I have a couple small networks I'm builing (my home + friends). They all will consist of one EdgeRouter PoE and two UAP-AC-LITEs.
I initially was planning on not bridging the two ports that the APs connect to. I was going to have a subnet per-VLAN, open firewall rules between them, and do MDNS reflection for any service discovery that uses multicast (so it could cross AP subnets).
This was all seeming like it'd work out awesome in my head until I realized two things:
- DHCP client behavior when roaming between APs - I don't think clients will requet a new address when moving stations
- Stateful firewalling and NAT sessions (on the EdgeRouter) would not understand the device has moved, and to transition the state with it. Lots of timeouts or RSTs would occur
My reason for not bridging is a little silly, because I'm viewing it as ugly and slower than routing between the subnets with the EdgeRouter. My understanding is that IP routing is offloaded on the EdgeRouter, but bridging is not. I'd rather not have to have the EdgeRouter inspect all the frames in software to see if it needs to bridge them to the other interface.
Cisco does layer 3 roaming with wireless networks
Questions:
- Has anyone done layer 3 roaming with the same SSID?
- Is there anything special about the three PoE ports on the Edgerouter PoE from a hardware point-of-view that allows bridging in hardware (negating my desire for layer 3 between APs)? I can't find any official documentation from Ubiquiti that states that these interfaces are any different (beyond being PoE) than other interfaces on the EdgeRouter
- GRE (or other encapsulation) instead of bridging (have no experience with GRE, and I think it probably doesn't work like this)?
I know this is somewhat silly over-engineering, but that's what I like to do at home. The things I do on my EdgeRouter translate into knowledge and experience I can glean from when building scalable and reliable networks in my day job.