNICs that are untagged on the respective networks to Grase - I wouldn't do the vlanning inside Ubuntu/Debian/Grase.
If your APs support a separate management VLAN and/or have a central management console then it will make things easier. If the APs are all standalone then you can put them on the guest side of the network but be aware you're exposing the management interface of the APs to guests.
There are a multitude of ways to architect your network with Grase - you just need to weigh up the risks associated with each and experiment (in non-production of course...)
Hope that helps
Michael