Ruckus Wireless ZoneDirector 1200 User Manual
  1. Manuals
  2. Brands
  3. Ruckus Wireless Manuals
  4. Control Unit
  5. ZoneDirector 1200
  6. User manual

Ruckus Wireless ZoneDirector 1200 User Manual

Central control system for ruckus zoneflex access points (aps)
Hide thumbs Also See for ZoneDirector 1200:
Table of Contents

Advertisement

Quick Links

See also: User Manual
Ruckus Wireless ZoneDirector
Release 10.0 User Guide
Part Number: 800-71463-001 Rev A
Published: 02 May 2017
www.ruckuswireless.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ZoneDirector 1200 and is the answer not in the manual?

Questions and answers

Related Manuals for Ruckus Wireless ZoneDirector 1200

Summary of Contents for Ruckus Wireless ZoneDirector 1200

  • Page 1 Ruckus Wireless ZoneDirector Release 10.0 User Guide Part Number: 800-71463-001 Rev A Published: 02 May 2017 www.ruckuswireless.com...

  • Page 2: Copyright Notice And Proprietary Information

    No part of this documentation may be used, reproduced, transmitted, or translated, in any form or by any means, electronic, mechanical, manual, optical, or otherwise, without prior written permission of Ruckus Wireless, Inc. ( Ruckus”), or as expressly provided by under license from Ruckus.

  • Page 3: Table Of Contents

    ZoneDirector Physical Features...................15 ZoneDirector 1200......................15 ZoneDirector 3000......................17 ZoneDirector 5000......................19 Introduction to the Ruckus Wireless Network..............23 Installing ZoneDirector......................24 Ensuring That APs Can Communicate with ZoneDirector............25 How APs Discover ZoneDirector on the Network............25 How to Ensure that APs Can Discover ZoneDirector on the Network......27 Firewall Ports that Must be Open for ZoneDirector Communications......35...
  • Page 4 Radar Avoidance Pre-Scanning..................82 AeroScout RFID Tag Detection...................82 Ekahau Tag Detection......................83 Active Client Detection......................83 Tunnel Configuration......................84 Packet Inspection Filter.......................85 Ethernet Port Redundancy....................85 Using an External AAA Server.....................87 Active Directory......................88 LDAP..........................90 RADIUS /RADIUS Accounting..................93 TACACS+........................104 Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 5 Applying a Bonjour Fencing Policy to an AP or AP Group..........135 SPoT Location Services....................136 5 Managing a Wireless Local Area Network Overview of Wireless Networks..................139 About Ruckus Wireless WLAN Security................140 Creating a WLAN......................141 General Options......................142 WLAN Usage Types....................142 Authentication Method....................157 Fast BSS Transition.....................157...
  • Page 6 Using Port Based 802.1X....................205 Viewing AP Ethernet Port Status..................208 Reviewing Current Access Point Policies................209 Using Limited ZD Discovery for N+1 Redundancy............211 Importing a USB Software Package..................212 To provision a SmartPoint Access Point with USB software:........213 Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 7 Using the BYOD Onboarding Portal..................248 Working with Guest Passes....................251 Generating a Guest Pass from the Monitor Page............252 Configuring Guest Pass Generation................254 Generating and Delivering a Single Guest Pass............257 Generating and Printing Multiple Guest Passes at Once..........262 Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 8 Step 2: Enable Mesh Capability on ZoneDirector............302 Step 3: Provision and Deploy Mesh Nodes..............303 Step 4: Verify That the Wireless Mesh Network Is Up..........304 Understanding Mesh-related AP Statuses.................304 Using the ZoneFlex LEDs to Determine the Mesh Status...........305 Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 9 Measuring Wireless Network Throughput with SpeedFlex..........339 Using SpeedFlex in a Multi-Hop Smart Mesh Network..........342 Allowing Users to Measure Their Own Wireless Throughput........344 Starting a Radio Frequency Scan..................345 Using the Ping and Traceroute Tools................346 Generating a Debug File....................347 Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 10 Signal Quality Verification....................356 Mounting and Orientation of APs..................357 Indoor APs - Typical Case: Horizontal Orientation............357 Indoor APs - Vertical Orientation..................357 Outdoor APs - Typical Horizontal Orientation...............359 Elevation of RAPs and MAPs..................359 Mesh Best Practice Checklist....................359 Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 11: About This Guide

    About This Guide This User Guide describes how to install, configure and manage the Ruckus Wireless™ ZoneDirector™ version 10.0 This guide is intended for use by those responsible for managing Ruckus Wireless network equipment. Consequently, it assumes a basic working knowledge of local area networking, wireless networking and wireless devices.

  • Page 12: Related Documentation

    • Syslog Alarms and Events Reference Guide: Provides a list of Syslog alarms and events. Documentation Feedback Ruckus Wireless is interested in improving its documentation and welcomes your comments and suggestions. You can email your comments to Ruckus Wireless at docs@ruckuswireless.com When contacting us, please include the following information: • Document title •...

  • Page 13: Online Training Resources

    About This Guide Online Training Resources Online Training Resources To access a variety of online Ruckus Wireless training modules, including free introductory courses to wireless networking essentials, site surveys, and Ruckus Wireless products, visit the Ruckus Wireless Training Portal at: https://training.ruckuswireless.com.
  • Page 14 About This Guide Online Training Resources Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 15: Introducing Zonedirector

    Introducing ZoneDirector Overview of ZoneDirector Ruckus Wireless ZoneDirector serves as a central control system for Ruckus ZoneFlex Access Points (APs). ZoneDirector provides simplified configuration and updates, wireless LAN security control, RF management, and automatic coordination of Ethernet-connected and mesh-connected APs.
  • Page 16 AP licenses and SSL certificates. Front Panel LEDs The following table describes the LEDs on the front panel of ZoneDirector 1200. Table 4: ZoneDirector ZoneDirector 1200 LED descriptions LED Label State...

  • Page 17: Zonedirector 3000

    The port is connected to a 10Mbps device. ZoneDirector 3000 This section describes the following physical features of ZoneDirector 3000: • Buttons, Ports, and Connectors on page 18 • Front Panel LEDs on page 18 Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 18 AP licenses and SSL certificates. Reset To restart ZoneDirector, press the Reset button once for less than two seconds. For Ruckus Wireless Support use only. Console RJ-45 port for accessing the ZoneDirector command line interface. 10/100/1000 Ethernet Two auto negotiating 10/100/1000Mbps Ethernet ports.

  • Page 19: Zonedirector 5000

    This section describes the following physical features of ZoneDirector 5000: • Front Panel Features on page 20 • Front Panel (Bezel Removed) on page 20 • Control Panel on page 21 • Rear Panel Features on page 22 Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 20 Table 8: ZoneDirector front panel elements Number Feature ESD ground strap attachment Hard drive bays (not used) Control panel RJ45 serial port for accessing the ZoneDirector command line interface USB port (not used) Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 21 NMI pin hole button (factory reset button) Chassis ID button NIC 1 / NIC 2 activity LED HDD activity LED (not used) PWR alarm LED (not used) MNR alarm (Amber: system unavailable; OFF: system available) Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 22 Two low-profile PCIe add-in cards (not used) Three full-length PCIe add-in cards (not used) Power supply 2 (backup AC power) Power supply 1 (primary AC power) RJ45 serial port (COM2/serial B) Video connector (not used) Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 23: Introduction To The Ruckus Wireless Network

    Transmit / Receive activity Introduction to the Ruckus Wireless Network Your new Ruckus Wireless network starts when you disperse a number of Ruckus Wireless access points (APs) to efficiently cover your worksite. After connecting the APs to ZoneDirector (through network hubs or switches), running through the Setup Wizard and completing the "Zero-IT"...

  • Page 24: Installing Zonedirector

    4. Run the Setup Wizard to create an internal and (optionally) a guest WLAN 5. Distribute APs around your worksite, and connect them to power and to your LAN. 6. Begin using your ZoneFlex network. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 25: Ensuring That Aps Can Communicate With Zonedirector

    2. The DHCP server responds to the AP with the allocated IP address. If you configured DHCP Option 43 (or DHCPv6 Option 17) (see Option 2: Customize Your DHCP Server on page 27), the DHCP offer response will also include (among others) the IP Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 26 If the AP does not receive a response from any ZoneDirector device on the network, it goes into idle mode. After a short period of time, the AP will repeat this discovery cycle until it successfully registers with a ZoneDirector. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 27: How To Ensure That Aps Can Discover Zonedirector On The Network

    Microsoft Windows. If your DHCP server is running on a different operating system, the procedure may be different. NOTE For ZD discovery using IPv6, see IPv6 Configuration for ZoneDirector Discovery Using DHCPv6 on page 30. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 28 Class Identifier (VCI). The VCI is a text string that identifies a vendor/type of a DHCP client. All Ruckus Wireless Access Points are configured to send Ruckus CPE” as the Vendor Class Identifier in option 60, and expect ZoneDirector IP information to be provided in DHCP option 43 (Vendor Specific Info), encapsulated with sub-option code 03 (the sub-option code for ZoneDirector).
  • Page 29 While you can achieve encapsulating TLVs in option 43 by hard coding the DHCP option 43 value, Ruckus Wireless recommends using vendor class option spaces - especially when you have more than one vendor type on the network and need option 43 to be supported for different vendor type DHCP clients.
  • Page 30 00:06:<-- suboption code 6 for SmartZone List 00:20:<-- suboption length, 2 IP addresses in the list, so value is 0x20 20:01:19:20:01:cf:00:00:00:00:00:00:00:00:00:01:<-- IP address 20:01:19:20:01:cf:00:00:00:00:00:00:00:00:00:02:<-- IP address 00:03:<-- suboption code 3 for ZD List Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 31 6. You have completed configuring the isc-dhcp-server for controller discovery using DHCPv6 Option 17. To confirm that the DHCPv6 options are configured properly (whether using isc-dhcp-server or another DHCPv6 server), you should ensure that the Option 17 configuration looks like the following figure: Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 32 5. In the String value text box under Data Entry, type your company’s domain name 6. Click Apply to save your changes. 7. Click OK to close the Scope Options dialog box. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 33 Add. If you have multiple DNS servers on the network, repeat the same procedure to add the other DNS servers. 6. Click Apply to save your changes. 7. Click OK to close the Scope Options dialog box. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 34 APs can resolve the ZoneDirector IP address. After you register the ZoneDirector IP addresses with your DNS server, you have completed this procedure. APs on the network should now be able to discover ZoneDirector on another subnet. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 35: Firewall Ports That Must Be Open For Zonedirector Communications

    When ZoneDirector is deployed on an isolated private network where NAT is used, administrators can manually configure a port-mapping table on the NAT device to allow remote access into ZoneDirector. This allows APs to establish an LWAPP connection Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 36: Accessing Zonedirector's Command Line Interface

    2. Launch a terminal program, such as Hyperterminal, PuTTy, etc. 3. Enter the following connection settings: • Bits per second: 115200 • Data bits: 8 • Parity: None • Stop bits: 1 • Flow control: None Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 37: Using The Zonedirector Web Interface

    To view a list of commands that are available at the root level, enter help or ?. For more information on using the CLI, see the Ruckus Wireless ZoneDirector Command Line Interface Reference Guide, available from http://support.ruckuswireless.com/.

  • Page 38: Navigating The Dashboard

    Each of these views can be customized to display data for the last hour or last 24 hours, and can be filtered by AP, AP group and WLAN. You can also click the gear icon to customize the information displayed in the tables. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 39: Registering Your Product

    Registering Your Product Ruckus Wireless encourages you to register your ZoneDirector product to receive updates and important notifications, and to make it easier to receive support in case you need to contact Ruckus for customer assistance. You can register your form.
  • Page 40 Figure 14: The Product Registration page Your ZoneDirector is now registered with Ruckus Wireless.

  • Page 41: Configuring System Settings

    Changing the Network Addressing IIf you need to update the IP address and DNS server settings of ZoneDirector, follow the steps outlined below. 1. Go to Configure > System. 2. Review the Device IP Settings options. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 42: Ipv6 Configuration

    Configuration. If you choose Manual, you will need to enter IP Address, Prefix Length and Gateway. Table 14: Default static IPv4 and IPv6 addresses AP default IP address ZoneDirector default IP address IPv4 192.168.0.1 192.168.0.2 Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 43: Enabling An Additional Management Interface

    LWAPP traffic between the controller and the access points. The Management IP can be reached from anywhere on the network as long as it is routable via the default Gateway configured in Device IP Settings. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 44 If a management interface is used for web UI management, the actual IP address must still be used when configuring ZoneDirector as a client for a backend RADIUS server, FlexMaster server or in any SNMP systems. If two ZoneDirectors are Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 45: Creating Static Route Entries

    Static Route Example As an example, in a network where the APs are connected to ZoneDirector via a cable modem termination system, the APs are in a different subnet and not found via the Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 46: Enabling Smart Redundancy

    The ZoneDirector in standby state will not respond to Discovery requests from APs and changing from active to standby state will release all associated APs. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 47: Configuring Zonedirector For Smart Redundancy

    3. Click Apply. You will need to log in again using the new IP address (if changed). 4. On the same Configure > System page, locate the Smart Redundancy section. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 48 If you want to use the same SSL certificate for both devices in a Smart Redundancy pair, you can back up the certificate/private key from one device and import it into the other. See Working with SSL Certificates on page 326 for more information. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 49: Managing Smart Redundancy Ap License Pools

    NOTE If you disable Smart Redundancy after it has been enabled, both ZoneDirectors will revert to active state, which could result in unpredictable network topologies. Therefore, Ruckus Wireless recommends first factory resetting the standby ZoneDirector before disabling Smart Redundancy. NOTE...
  • Page 50 Figure 23: If a third ZD connects with a lower license level than the 2nd (disconnected) ZD, the user can choose to use the original license pool for up to 60 days Table 15: Max AP Licenses by ZoneDirector Model Model Max AP Licenses ZoneDirector 1200 ZoneDirector 3000 ZoneDirector 5000 1,000 Ruckus Wireless ZoneDirector...

  • Page 51: Configuring The Built-In Dhcp Server

    System Configuration page. Enabling the Built-in DHCP server Ruckus Wireless recommends that you only enable the built-in DHCP server if there are no other DHCP servers on the network. ZoneDirector's internal DHCP server can service only a single subnet (the one it's in) and not other VLANs that may be associated with client WLANs.

  • Page 52: Viewing Dhcp Clients

    A table appears and lists all current DHCP clients with their MAC address, IP address and the remaining lease time. You can clear DHCP leases on ZoneDirector by disabling and re-enabling the DHCP service. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 53: Controlling Zonedirector Management Access

    Be sure that you do not create an ACL that blocks the admin's own IP address from accessing the web interface. 5. Click OK to confirm. You can create up to 16 entries to the Management ACL. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 54: Setting The System Time

    • Select time zone for your location: Choose your time zone from the drop-down menu. Setting the proper time zone ensures that timestamps on log files are in the proper time zone. 3. Click Apply to save the results of any resynchronization or NTP links. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 55: Setting The Country Code

    (Dynamic Frequency Selection) channels in the 5 GHz band should be available for use by your APs. Note that these settings only affect Ruckus Wireless APs that support the extended DFS channel list. Channel Optimization settings are described in the following table.

  • Page 56: Channel Mode

    APs and bridges (including ZF 7731, P300, T300, and T710 series) are set to a country code where these restrictions apply, the AP or Bridge can no longer be set to an indoor-only channel and will no longer select from amongst a channel set that includes Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 57: Changing The System Log Settings

    (with the latest logs at the top of the list). 3. Click a column header to sort the contents by that category. 4. Click any column twice to switch chronological or alphanumeric sorting modes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 58: Customizing The Current Log Settings

    4. Click Apply to save your settings. The changes go into effect immediately. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 59 Figure 31: Remote Syslog Advanced Settings Configuring Syslogs for Firewall Integration Starting with release 9.8, ZoneDirector generates syslog messages upon acquisition, update or deletion of an IP address by a wireless station. This feature allows enhanced Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 60 A similar flow can be used to remove user mappings if the station sends a disconnect message. Log Format The log format consists of the following fields: • operation: Indicates whether to add, delete or update client association information. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 61: Setting Up Email Alarm Notifications

    If an alarm condition is detected, ZoneDirector will record it in the event log. If you prefer, an email notification can be sent to a configured email address of your choosing. To activate this option, follow these steps: 1. Go to Configure > Alarm Settings. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 62 ISP or mail administrator for the correct encryption settings that you need to set. If using a Yahoo! email account, STARTTLS must be disabled. If using a Hotmail account, both TLS and STARTTLS must be enabled. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 63: Customizing Email Alarms

    Using the Alarm Event section of the Configure > Alarm Settings page, you can choose which types of events will trigger ZoneDirector to send an email notification. 1. Click Alarm Event to select/deselect all alarm types. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 64: Configuring Sms Settings For Sms Guest Pass Delivery

    You can now allow guest pass generators to deliver guest pass codes to guests using the SMS button when generating a new guest pass. (You must also enter a phone number for receiving the SMS messages for each guest pass created.). Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 65: Enabling Login Warning Messages

    SmartCell Insight Management feature to allow ZoneDirector to initiate communications with SCI at set 15 minute intervals. In this way, if ZoneDirector is behind a firewall or NAT device, it can still communicate with SCI Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 66: Enabling Management Via Flexmaster

    Figure 36: Config SCI server Enabling Management via FlexMaster If you have a Ruckus Wireless FlexMaster server installed on the network, you can enable FlexMaster management to centralize monitoring and administration of ZoneDirector and other supported Ruckus Wireless devices. This version of ZoneDirector supports the following FlexMaster-deployed tasks: •...
  • Page 67 7. Click Apply. The message Setting Applied appears. You have completed enabling FlexMaster management on ZoneDirector. For more information on how to configure ZoneDirector from the FlexMaster web interface, refer to the FlexMaster documentation. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 68: Enabling Northbound Portal Interface Support

    3. Enter a Password for API to portal communication. 4. Click Apply in the same section to save changes. 5. Configure the portal to display the key to the user or to push the prov.exe file to the client. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 69: Configuring Snmp Support

    ZoneDirector with SNMPv3 enabled. For a list of the MIB variables that you can get and set using SNMP, check the related SNMP documentation on the Ruckus Wireless Support Web site at http://support.ruckuswireless.com/documents.
  • Page 70 • MD5: Message-Digest algorithm 5, message hash function with 128-bit • SHA: Secure Hash Algorithm, message hash function with 160-bit output. • Auth Pass Phrase: Enter a passphrase between 8 and 32 characters in length. • Privacy: Choose DES, AES or None. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 71 • If you select SNMPv3, enter up to four trap receiver IP addresses along with authentication method passphrase and privacy (encryption) settings. 4. Click Apply to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 72 The following table lists the trap notifications that ZoneDirector sends and when they are sent. Table 17: Trap notifications Trap Name Description ruckusZDEventAPJoinTrap An AP has joined ZoneDirector. The AP's MAC address is included in the trap notification. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 73 AP's MAC address and SSID are included in the trap notification. ruckusZDEventClientJoin A client has successfully joined an AP. The client’s MAC address, the AP’s MAC address and SSID are included in the trap notification. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 74 A client authorization attempt to join an AP has failed. The client's MAC address, AP's MAC address and SSID are included. ruckusZDEventAPcoldstart An AP has been cold started. ruckusZDEventAPwarmstart An AP has been warm started. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 75: Enabling Telnet

    1. Go to Configure > System 2. Scroll down to the bottom of the page and expand the Network Management section. 3. Locate the Telnet Server section, and click the box next to Enable Telnet Server. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 76 4. Click Apply to save your changes. Figure 44: Enabling Telnet server...

  • Page 77: Configuring Security And Other Services

    78 • ChannelFly on page 79 While Background Scanning must be enabled for rogue AP detection, AP location detection and radio power adjustment, either can be used for automatic channel optimization. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 78 To see whether Background Scanning is enabled or disabled for a particular AP, go to Monitor > Access Points, and click on the AP's MAC address. The access point detail screen displays the Background Scanning status for each radio. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 79 ChannelFly learns the environment. However, once an AP has learned about the environment and which channels are most likely to offer the best throughput potential, channel changes will occur less frequently unless a large measured drop in throughput occurs. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 80 • Automatically adjust 2.4 GHz channels using • Background Scanning • ChannelFly • Automatically adjust 5 GHz channels using • Background Scanning • ChannelFly 3. Click the Apply button in the same section to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 81: Load Balancing

    1. Go to Configure > Services. 2. In Load Balancing, choose to perform load balancing on either the 2.4 or 5 GHz radio. 3. Enter Adjacent Radio Threshold (in dB), and click Apply. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 82: To Disable Load Balancing On A Per-Wlan Basis

    To enable AeroScout RFID tag detection on ZoneDirector: 1. Go to Configure > Services. 2. Scroll down to the AeroScout RFID section (near the bottom of the page). 3. Select the Enable AeroScout RFID tag detection check box. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 83: Ekahau Tag Detection

    3. Click Apply to save your changes. A low severity event is now triggered each time a client connects with an RSSI lower than the threshold value entered. Go to Monitor > All Events/Activities to monitor these events. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 84: Tunnel Configuration

    APs according to the rate limit threshold set in the Packet Inspection Filter (see Packet Inspection Filter on page 85). 4. Click Apply in the same section to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 85: Packet Inspection Filter

    With port redundancy enabled, one of the two network interfaces will be in active state while the other is in standby state. When the active interface physical link is down and the standby interface physical link is up, the two interfaces will fail over within 3 seconds, Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 86 • Down Delay Time: Specifies the time, in milliseconds, to wait before disabling a slave after a link failure has been detected. The default value is 0, range is 0~1000000. 4. Click Apply to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 87: Using An External Aaa Server

    ZoneDirector supports four types of AAA server: • Active Directory • LDAP • RADIUS / RADIUS Accounting • TACACS+ A maximum of 32 AAA server entries can be created, regardless of server type. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 88: Active Directory

    636 if you have enabled TLS encryption) should not be changed unless you have configured your AD server to use a different port. 5. Enter the Windows Domain Name (e.g., domain.ruckuswireless.com). 6. Click OK. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 89 5. Leave the Windows Domain Name field empty to search all domains in the forest. Leave the Windows Domain Name field empty to search all domains in the forest. 6. Enter an Admin DN (distinguished name) in Active Directory format (name@xxx.yyy). Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 90: Ldap

    TLS1.0/TLS1.1/TLS1.2. NOTE Note that Secure LDAP requires the import of a root CA for TLS encryption. The import option is provided on the Configure > Certificate > Advanced Options page Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 91 For example, objectClass=Person limits the search to those whose objectClass” attribute is equal to Person”. More complicated examples are shown when you mouse over the show more” section, as shown in the figure below. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 92 2. Enter the Key Attribute (default: uid). 3. Click OK to save this LDAP server. 4. In Test Authentication Settings, enter the User Name and Password for a known member of the relevant group. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 93: Radius /Radius Accounting

    RADIUS/RADIUS Accounting server entry in ZoneDirector: 1. Go to Configure > AAA Servers. 2. Click the Create New link under Authentication/Accounting Servers. 3. Select Radius or Radius Accounting for the AAA server type. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 94 ZoneDirector will failover to the backup RADIUS server. 6. In Reconnect Primary, enter the number of minutes after which ZoneDirector will attempt to reconnect to the primary RADIUS server after failover to the backup server Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 95 The MAC address format can be configured in one of the following formats: • A single string of characters without punctuation: aabbccddeeff • Colon separated: aa:bb:cc:dd:ee:ff • Hyphen separated: aa-bb-cc-dd-ee-ff Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 96 When ZoneDirector authenticates a client, MAC authentication is checked first, followed by the EAP process. When the client tries to associate, if MAC authentication succeeds, the client is authorized directly and allowed to pass traffic without any further EAP authentication required. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 97 NOTE In addition to COA-DM messages, as of release 10.0, ZoneDirector also supports the following COA messages: Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 98 "state" AVP unmodified. • As for the "class" attribute, it is parsed and stored from an access-accept packet and then subsequently used in accounting-request packets. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 99 Vendor ID: 25053 Vendor Type / Attribute Number: 1 (Ruckus-User-Groups) Value Format: group_attr1, group_attr2, group_attr3, ... Cisco private attribute: Vendor ID: 9 Vendor Type/ Attribute Number: 1 (Cisco-AVPair) Value Format: shell:roles="group_attr1 group_attr2 group_attr3 ..." Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 100 802.11 port (19) (77) Connection Info: indicates client radio type ==> (25) Class: if received in radius-accept message from Ruckus private attribute: Vendor ID: 25053 Vendor Type / Attribute Number: 3 (Ruckus-SSID) Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 101 Tunnel-Type: value only relevant if it is (13) VLAN (65) Tunnel-Medium-Type: value only relevant if it is (6) 802 (as in all 802 media plus Ethernet) (81) Tunnel-Private-Group-ID: this is the VLAN ID assignment (per RFC, this is between 1 and 4094) Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 102 3. In the Properties dialog box, click Edit Profile..The Edit Dial-in Profile dialog box opens. 4. Click the Authentication tab at the top of the screen. 5. Select Unencrypted authentication (PAP, SPAP). 6. Click OK. 7. Repeat this procedure for additional users or groups. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 103 Configuring Security and Other Services Using an External AAA Server Figure 59: On the Microsoft IAS page, right-click the user/group and select Properties. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 104: Tacacs

    3. Enter a Name for the TACACS+ server, and select TACACS+ for Type. 4. Enter the server's IP address and do not change the Port setting from the default port 49 (in general). Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 105 Figure 62: Configuring a TACACS+ AAA server Once your TACACS+ server is configured on the AAA Servers page, you can select it from the list of servers used to authenticate ZoneDirector administrators on the Administer > Preferences page. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 106: Testing Authentication Settings

    AAA server through ZoneDirector. Controlling Network Access Permissions ZoneDirector provides several options for controlling client access to your wireless networks and to other wired/wireless network resources. This section is divided into the Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 107: Creating Layer 2/Mac Address Access Control Lists

    8. Click OK to save the L2/MAC based ACL.You can create up to 32 L2/MAC ACL rules and each rule can contain up to 128 MAC addresses. Each WLAN can be configured with one L2 ACL. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 108: Creating Layer 3/Layer 4/Ip Address Access Control Lists

    • Destination Port: Enter a valid port number (1-65534) or port range (e.g., 80-443). 9. Click OK to save the ACL. 10. Repeat these steps to create up to 32 L3/L4/IP address-based access control rules. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 109: Configuring Precedence Policies

    6. Click Save to save the rule. You can create up to two rules per policy. The rules will be applied in the order shown in the Order column. 7. Click OK to save the precedence policy. This policy is now available for selection in WLAN configuration. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 110: Blocking Client Devices

    3. Click the Delete button in the Action column in a specific user row. The entry is deleted from the Active/Current Client list, and the listed device is disconnected from your Ruckus Wireless WLAN. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 111 2. Click the Block button in the Action column in a specific user row. Figure 68: Click the Block button to permanently delete a client The status is changed to Blocked. This will prevent the listed device from using your Ruckus Wireless WLANs. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 112: Configuring Client Isolation White Lists

    Client Isolation > Create New). 3. Enter a Name and optionally a Description for the access policy. 4. In Rules, you can create multiple device-specific rules for each device to be white listed. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 113 Client Isolation Whitelist. If this option is chosen, you must select a Whitelist from the drop-down list of those you created on the Configure > Access Control page. 4. Click OK to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 114: Application Recognition And Filtering

    Application Signature Package Import feature. To import a new application signature package: 1. Download an application signature package from support.ruckuswireless.com, and save the file to your local computer. 2. Go to Configure > Access Control. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 115 The following figure shows how to configure an IP-based user defined application policy to identify a corporate accounting application. ZoneDirector identifies wireless traffic matching this policy as "Well Paid Accounting" and displays this name in the application recognition pie charts and tables. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 116 The following figure shows how a port-based application policy could be used to categorize all otherwise uncategorized wireless traffic on Port 8081 as "HTTP Proxy" traffic and display this name in application recognition pie charts and tables. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 117 "net" in any part of the FQDN or ".net" as the FQDN suffix. • *.corporate.com: This is an invalid rule. Wildcard "*" and other regular expressions cannot be used in any part of the FQDN. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 118 4. Enter a Name and optionally a Description for the policy 5. In Rules, click Create New to create a new rule for this policy. 6. In Rule Type, select one of the following policy rule types: Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 119 3. Locate the Application Visibility section, and ensure that the Enable check box is enabled. 4. Select the policy you created from the Apply Policy Group list. 5. Click OK to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 120: Configuring Floorplan Maps

    Name for the map, and either enter the street Address or GPS coordinates in Latitude and Longitude. Next, click Choose File and select an image in JPG, PNG or BMP image format. Click Import to import the image. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 121 Click Next. On the next screen, drag APs from the list on the left onto the map to represent their actual physical locations. Figure 79: Drag an AP on to the map Click Finish. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 122: Configuring Wireless Intrusion Prevention

    30). Clients temporarily blocked by the Intrusion Prevention feature are not added to the Blocked Clients list on the Configure > Access Control page, Blocked Clients section. 3. Click Apply to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 123: Intrusion Detection And Prevention

    • Enable report rogue devices: Enabling this check box allows ZoneDirector to include rogue device detection in logs and email alarm event notifications. • Report all rogue devices: Send alerts for all rogue AP events. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 124: Rogue Dhcp Server Detection

    DHCP servers may cause. When this feature is enabled, ZoneDirector scans the network every five seconds for unauthorized DHCP servers and generates an event every time it detects a rogue DHCP server. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 125 3. Click the Apply button that is in the same section. You have completed enabling rogue DHCP server detection. Ruckus Wireless recommends checking the Monitor > All Events/Activities page periodically to determine if ZoneDirector has detected any rogue DHCP servers. When a rogue DHCP server is detected, the following event appears on the All Events/Activities page: Rogue DHCP server on [IP_address] has been detected.

  • Page 126: Dhcp Relay

    1. Go to Configure > DHCP Relay. 2. Click Create New. 3. Enter a Name and IP address for the server. 4. Click OK to save your changes. The new server appears in the list. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 127: To Enable Dhcp Relay For A Wlan

    3. Under Advanced Options, when Tunnel Mode is enabled, the DHCP Relay option becomes available. 4. Under DHCP Relay, select Enable DHCP relay agent with __ DHCP server and select the server you created earlier from the list. 5. Click OK to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 128: Bonjour Gateway

    CPU resources. Maximum Bonjour Gateway Rules: • ZoneDirector 1200/3000/5000: 256 If the maximum number of Bonjour rules is exceeded, users can edit and delete existing rules, but are not allowed to create new rules until the total number is lower than the maximum.

  • Page 129: Creating A Bonjour Gateway Rule - Zd Site

    ZoneDirector serves as the Bonjour proxy for forwarding Bonjour packets to the designated VLANs. Layer 2 switch between ZoneDirector and APs. The maximum number of ZD site Bonjour Gateway rules is as follows: Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 130 Configuring Security and Other Services Bonjour Gateway Table 20: Max Bonjour rules per controller ZoneDirector Model Max Rules ZoneDirector 1200 ZoneDirector 3000 ZoneDirector 5000 To configure rules for bridging Bonjour services across VLANs: 1. Go to Configure > Bonjour. 2. In the Bonjour Service on ZoneDirector Site section, click Create New to create a new Bonjour service rule.

  • Page 131: Creating A Bonjour Gateway Rule Ap Site

    • Notes: Add optional notes for this rule. 5. Click OK to save your changes. 6. Repeat for any additional rules. 7. Select the check box next to Enable Bonjour gateway on AP and click the OK button. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 132: Applying A Bonjour Policy To An Ap

    3. In Bonjour Gateway, enable the check box and select a Bonjour policy that you created on the Configure > Bonjour Gateway page from the list. 4. Click OK to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 133: Example Network Setup

    While Bonjour Fencing is related to Bonjour Gateway, they are two separate features designed for different purposes. Bonjour Gateway bridges mDNS services across VLANs, and is useful because Bonjour is designed as a same-VLAN protocol. Bonjour Fencing Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 134: Configuring Bonjour Fencing Policies

    Closest AP. Setting the closest AP creates a physical anchor point for fencing, and the closest AP is auto-detected for wireless devices, based on the AP association. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 135: Applying A Bonjour Fencing Policy To An Ap Or Ap Group

    3. In Bonjour Fencing, enable the Override Group Config check box and select a Bonjour Fencing policy that you created on the Configure > Bonjour page from the list. 4. Click OK to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 136: Spot Location Services

    Figure 92: Apply a Bonjour Fencing policy to an AP group SPoT Location Services To take advantage of Ruckus Wireless SmartPositioning Technology (SPoT) location services, ZoneDirector must be configured with the Venue information that is displayed in the SPoT Administration Portal.
  • Page 137 11. Click OK to save the AP group. ZoneDirector will begin trying to communicate with the SPoT Location Server. 12. Once the APs have successfully connected to the SPoT server, you can view the status of your SPoT-enabled APs on the Monitor > Location Services page. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 138 Figure 93: SPoT Administration Portal Venue Config page Figure 94: Enter the venue information in ZoneDirector's Configure > Location Services page For more information on configuration and management of your SPoT Location Services, see the SPoT User Guide, available from: https://support.ruckuswireless.com.

  • Page 139: Managing A Wireless Local Area Network

    WLANs that fulfill different wireless security or user segmentation requirements. The maximum number of WLANs configurable per ZoneDirector controller is as follows: Table 21: Max WLANs by ZoneDirector model Model Max WLANs ZoneDirector 1200 ZoneDirector 3000 1024 ZoneDirector 5000 2048 Ruckus Wireless ZoneDirector...

  • Page 140: About Ruckus Wireless Wlan Security

    NOTE Deploying a large number of WLANs per AP will have a performance impact. Ruckus Wireless recommends deploying no more than eight WLANs per AP radio. About Ruckus Wireless WLAN Security One of the first things you should decide for each WLAN you create is which methods of authentication and encryption to use for both internal users and guests.

  • Page 141: Creating A Wlan

    Select an authentication method for this WLAN (open, 802.1X EAP, MAC address, 802.1X EAP + MAC Address). Encryption Options Select encryption method (WPA2, WPA-Mixed, WEP, or None), encryption algorithm (AES or Auto AES+TKIP) and enter a WPA passphrase/WEP key Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 142: General Options

    • Standard Usage: To create a WLAN with specific options, choose "Standard Usage." • Guest Access: Select a default "Guest Access" WLAN with open authentication and customizable encryption (see Configuring Guest Access on page 237). Guest WLANs Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 143 • Client capacity limits defined on ZoneDirector will not be applied on Autonomous WLAN APs, and clients may be disconnected upon reconnecting to ZoneDirector if those limits are reached. • The following features are not supported with Autonomous WLANs: Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 144 3. Under WLAN Usages: Type, select Social Media. 4. Under Social Media Login, select Facebook, and click the Configure button. 5. A new browser window opens to allow you to log into your Facebook account. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 145 The following instructions provide an example of the setup procedure for deploying a Google+ Social Media WLAN. 1. Create a project on the Google OAuth Console. Go to the following URL: https://console.developers.google.com/project, and click Create Project. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 146 Figure 97: Click here link from within ZD WLAN creation screen Figure 98: Create new project on Google OAuth Console 2. Once the project has been created, go to the Credentials page and create new credentials for it. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 147 Alternatively, use this link to go directly to the Credentials page and select the project: https://console.developers.google.com/project/_/apiui/credential. 3. The Credentials page appears, as shown below. Figure 100: Credentials page 4. Click New credentials, and select OAuth client ID as shown below Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 148 If you have imported a certificate with FQDN to ZoneDirector, you should use the real FQDN instead of zd.ruckuswireless.com”. For example, if the FQDN is mydomain.com”, the Authorized redirect URIs should be http://mydomain.com/user/auth.jsp”. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 149 7. Take note of the Client ID and Client Secret. You will need to enter these values into the ZoneDirector web interface. 8. Continue to Create an OAuth2.0 WLAN on ZoneDirector on page 155. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 150 OAuth Setup Procedure for LinkedIn Social Media Login 1. Go to the following URL to access the LinkedIn developer network: https://www.linkedin.com/developer/apps. Figure 104: LinkedIn My Applications 2. Click Create application. 3. Enter the required application information and click Submit. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 151 If you have imported a certificate with FQDN to ZoneDirector, you should use the real FQDN instead of zd.ruckuswireless.com”. For example, if the FQDN is mydomain.com”, the Authorized redirect URIs should be http://mydomain.com/user/auth.jsp”. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 152 1. Go to the following URL to launch Microsoft Live development dashboard and create an application: https://account.live.com/developers/applications/index 2. Click Create application. NOTE If you have not previously created any projects, you will be redirected to the application creation page directly. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 153 If you have imported a certificate with FQDN to ZoneDirector, you should use the real FQDN instead of zd.ruckuswireless.com”. For example, if the FQDN is mydomain.com”, the Authorized redirect URIs should be http://mydomain.com/user/auth.jsp”. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 154 Figure 109: Enter the callback URL 5. Microsoft will provide you Client ID and Client secret. Take note of these values, as you will need to enter them into the ZoneDirector web interface later. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 155 1. Connect to an OAuth 2.0 wlan; (for example Google OAuth 2.0 wlan) 2. Launch your web browser and attempt to visit any HTTP or HTTPS web page. 3. ZoneDirector will redirect the user to the Login page. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 156 Google account management center. 5. Click Accept. ZoneDirector immediately sets the user to authenticated state, and the user can now access the wireless network and the Internet. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 157: Authentication Method

    Encryption choices include WPA2, WPA-Mixed, WEP-64, WEP-128 and None. WPA2 is the only encryption method certified by the WiFi Alliance and is the recommended method. WEP has been proven to be easily circumvented, and Ruckus Wireless recommends against using WEP if possible.

  • Page 158: Options

    • Authentication Server: When "Web Authentication" is active, use this option to designate the server used to authenticate web-based user login. When "802.1X" or "MAC Address" authentication is active, use this option to designate the server used Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 159 A popup window appears in which you can configure an Active Directory, LDAP, RADIUS, Radius Accounting or TACACS+ AAA server. Figure 115: AAA server popup • Wireless Client Isolation: Enable Wireless Client Isolation to prevent communication between WLAN clients and other local network resources. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 160: Advanced Options

    • Enable Role based Access Control Policy: This feature allows different user groups to have different access policies based on their user roles using the same WLAN. Role Based Access Control Policy on page 231. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 161 SSID rate limiting is 10 Mbps, then the 7 clients in the 2.4 GHz band would share 7 Mbps, while the other 3 clients in the 5 GHz band would share the remaining 3 Mbps. NOTE Per-station rate limiting is disabled if per-SSID rate limiting is enabled. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 162 Tunnel Mode WLANs. For more information, see DHCP Relay on page 126. • Background Scanning: Background scanning enables the Ruckus Wireless access points to continually scan for the best (least interference) channels and adjust to compensate. However, disabling Background Scanning may provide better quality (lower latency) for time-sensitive applications like voice conversations.
  • Page 163 Managing a Wireless Local Area Network Creating a WLAN this box. Ruckus Wireless recommends disabling load balancing on VoIP WLANs. For more information, see Load Balancing on page 81. • Band Balancing: Client band balancing between the 2.4 GHz and 5 GHz radio bands is disabled by default on all WLANs.
  • Page 164 ZoneDirector, or select External Server and enter the IP address of the external DHCP/DNS server where the file is stored. • Internet Explorer supports DNS and DHCP Option 252, while Firefox, Chrome and Safari support the DNS method only. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 165 AP as long as the client has authenticated successfully to at least one of the APs in the same zone as the an AP that handled the previous successful authentication. In this case, the PMK is cached at a central location (ZoneDirector). Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 166: Creating A Copy Of An Existing Wlan For Workgroup Use

    1. Make a list of the group of users. 2. Go to Configure > WLANs. 3. When the WLANs page appears, the internal and guest networks that you created in the Setup Wizard are listed in the table. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 167: Customizing Wlan Security

    3. You have three options for the internal WLAN: [1] continue using the current configuration, [2] fine-tune the existing security mode, or [3] replace this mode entirely with a different authentication and encryption method. The two WLAN-editing processes are described separately, below. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 168: Fine Tuning The Current Security Mode

    3. When the Editing (Internal) options appear, look at the two main categories -- Authentication Options and Encryption Options. 4. If you click an Authentication Option Method such as Open, or 802.1X, different sets of encryption options are displayed: Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 169: Using The Built In Eap Server

    6. Review the Advanced Options to change any settings as needed. 7. When you are finished, click OK to apply your changes. Replacing your WPA configuration with 802.1X requires the users to make changes to their Ruckus wireless connection configuration—which may include the importation of certificates.

  • Page 170: If You Change The Internal Wlan To Wep Or 802.1X

    Any wireless client that associates with APs assigned to the Guest Only Group” will get the guest-level access privileges defined in your Guest Only Service.” APs on the 2nd and 3rd Floors can remain assigned to the Default WLAN Group and provide normal-level access. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 171: Creating A Wlan Group

    The maximum number of WLAN groups that you can create depends on the ZoneDirector model. Table 23: Maximum number of WLAN groups by ZoneDirector model ZoneDirector Model Max WLAN Groups ZoneDirector 1200 ZoneDirector 3000 1024 ZoneDirector 5000 2048 Creating a WLAN Group 1.

  • Page 172: Viewing A List Of Aps That Belong To A Wlan Group

    VLAN, frames on VLAN 1 that egress (exit) the port are not given an 802.1Q header (i.e., they are plain Ethernet frames). Frames which ingress (enter) this port and have no 802.1Q header are assigned to VLAN 1. Traffic from WLANs configured Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 173 • WLANs assigned to specific VLANs; ZD or APs only (not both) configured with management VLAN (again typically with a L3 connection between ZD and APs) The following factors need to be taken into consideration: • Default/Native VLAN configuration Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 174: Tagging Management Traffic To A Vlan

    8. Go to Administer > Restart, and click Restart to reboot ZoneDirector. CAUTION! When configuring or updating the management VLAN settings, make sure that the same VLAN settings are applied on the Configure > Access Points > Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 175: How Dynamic Vlan Works

    VLANs based on RADIUS attributes. Dynamic VLAN Requirements: • A RADIUS server must have already been added to ZoneDirector • WLAN authentication method must be set to 802.1X, MAC address or 802.1X + MAC address Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 176 AP, along with the VLAN ID that has been assigned to the user on the RADIUS server. • User joins the AP and is segmented to the VLAN ID that has been assigned to him. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 177: Working With Vlan Pools

    Working with VLAN Pools When Wi-Fi is deployed in a high density environment such as a stadium or a university campus, the number of IP addresses required for client devices can easily run into the Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 178 To assign a pool of VLANs to an SSID 1. Go to Configure > WLANs. 2. Click Create New or Edit to create or edit a WLAN. 3. Expand the Advanced Options section, and locate the VLAN Pooling entry. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 179: Working With Hotspot Services

    ZoneDirector provides two types of Hotspot services based on the WISPr (Wireless Internet Service Provider roaming) 1.0 and 2.0 specifications, as described in the following sections. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 180: Creating A Hotspot Service

    WISPr Smart Client login to access this hotspot. If this option is selected, a field appears in which you can enter instructions for clients attempting to log in using the Smart Client application. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 181 WLAN should be allowed to communicate with one another locally. See Advanced Options on page 160 in the Creating a WLAN section for a description of the same feature for non-Hotspot WLANs. 10. Configure optional settings as preferred: Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 182 ZoneDirector's private IP address to its FQDN. Otherwise, client browsers may enter an infinite redirect loop and be unable to reach the login page. Before the signed certificate gets added the client gets redirected to the IP address of the ZD instead of the FQDN. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 183: Assigning A Wlan To Provide Hotspot Service

    URL sent to the captive portal server. See the following URL for an example: http://portal.free.com/?sip=192.168.120.15&mac=74911a20 dac0&client_mac=00216a95b0de&uip=192.168.120.13&lid=101 &dn=free.com&url=&ssid=Free-WiFi&loc=London&vlan=101 For a more complete guide on enabling WISPr Hotspot services with ZoneDirector, refer to the Ruckus Enabling WISPr Application Note. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 184: Creating A Hotspot 2.0 Service

    In this way, rather than being presented with a list of largely meaningless SSIDs to choose from, the Hotspot 2.0 client can automatically select and authenticate to an SSID based Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 185: Create A Service Provider Profile

    EAP methods. Each EAP method can contain up to four authentication types. Domain Name List List of domain names of the entity operating the access network. Up to five entries can be created. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 186: Create An Operator Profile

    Venue Information Select venue group and venue type as defined in IEEE802.11u, Table 7.25m/n. ASRA Option Additional steps required for access. Select to indicate that the network requires a further step for access. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 187 11 static rules are available, as defined in WFA Hotspot 2.0 Technical Specification, section 4.5. Additional Connection Capability Allows addition of custom connection capability rules. Up to 21 custom rules can be created. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 188: Create A Hotspot 2.0 Wlan

    DGAF option. This option prevents stations from forwarding group-addressed (multicast/broadcast) frames and converts group-addressed DHCP and ICMPv6 router advertisement packets from layer 2 multicast to unicast. 7. Click OK to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 189: Bypass Apple Cna

    3. Select any or all of the following WLAN types for which you want to bypass the Apple CNA feature: • Web Authentication • Guest Access • Hotspot service • Social Media 4. Click Apply to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 190: Customizing The Web Portal Logo

    3. If your logo is ready for use, click Browse to open a dialog box that you can use to import the logo file. (ZoneDirector will notify you if the file is too large.) 4. Click Apply to save your settings. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 191 Managing a Wireless Local Area Network Customizing the Web Portal Logo Figure 130: Customizing the Web Portal logo Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 192 Managing a Wireless Local Area Network Customizing the Web Portal Logo Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 193: Managing Access Points

    If you do not want the AP to automatically. 4. Connect each AP to a power source. If the Ruckus Wireless APs that you are using are PoE-capable and power sources are not convenient, they will draw power through the Ethernet cabling if connected to a PoE-ready hub or switch.

  • Page 194: Verifying/Approving New Aps

    170). While WLAN groups can be used to specify which WLAN services are served by which APs, AP groups are used for more specific fine-tuning of how the APs themselves behave. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 195: Modifying The System Default Ap Group

    Tx Power setting to a lower setting. Table 26: Maximum number of AP groups by ZoneDirector model ZoneDirector Model Max AP Groups ZoneDirector 1200 ZoneDirector 3000 ZoneDirector 5000 Modifying the System Default AP Group If you want to apply global settings to all access points that are controlled by ZoneDirector, you can modify the settings of the System Default AP group and apply them to all ZoneDirector-controlled APs at once.
  • Page 196 Configure > Location Services page. See SPoT Location Services on page 136. For information on configuration and administration of Ruckus SmartPositioning Technology (SPoT) service, please refer to the SPoT User Guide, available from the Ruckus support site: https://support.ruckuswireless.com. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 197: Creating A New Access Point Group

    Group Settings section of the Editing [AP Group] form. The Group Settings section is divided into two subsections: • Members: Lists the current member APs of this AP group. • Access Points: Lists the APs that are members of other AP groups. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 198: Modifying Model Specific Controls

    Enable 5.8 GHz Channels” option will be available for outdoor 11n/11ac APs. Enabling this option allows the use of restricted C-band channels. These channels are disabled by default and should only be enabled by customers with a valid license to operate on these restricted channels. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 199 The BLE devices plug into a USB port on the AP, and the AP can be configured to turn power to the USB port either on or off. Ruckus Wireless APs with USB ports supporting BLE devices can provide power to the BLE device. The BLE devices perform whatever Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 200: Configuring Ap Ethernet Ports

    Configuring AP Ethernet Ports tasks they are designed to do without interference from or control (other than supplying USB power) by the Ruckus Wireless network equipment. USB ports are enabled by default. To disable the USB ports for all APs of a specific model in an AP group: 1.
  • Page 201 9. (If Smart Mesh is not enabled), choose whether this port will serve as an 802.1X Authenticator or Supplicant, or leave 802.1X settings disabled (default). (See Using Port Based 802.1X on page 205 for more information.) 10. Click Apply to save your changes. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 202: Dhcp Option 82

    DHCP option 82 and inserted into DHCP request packets. This option supports the ability for a service provider to allocate IP addresses intelligently by considering information on the origin of the IP allocation request. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 203 AP’s MAC address, or the client MAC plus ESSID or AP MAC plus ESSID. Sub-option 150 can be enabled to encapsulate the VLAN ID. Sub-option 151 can be enabled to encapsulate either the ESSID or a configurable Area Name. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 204: Designating Ethernet Port Type

    If your network uses a different VLAN as the native VLAN, configure the AP Trunk port’s VLAN Untag ID with the native VLAN used throughout your network. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 205: Using Port Based 802.1X

    ID and want the port to pass traffic on VLANs 200 and 300, you would enter: 1,200,300. Using Port Based 802.1X 802.1X authentication provides the ability to secure the network and optionally bind service policies for an authenticated user. 802.1X provides logical port control and Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 206 MAC address triggers an EAPOL request-identify frame. • Guest VLAN: (Default disabled). When a station fails to authenticate to this port, it will be assigned to this guest” VLAN, with access to Internet but not to internal resources. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 207 • As a Trunk Port to pass all VLAN packets, and • In port-based authentication mode Each AP is allowed to configure a maximum of one Ethernet port as an 802.1X supplicant, and the supplicant port must be a Trunk Port. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 208: Viewing Ap Ethernet Port Status

    Figure 141: Configuring an AP Ethernet port as an 802.1X Supplicant Viewing AP Ethernet Port Status You can view the status of an AP's port configuration by going to Monitor > Access Points and clicking on the MAC address of the AP. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 209: Reviewing Current Access Point Policies

    ZoneDirector. NOTE If you have two ZoneDirectors of the same model, Ruckus Wireless recommends using the Smart Redundancy feature. If you have two ZoneDirectors of different models, you can use Limited ZD Discovery to provide limited redundancy;...
  • Page 210 • Auto Recovery: Set an AP auto recovery time in minutes, after which APs will reboot in attempt to reconnect to ZoneDirector. Default is 30 minutes. 3. Click Apply to save and apply your settings. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 211: Using Limited Zd Discovery For N+1 Redundancy

    10. Repeat until all backup files have been imported. 11. Go to Configure > Access Points > Access Point Policies, and enable the check box next to Keep AP’s Primary and Secondary ZD Settings. This ensures that the Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 212: Importing A Usb Software Package

    AP Group/WLAN Group. Additionally, you must make sure that the maximum number of APs is not exceeded. Table 29: Max APs per Controller Model Max APs per controller ZoneDirector 1200 ZoneDirector 3000 ZoneDirector 5000 1000 Importing a USB Software Package Ruckus ZoneFlex Access Points with USB ports ("SmartPoint"...

  • Page 213: To Provision A Smartpoint Access Point With Usb Software

    AP's parameters. Additionally, you can manually assign an IP address or disable WLAN service entirely for a specific radio. Configuring any of these settings for an individual AP overrides settings configured in AP Groups. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 214 AP radio settings such as DTIM, BSS minrate and RTS-CTS to improve voice quality with Spectralink phones. NOTE For optimal VoWLAN voice quality, also disable Self-Healing and Background Scanning from the Configure > Services page). Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 215 If you set Uplink Selection for an AP to Manual and the uplink AP that you selected is off or unavailable, the AP status on the Monitor > Access Points page will appear as Isolated Mesh AP. See Troubleshooting Isolated Mesh APs page 311 for more information. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 216: Configuring Hotspot 2.0 Venue Settings For An Ap

    AP will be operating. You can create up to two Venue Names (two languages for the venue name). To set the Hotspot 2.0 Venue Name for an AP: Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 217: Optimizing Access Point Performance

    APs and warnings/events associated with the AP. 4. If you want to make changes to individual AP settings, proceed to the next task, Adjusting AP Settings on page 218. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 218: Adjusting Ap Settings

    Adjusting AP Settings 1. Go to Configure > Access Points. 2. Review the Access Points table and identify an AP that you want to adjust. 3. Click the Edit button in that AP row. 4. Review and adjust any of the following Editing (AP) options. NOTE Some options are read-only depending on the approval status.

  • Page 219: Managing User Access

    Managing User Access Enabling Automatic User Activation with Zero-IT Ruckus Wireless Zero-IT Activation allows network users to self-activate their devices for secure access to your wireless networks with no manual configuration required by the network administrator. Once your ZoneFlex network is set up, you need only direct users to the Activation URL, and they will be able to automatically authenticate themselves to securely access your wireless LAN.

  • Page 220: Clients That Support Zero-It

    Activation web page appears. 3. Enter User Name and Password, and click OK. If the user name and password are confirmed and the computer is running a supported operating system, an automated script will launch. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 221 Do Not Support Zero-IT on page 222). Figure 150: Corporate WLAN configuration You have completed Zero-IT configuration for this user. Repeat this procedure to automatically configure all additional users of your internal WLAN. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 222: Self-Provisioning Clients Without Ethernet Ports

    Figure 151: Manual configuration information Working with Dynamic Pre-Shared Keys Dynamic PSK is a unique Ruckus Wireless feature that enhances the security of normal Pre-shared Key (PSK) wireless networks. Unlike typical PSK networks, which share a single key amongst all devices, a Dynamic PSK network assigns a unique key to every authenticated user.

  • Page 223: Enabling Dynamic Pre-Shared Keys On A Wlan

    • Secure DPSK: Includes almost all printable ASCII characters, including periods, hyphens, dashes, etc. This option is more secure, however it is difficult to input for mobile clients whose keyboards may not contain the entire set of printable ASCII characters. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 224: Setting Dynamic Pre-Shared Key Expiration

    (never expires). 4. In Validity Period, select Effective from first use or Effective from creation time. 5. Click the Apply button that is in the same section. The new setting goes into effect immediately. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 225: Generating Multiple Dynamic Psks

    7. If you want to be able to identify the dynamic PSK users by their names, click Choose File, and upload a batch dynamic PSK profile instead. See Creating a Batch Dynamic PSK Profile on page 226 for more information. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 226 Creating a DPSK batch generation profile is useful if you want to customize the user names that will be used for accessing the DPSK WLAN, as opposed to user names such as "BatchDPSK_User_1," etc. 1. Go to Configure > WLANs. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 227 6. Go back to the Dynamic PSK Batch Generation section, and click the Choose File button to upload the CSV file you edited. 7. Click Generate to generate the custom DPSKs that you modified. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 228: Adding New User Accounts To Zonedirector

    • Password: Enter a unique password for this user, 4-32 characters in length, using a combination of letters, numbers and special characters including characters from (!) (char 33) to (~) (char 126). Passwords are case-sensitive. • Confirm Password: Re-enter the same password for this user. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 229: Managing Current User Accounts

    Managing Current User Accounts NOTE ZoneDirector 1200 can support up to 4,000 DPSK users and guest passes, and up to 4,000 concurrently connected clients. ZoneDirector 3000 can support up to 10,000 total DPSK users and guest passes, and up to 10,000 concurrently connected clients.

  • Page 230: Deleting A User Record

    Authentication on page 316. • Allow All WLANs: You have two options: (1) Allow Access to all WLANs, or (2) Specify WLAN Access. If you select the second option, you must specify the Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 231: Role Based Access Control Policy

    For example, a school could create a single secure WLAN for both students and staff members. Then, when either type of user connects to the network, they will be granted the proper access privileges based on their role at the school. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 232 WLANs for which you want to enforce these policies. To do this, edit the WLAN, expand the Advanced Options, and enable the check box next to Enable Role Based Access Control Policy in the Access Control section. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 233: Managing Automatically Generated User Certificates And Keys

    Once your wireless network is set up, you can instruct ZoneDirector to authenticate wireless users using your existing Authentication, Authorization and Accounting (AAA) server. The following types of AAA servers are supported: • Active Directory Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 234 RADIUS server configuration and the choice you made in RADIUS/RADIUS Accounting. Make sure that either PAP or CHAP is enabled on the Remote Access Policy (assuming Microsoft IAS as the RADIUS server) before continuing with testing authentication settings. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 235: Enabling Web Authentication

    5. Select the preferred authentication server from the Authentication Server drop-down menu. 6. Click OK to save this entry. Repeat this process for each WLAN to which you want to apply web authentication. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 236: Captive Portal Redirect On Initial Browser Https Request

    Figure 162: Activating captive portal/web authentication Captive Portal Redirect on Initial Browser HTTPS Request When logging in to a Web Auth/Hotspot/Guest WLAN by initially requesting an HTTPS page in the browser, the client may encounter one or two SSL/HTTPS security warnings as follows: •...

  • Page 237: Managing Guest Access

    • Use guest pass authentication: Redirect the user to a page requiring the user to enter a valid guest pass before allowing access to the guest WLAN. See Working with Guest Passes on page 251. • No authentication: Do not require redirection and guest pass validation. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 238: Using Guest Pass Self-Service

    Figure 163: Configuring Guest Access Using Guest Pass Self-Service The Guest Pass Self-Service feature allows guests to connect to a guest SSID and submit basic information (name, email address and mobile phone number) to receive a Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 239 • Notification Method: Select whether the guest pass will be delivered via email, SMS, or displayed directly on the device screen. When Sponsor Approval is selected, the Device Screen option is not allowed. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 240 1. Connect to the guest WLAN, launch a web browser and attempt to browse to any site. 2. The browser redirects to the Onboarding Portal page. 3. Click Guest Access. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 241 Figure 167: Terms of Use 7. The Authenticated page appears. Your guest pass is now activated and you can begin using the wireless network. Click Continue to be redirected to the URL you originally intended to visit. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 242 When sponsor approval is enabled, all guest service profiles share the same sponsor authentication server. If you select a different authentication server when creating a new guest service, the new server will be used for all guest services. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 243 Figure 170: Click Request Password to request a guest pass after sponsor approval To request, approve and activate a sponsor-approved guest pass, use following procedure: 1. On the Guest Access Login screen, enter your Name, Mobile number and Email address. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 244 Password and click Log in to continue. NOTE This user name and password must exist on the Authentication Server (Local Database, AD, LDAP or RADIUS) configured with guest pass generation privileges for this guest access service. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 245 7. Approving a guest pass triggers delivery of an email (and/or SMS message) containing the guest pass code to the guest. 8. As a guest user, open this email and copy the Guest Pass code to the clipboard. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 246: Configuring Guest Subnet Restrictions

    3. Scroll down to the bottom and expand the Restricted Subnet Access section. 4. Click Create New to create a new subnet restriction. Text boxes appear under the table columns in which you can enter parameters that define the access rule. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 247: Creating A Guest Wlan

    2. Under WLANs, click Create New. The Create New WLAN form appears. 3. Enter a Name (SSID) for this WLAN that will be easy for your guests to remember (e.g., "Guest WLAN"). The Description field is optional. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 248: Using The Byod Onboarding Portal

    Guest WLAN or to self-configure their mobile devices to authenticate to an internal WLAN using Zero-IT activation. To enable the Onboarding Portal for mobile devices: 1. Go to Configure > Guest Access. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 249 When a client connects to the Open Guest WLAN for the first time, the Ruckus Onboarding Portal page is displayed. The screen displays the following three options: • Guest Access • Register Device (download Zero-IT activation file) • Both Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 250 If the user clicks the Register Device button, the web page will be redirected to the WLAN Connection Activation page, from which the user can enter user name and password to activate this device. A Zero-IT activation file is generated for download once the client is registered with ZoneDirector. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 251: Working With Guest Passes

    Additionally, they can be batch generated if many short-term guest passes need to be created at once. Guest passes can be delivered in any of the following ways: • Print out wireless connection instructions containing guest pass key Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 252: Generating A Guest Pass From The Monitor Page

    NOTE ZoneDirector 1200 can support up to 4,000 DPSK users and guest passes, and up to 4,000 concurrently connected clients. ZoneDirector 3000 can support up to 10,000 total DPSK users and guest passes, and up to 10,000 concurrently connected clients.
  • Page 253 • Text the pass to [phone]: Deliver the guest pass code via SMS text message to the phone number entered. • Email the pass to [email]: Deliver the guest pass code via email to the email address entered. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 254: Configuring Guest Pass Generation

    • If you configured an AAA server (RADIUS, Active Directory or LDAP) on the Configure > AAA Servers page and you want to use that server to authenticate Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 255 3. In the Guest Pass section, clear the Allow Guest Pass Generation check box. 4. Click OK to save your settings. Members of the "Default" role no longer have guest pass generation privileges. 5. Continue to Creating a Guest Pass Generation User Role on page 256. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 256 NOTE For more information on configuring user roles, see Creating New User Roles on page 230. 4. Click OK to save your settings. This new role is ready for application to authorized users. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 257: Generating And Delivering A Single Guest Pass

    Printing Multiple Guest Passes at Once on page 262. NOTE If printing the guest pass, make sure that your computer is connected to a local or network printer before starting. To generate a single guest pass: Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 258 5. Click Log In. The Guest Information page appears. On this page, you need to provide information about the guest user to enable ZoneDirector to generate the guest pass. Figure 189: Creating a Guest Pass 6. On the Guest Information page, fill in the following options: Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 259 Options include Email (if you configured an email address for the guest), SMS (if you configured a phone number for the guest) and Print Instructions. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 260 At the same time, the Print dialog box appears. 14. Select the printer that you want to use, and then click OK to print the guest pass instructions. You have completed generating and delivering a guest pass for your guest user. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 261 Managing Guest Access Working with Guest Passes Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 262: Generating And Printing Multiple Guest Passes At Once

    Pass Profile on page 264), use this option to import the file. • Sharable: Configure this option if you want to allow multiple users to share a single guest pass (default: 1; not shared). Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 263 10. Select the printer that you want to use, and then click OK to print the guest pass instructions. You have completed generating and printing guest passes for your guest users. If you want to save a record of the batch guest passes that you have generated, click the here Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 264: Monitoring Generated Guest Passes

    4. Click Export to CSV to export the list to a CSV file that can be opened in a spreadsheet program. 5. To create new guest passes, click Create New. See Generating a Guest Pass from the Monitor Page on page 252. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 265: Creating A Custom Guest Pass Printout

    The guest pass printout contains several tokens or variables that are substituted with actual data when the guest pass is generated. When you customize the guest pass printout, make sure that these tokens are not deleted. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 266 It also shows the date and time when the guest pass will expire if not activated. This token is used in conjunction with either {GP_ENDIF_EFFECTIVE} {GP_ELSEIF_EFFECTIVE_FROM_FIRST_USE} or {GP_ENDIF_EFFECTIVE} token. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 267: Delivering Guest Passes Via Email

    ZoneDirector to use the configured Twilio or Clickatell account to deliver guest passes. To customize the content of the SMS message used to deliver the guest pass code, use the following procedure: Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 268 1. On the Configure > Guest Access page, locate the Customize the SMS Content section. 2. Customize the message in the text box and click Apply to save your changes. Figure 195: Customize the SMS content NOTE For more information on Captive Portal redirection for Hotspot, Web Auth and Guest Access WLANs, see Captive Portal Redirect on Initial Browser HTTPS Request on page 236.

  • Page 269: Monitoring Your Wireless Network

    273. These tables list the first 15 entries by default and can be expanded using the Show More button. Click on the MAC address, AP name or user name for more detailed information on the specific AP or client. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 270 APs, details for each radio are shown. Clients The number of clients currently connected to this AP. Bonjour Gateway Indicates whether Bonjour Gateway service is enabled, disabled or not supported on this AP. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 271 Export to CSV The Currently Managed APs table can be exported as a CSV file, which can be opened in a spreadsheet program such as Microsoft Excel. If the search box is empty, all APs Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 272 Figure 198: Saving a managed AP list as a CSV file Currently Managed AP Groups Click the + icon to expand the AP group to display all members of the group. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 273: Monitoring Individual Aps

    (Tx) and receiving (Rx) 802.11 frames, plus the time spent waiting for non-802.11 interference to avoid collision (busy). Free airtime is 100% - total. High numbers indicate contention in the channel. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 274 Displays a list of the currently connected clients. Action icons can be used to configure or troubleshoot a client from this list. Events/Activities Displays an AP-related subset of the All Events / Activities table. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 275 Mesh tree that also shows any uplink and downlink APs connected to this AP. Troubleshoot Troubleshoot connectivity issues using Ping and Traceroute. Restart Initiate a reboot of this AP. Recover Recover an isolated Mesh AP Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 276 For more information on these SmartZone discovery methods, refer to the SmartZone Admin Guide. NOTE If you have blocked an AP this way and want to allow it to join ZoneDirector again, go to Configure > Access Points and click Allow Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 277 Different chipsets can report these errors in different ways and certain types of noise can even mask these errors entirely. RF Pollution is a more stable metric that will never produce misleading results. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 278 3. The Spectrum Analysis display opens in a new window. 4. Select 2.4G or 5G to choose the frequency band for which spectrum analysis data will be collected, and click Start Monitoring to begin. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 279 Details on neighbor APs include: • Access Point: The AP's description, if configured, or the MAC address if no name or description is available. • Channel: The channel that the neighbor AP is currently using. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 280: Moniting Wlan Status

    "N/A (Unknown)". Access Point Sensor Information If your APs include internal sensors, ZoneDirector will display the AP's status in this section. Temperature and orientation sensors are available on most Ruckus Wireless outdoor APs. Orientation • Desktop/Horizontal Mount •...

  • Page 281: Reviewing Current User Activity

    • Inactive Clients: The Inactive Clients table displays a list of inactive clients and can be used to view usage statistics of recently disconnected clients. • Events/Activities: The Events/Activities table displays a client-specific subset of the events listed on the All Events/Activities page. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 282: Active Client Action Icons

    The Applications/Ports pie chart displays user activity by application or port for the selected time span. The Application Performance chart displays uplink and downlink throughput over time. Select time span, AP group and SSID to change or filter the values displayed in the charts. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 283 Monitoring Your Wireless Network Reviewing Current User Activity Figure 209: Monitoring client activity Click the Show Details button to display detailed application or port usage percentages. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 284 The Applications pie chart can also be used to discover which clients are using the most used applications. When you mouse over a section of the pie chart, a table is displayed to the right providing a list of the top 10 clients responsible for this traffic. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 285: Monitoring Individual Clients

    Heading Description Applications/Ports and Displays client application usage and throughput Application Performance in pie chart and time graph formats. Click Charts Show Details to view application usage statistics for this client. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 286 To monitor a client’s performance: 1. Go to Monitor > Wireless Clients and locate the client MAC address in the Active Clients list. 2. Click the client's MAC address link to view the client details page. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 287 This estimate is based on measurements of downlink traffic and is updated only when the AP transmits more than 1000 packets, each containing at least 1024 bytes of data, within a one-minute measurement interval. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 288: Monitoring Wired Clients

    3. Review the contents of this table. The Activities column is especially informative. 4. If a listed alarm condition has been resolved, click the Clear link to the right. You also have the option of clicking Clear All to resolve all alarms at once. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 289: Reviewing Recent System Events

    AP events display the first 17 characters of an AP name (if AP names are used). NOTE The All Events/Activities table displays a maximum of 2,500 events. When this limit is reached, the oldest events will be overwritten when new events occur. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 290: Monitoring Location Services

    To monitor SmartPositioning location servers, go to Monitor > Location Services. NOTE For information on configuration and administration of Ruckus SmartPositioning Technology (SPoT) service, please refer to the SPoT User Guide, available from the Ruckus support site: https://support.ruckuswireless.com Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 291: Monitoring Mesh Status

    Click the Add Widgets link to view available widgets, and drag and drop icons onto the dashboard to customize the display. Select a time period for display (five minutes, one hour, or one day), and click Start Monitoring to start. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 292: Real Time Monitoring Widgets

    ZoneDirector's rogue AP detection features help in identifying the presence of a rogue AP, categorizing it as either a known neighbor AP or as a malicious rogue, and locating it on your worksite floorplan prior to its physical removal. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 293 "known." NOTE If your office or worksite is on a single floor in a multistory building, your upper- and lower-floor neighbors' wireless access points may show up on the Map View, but Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 294 To assist in physically locating rogue devices, click the plus sign (+) icon next to a detected rogue AP. This expands a list to display which ZoneFlex APs have detected this rogue, sorted according to signal strength. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 295: Monitoring System Information

    To view the status of ZoneDirector's Ethernet ports, go to Monitor > System Info. The table displays the MAC address, Interface ID, physical link status, link speed, and total packets/bytes received/transmitted on the port since last restart. Figure 223: Monitoring ZoneDirector Ethernet port information Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 296 Monitoring Your Wireless Network Monitoring System Information Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 297: Deploying A Smart Mesh Network

    • Smart Mesh networks are self-organizing: When a new node appears, it becomes assimilated into the mesh network. In the Ruckus Wireless Smart Mesh network, all traffic going through the mesh links is encrypted. A passphrase is shared between mesh nodes to securely pass traffic.

  • Page 298: Supported Mesh Topologies

    LAN segment. You can extend the reach of your wireless network by forming and connecting multiple mesh trees to the wired LAN segment. In this topology, all APs connected to the wired Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 299: Wireless Bridge Topology

    LAN segment. You can bridge these two wired LAN segments by forming a wireless mesh link between the two wired segments, as shown in the figure below. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 300: Hybrid Mesh Topology

    Mesh AP (MAP) eMesh AP (eMAP) You can also view the role of any AP in your mesh network from the Monitor > Access Points page or from the Mesh Topology widget on the Dashboard. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 301: Deploying A Wireless Mesh Via Zonedirector

    • Step 4: Verify That the Wireless Mesh Network Is Up Step 1: Prepare for Wireless Mesh Deployment Before starting with your wireless mesh deployment, Ruckus Wireless recommends performing a number of tasks that can help ensure a smooth deployment.

  • Page 302: Step 2: Enable Mesh Capability On Zonedirector

    7. In the Mesh Settings section, click Apply to save your settings and enable Smart Mesh. You have completed enabling mesh capability on ZoneDirector. You can now start provisioning and deploying the APs that you want to be part of your wireless mesh network. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 303: Step 3: Provision And Deploy Mesh Nodes

    90 seconds, it will search for other Root APs or Mesh APs and, once mesh neighbor relationships are established, form a mesh tree. NOTE After an AP in its factory default state has been provisioned, you need to reboot it to enable mesh capability. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 304: Step 4: Verify That The Wireless Mesh Network Is Up

    Connected (Root AP) AP is connected to ZoneDirector via its Ethernet port Connected (Mesh AP, n AP is connected to hops) ZoneDirector via its wireless interface and is n hops away from the Root AP. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 305: Using The Zoneflex Leds To Determine The Mesh Status

    • WLAN (Wireless Device Association) LED - Indicates downlink status and client association status • AIR (Signal/Air Quality) LED - Indicates uplink status and the quality of the wireless signal to the uplink AP Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 306 • Connected to a Root AP or another Mesh AP • Signal quality is fair or poor Slow blinking green The AP is searching for an uplink This is a Root AP or eMAP Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 307: On Dual-Band Zoneflex Aps

    Root AP • Solid Green: 5G radio is behavior • No Mesh APs are connected • At least one client is connected Amber: • 5G radio is up • No Mesh APs/clients connected Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 308: Using Action Icons To Configure And Troubleshoot Aps In A Mesh

    AP. The icons are displayed next to APs in the Currently Managed APs table on the Dashboard. Some of the same action icons are also available on other pages including Monitor > Access Points and Monitor > Mesh. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 309 Click this button to migrate an AP to Controller another controller. For more information, Mi g rati n g an AP f r om ZoneDi r ector to Another Control l e r on page 276. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 310: Setting Mesh Uplinks Manually

    Smart Uplink Selection and manually set the mesh nodes to which an AP can connect. NOTE Note that in most situations, Ruckus Wireless recommends against manually changing the roles of APs in a mesh, because it can result in isolated Mesh APs. Figure 228: Setting Uplink Selection to Manual NOTE Do not manually set a Mesh AP as a Root AP.

  • Page 311: Troubleshooting Isolated Mesh Aps

    15 minutes as the mesh network stabilizes. If there is a significant number of APs on the network, it might take longer for the AP to resolve this. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 312: Recovering An Isolated Mesh Ap

    Recovering an Isolated Mesh AP. No APs with matching radio type The AP is unable to find an uplink AP with the same radio type. Ruckus Wireless Smart Mesh APs must use the same radio type to be able connect to each other via the mesh network.
  • Page 313 2. Log into the AP via SSH using the same user name and password that you use to log into the ZoneDirector web interface. 3. Enter the command set meshcfg ssid <current_ssid>, where current_ssid is the SSID that the mesh network is currently using. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 314: Best Practices And Recommendations

    AP again shortly. Please wait at least 15 minutes (to allow the mesh network to stabilize), and then try managing this AP again via ZoneDirector. Best Practices and Recommendations For recommendations and best practices in planning and deploying a Ruckus Wireless Smart Mesh network, refer to Mesh Networking Best Practices...

  • Page 315: Setting Administrator Preferences

    • Admin Name: Delete the text in this field and type the new administrator account name (used solely to log into ZoneDirector via the web interface). • Current Password: Enter the current admin password. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 316: Using An External Server For Administrator Authentication

    87. To authenticate ZoneDirector administrators using an AAA server: 1. Set up Group Attributes on the AAA server • RADIUS: • Ruckus Wireless private attribute • Vendor ID: 25053 • Vendor Type/Attribute Number: 1 (Ruckus-User-Groups) • Value Format: group_attr1,group_attr2,group_attr3,...
  • Page 317 Whenever a user with administrator privileges logs into the ZoneDirector web interface, an event will be recorded. The following is an example of the event details that you will see:Admin [user_name] login (authenticated by {Authentication Server} with {Role}). Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 318: Setting Administrator Login Session Timeout

    > Timeout interval, and click Apply. Working with Backup Files After you have set up and configured your Ruckus wireless network, you may want to back up the full configuration. The resulting archive can be used to restore your ZoneDirector and network. And, whenever you make additions or changes to the setup, you can create new backup files at that time, too.

  • Page 319: Restoring Archived Settings To Zonedirector

    • Restore everything, except system name and IP address settings (for failover deployment at the same site): Select this option to import settings saved from a primary to a backup ZoneDirector for Smart Redundancy deployment. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 320 This feature can be useful in deploying N+1 redundancy. For example, if three ZoneDirector 1200 controllers are deployed in different locations and with one ZoneDirector 3000 serving as a backup, you can use this feature to export AP lists from the three ZD1200s and import them one by one into the ZD3000.

  • Page 321: Restoring Zonedirector To Default Factory Settings

    Restoring ZoneDirector to Default Factory Settings In certain extreme conditions, you may want to re-initialize ZoneDirector and reset it to factory default state. In this state, the network is almost ready for use, but all your Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 322 4. When the reset is complete, the Status LED begins blinking green, indicating that the system is in the "factory default" state. After you complete the Setup Wizard, the Status LED will be steady green. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 323: Alternate Factory Default Reset Method

    LED will be steady green. Upgrading ZoneDirector and ZoneFlex APs Check the Ruckus Wireless Support website on a regular basis for updates that can be applied to your Ruckus Wireless network devices. After downloading any update package to a convenient folder on your administrative PC, you can complete the network upgrade (of both ZoneDirector and APs) by following the steps detailed below.

  • Page 324: Importing An Ap Firmware Patch

    NOTE Importing an AP patch will auto reboot the ZoneDirector to affect the patch, temporarily disconnecting APs (and any associated clients) from the network. To minimize network disruption, Ruckus Wireless recommends performing the upgrade procedure at an off-peak time. NOTE Upgrading ZoneDirector to a new release deletes all imported AP patches.

  • Page 325: Enabling Secure Ap Image Upgrade

    7. When the backup ZoneDirector upgrade is complete, the backup ZoneDirector reboots and becomes active (begins accepting AP requests), while the original active ZoneDirector enters backup state and begins its own upgrade process. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 326: Working With Ssl Certificates

    • Backup private key and certificate. • Generate a new private key. To create a certificate request file (CSR): 1. Go to Configure > Certificate 2. In the Generate a Request section, complete the following options: Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 327 ZoneDirector will be accessed in your browser (e.g., by device name such as ”). NOTE Ruckus Wireless recommends using the FQDN as the Common Name if possible. If your network does not have a DNS server, you may use ZoneDirector’s IP address instead.

  • Page 328: Importing An Ssl Certificate

    2. If there are no intermediate CA certificates, then click on the Import button to install the uploaded certificate. If the certificate does not match the currently installed private key you will be prompted to upload the correct private key. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 329 ZoneDirector certificate file. Then, you just need to import a single file. The intermediate certificate(s) will be imported automatically. In this case, you will see multiple ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- pairs in the file. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 330: Ssl Certificate Advanced Options

    DNS for the same FQDN without seeing the security warning. If you wish to also use certificates in a Smart Redundancy configuration with captive portals such as Guest Access, Web Portal and Hotspot, see Wildcard Certificate Installation on page 334. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 331 1. Go to Configure > Certificate, and expand the Advanced Options section. 2. Locate the Import Ruckus PKI Certificate Package section, and click the click here link. A file named ZoneDirector_rpki_cert_request.req will be generated. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 332 4. Launch a web browser, and go to the following URL: https://certrenewal.ruckuswireless.com/certificate_renewal_requests/new. You will need to login to the Ruckus Support portal to continue. 5. Once logged in, you will be redirected to the AP Certificate Replacement page. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 333 Figure 243: Loading Ruckus PKI Certificate Package 13. Once complete, log back into ZoneDirector, and on the Monitor > All Events/Activities page, you should see the following event message: "ZoneDirector/AP Ruckus PKI certificates successfully installed on ZoneDirector." Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 334 • primary-zd.acompany.com; 192.168.0.98: This is the FQDN for the primary ZD controller and its physical IP address. • backup-zd.acompany.com; 192.168.0.99: This is the FQDN for the backup ZD controller and its physical IP address Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 335: Upgrading The License

    Onboarding Portal feature for Zero-IT activation. Upgrading the License Depending on the number of Ruckus Wireless APs you need to manage with your ZoneDirector, you may need to upgrade your license as your network expands. Contact your authorized Ruckus Wireless reseller to purchase an upgrade license. Once you load the license via the web interface, it takes effect immediately.

  • Page 336: Support Entitlement

    Figure 245: The License page Support Entitlement A Support Entitlement license allows you to extend the period for which you are allowed to continue upgrading your ZoneDirector when newer versions are released. If your support contract has expired, you can contact your Ruckus customer service representative or Ruckus reseller to purchase additional support service.

  • Page 337: Troubleshooting

    Basically, you will be deleting that user's client from the Active Clients table on the ZoneDirector, and when their client connection automatically renews itself, any previous problems will hopefully be resolved. To disconnect an active client: Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 338: If Wlan Connection Problems Persist

    5. Click the Create New button to create a new user account for this user. Enter a user name and password, and choose a role from the drop-down menu. 6. Send a notification to the user with instructions on how to re-configure their client and log into the WLAN again. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 339: Measuring Wireless Network Throughput With Speedflex

    SpeedFlex link on the same row. The SpeedFlex Wireless Performance Test interface loads, showing a speedometer and the IP address of the AP or client that you want to test. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 340 If you are testing both Downlink and Uplink options, the two tests take about one minute to complete. When the tests are complete, the results appear below the Start button. Downlink and uplink throughput results are displayed along with packet loss percentages. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 341 Troubleshooting Measuring Wireless Network Throughput with SpeedFlex Figure 248: The SpeedFlex interface Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 342: Using Speedflex In A Multi-Hop Smart Mesh Network

    ZoneDirector in a mesh tree. For example, if you have a mesh tree that is three hops deep (i.e., ZoneDirector... Root AP... Mesh AP 1... Mesh AP 2), SpeedFlex can measure the total throughput between ZoneDirector and Mesh AP 2. Running the Multi-Hop Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 343 Note that multi-hop SpeedFlex takes considerably longer to complete than a single hop. If you want to complete the test faster, deselect either Uplink or Downlink and test one direction at a time. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 344: Allowing Users To Measure Their Own Wireless Throughput

    How to Measure the Speed of Your Wireless Connection The following instructions describe how you can use SpeedFlex, a wireless performance test tool from Ruckus Wireless, to measure the speed of your wireless connection to your access point. 1. Make sure that your wireless device is connected only to the wireless network. If your wireless device is also connected to the wired network, unplug the network cable.

  • Page 345: Starting A Radio Frequency Scan

    2. When the Diagnostics page appears, look for theManual Scan options, and then click Scan. This operation will interrupt active network connections for all current users. 3. Go to Monitor > Rogue Devices to view updated rogue AP detection. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 346: Using The Ping And Traceroute Tools

    Figure 254: Launching the Ping/Traceroute Troubleshooting window from the Dashboard The Network Connectivity window opens. Click Ping to ping the IP address or Trace Route to diagnose the number of hops to the IP address. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 347: Generating A Debug File

    After the file is saved, you can email it to the technical support representative. NOTE The debug (or diagnostics) file is encrypted and only Ruckus Wireless support representatives have the proper tools to decrypt this file. Viewing Current System and AP Logs You can display a list of recent ZoneDirector or AP activity logs from the ZoneDirector web interface.

  • Page 348: Packet Capture And Analysis

    • Streaming Mode NOTE Performing packet capture on the 5 GHz radio of a Mesh AP (MAP) can result in connectivity issues due to the AP’s use of the 5 GHz radio for Mesh communications. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 349: Local Capture

    5. Go to Capture Options. 6. Under Capture: Interface, select Remote. A Remote Interface dialog appears. 7. In Host, enter the IP address of the AP you want to view. Leave the Port field empty Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 350 AP contain the next-to-lowest byte and the lowest byte, respectively, of the antenna pattern used to transmit the packet. On some APs, the pattern value may contain more significant bits, which are not stored in this header. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 351 Therefore, the RX LDPC indicator is not reported, and the LDPC indicator valid bit will be zero. The RX LDPC indicator is available when invoking packet capture from the AP command line interface. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 352: Ap Diagnostic Information

    Ruckus-created script to ZoneDirector themselves. If instructed to do so by Ruckus Support, go to Administer > Diagnostics > Import Scripts and click Choose File to upload a script to ZoneDirector. Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 353: Enabling Remote Troubleshooting

    [2] follow this procedure which simultaneously shuts down ZoneDirector and all APs, then restarts all devices, and [3] restart individual APs. To restart ZoneDirector (and all currently active APs): Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 354 1. Go to Administer > Restart. 2. When the Restart / Shutdown features appear, click Restart. You will be automatically logged out of ZoneDirector. After a minute, when the Status LED is steadily lit, you can log back into ZoneDirector. Figure 263: The Restart/Shutdown page...

  • Page 355: Mesh Networking Best Practices

    MAPs. • If there are multiple Roots, ensure that the Roots are distributed evenly throughout the coverage area (not clumped up close together in one area). Shown in the figure Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 356: Signal Quality Verification

    • If the customer's network utilizes a wireless backhaul technology for broadband access, it is recommended to not mount the broadband wireless modem right next to a Ruckus Wireless AP. A distance of 10 feet or more would be desirable. Signal Quality Verification Signal Quality is a measurement of the link quality of the MAP's uplink, and is available on the ZoneDirector web interface.

  • Page 357: Mounting And Orientation Of Aps

    ZoneFlex APs are very tolerant to a variety of mounting and orientation options due to Ruckus Wireless' use of its unique BeamFlex technology, in which the RF signal is dynamically concentrated and focused towards the other end of the RF link.
  • Page 358 Mesh Networking Best Practices Mounting and Orientation of APs Ruckus Wireless ZoneDirector Release 10.0 User Guide...

  • Page 359: Outdoor Aps - Typical Horizontal Orientation

    The best practices are summarized below as a checklist for quick review. 1. Avoid an excessive number of hops. Ideally keep hop count to 3 or less. Ruckus Wireless ZoneDirector Release 10.0 User Guide...
  • Page 360 2. Having more RAPs is better for performance. 3. Ensure that there are RAPs near the middle of a coverage area so as to minimize the number of hops to reach a given MAP. 4. Where possible, ensure that the RAPs are distributed evenly throughout the coverage area rather than clumped together.
  • Page 361 Copyright © 2017. Ruckus Wireless, Inc. 350 West Java Drive, Sunnyvale, CA www.ruckuswireless.com...

This manual is also suitable for:

Zonedirector 3000Zonedirector 5000

Table of Contents

Save PDF