Network planning - lots of connected devices

[NETWizz]

In addition to significantly decreasing lease time, personally I'd probably drop it to 1 hour, I'd create 3 wireless VLAN's. Employee, parishioner, and rental and have all password protected. You really don't want to have the rental crowd get parishioner credentials.

I'd also try to have a discussion about QoS. As in what are their expectations, if any? Many places will set a limit of around 1.5-2mb down.

I generally agree with everything you have said here, but personally I am not for decreasing the DHCP lease time significantly from standard. Personally, I just leave them at the OS standard, which is generally still 7 days. DHCP is surprisingly talkitive, and it renews at least half-way through its lease. Besides, you are almost better off leaving a record of IP to MAC address around for a while, so if there is inappropriate behavior going on from a particular IP logged on a firewall etc, you will be able to look up the offending MAC address and block it on the wireless. This is harder to do if the leases expire and get purged in hours.

A lot of network adapter drivers behave funny during a renewal as well. It is not uncommon for a computer to not be able to find its default-gateway for a few seconds etc. Don't want this happening during a service where one of the church staff clicks next to a Power-Point slide and it locks up for a five to ten seconds though admittedly that would likely be on one of your other VLANS with a longer lease time.

 

[fencepost]

A short lease on a "guest" network should still be OK I'd think, though I'd probably go for 3x the longest expected time for most guests - at a church, figure you have services on Sundays and meetings that will run 2-4 hours, so probably go for 12 hours for a lease time. Even if devices renew at the halfway mark few of them will still be around after 6 hours.

For guest networks at doctor's offices I tend to set the lease times at 2-3 hours. Patients should never be waiting that long (except for with one particular doctor......), and I'm not really that concerned if staff cell phones have occasional problems with wifi connections, they can just leave them on LTE.

 

[Markverhyden]

Yeah, should have been more specific. I was referring to just the rental crowd for the short lease times. For internal and worshippers I'd just go with the defaults.

 

[NETWizz]

For the record, I am NOT telling anyone what they should do in their environments but rather what I do. It does NOT mean I am always right either, but what it gets down to is that I have way too much experience walking into an environment where the default settings for seemingly everything are changed without any known concrete reason, and that ends up being the problem.


For example, I had one last week. I put someone who needed access to view and change DHCP settings into a standard, pre-existing Active Directory group DOMAIN\DHCP Administrators. Pretty soon, I am stunned to get a callback indicating, "that didn't work!" After further examination, someone (presumably a long gone server administrator) had removed this Active Directory group from the Local Group that actually provides access to DHCP on the actual server itself.

It is usually something minor like this each time, but at this point I generally leave most settings at their defaults when possible, so I am not the culprit. Besides, if I am the culprit, it's easier to "blame it on the Microsoft." ;-)