manualshive.com logo in svg

AMX NXA-WAPZD1000, Operation/Reference Manual, Page: 114 / 154

Share
Download
AMX NXA-WAPZD1000 Operation/Reference Manual Download Page 114

Configure Tab

110

NXA-WAPZD1000 ZoneDirector Smart WLAN Controller

7.

If the imported certificate does not match the NXA-WAPZD1000’s private key, a warning message 
appears (FIG. 40).

8.

Click the click here link, and an Import Private Key dialog appears (FIG. 41).

9.

Click Browse and locate the private key file you saved in step 3.

10.

Click Import to finish importing the private key to the NXA-WAPZD1000.

Using an External Server for Administrator Authentication

The NXA-WAPZD1000 supports additional administrator accounts that can be authenticated using an external 
authentication server such as RADIUS, LDAP or Active Directory. Two types of administrative privileges can 
be assigned to these administrator accounts:



Full Privileges - Allow all types of configuration and management tasks



Limited Privileges - Allow monitoring operations only

This section provides basic instructions for setting up the NXA-WAPZD1000 to authenticate additional 
administrator accounts with an external authentication server. For more information on AAA server 
configuration, please refer to the Using an External AAA Server section on page 96.

To authenticate NXA-WAPZD1000 administrators using an AAA server:

1.

Set up Group Attributes on the AAA server.



RADIUS:

- Ruckus Wireless private attribute
- Vendor ID: 25053
- Vendor Type/Attribute Number: 1 (Ruckus-User-Groups)
- Value Format: group_attr1,group_attr2,group_attr3,...



Cisco private attribute (if your network is using a Cisco access control server)

- Vendor ID: 9
- Vendor Type / Attribute Number: 1 (Cisco-AVPair)
- Value Format: shell:roles=?hgroup_attr1 group_attr2 group_attr3 ...?h



Active Directory or LDAP:

Set up two groups. one for administrators with Full Privileges and another for administrators with 
Limited Privileges.
Populate these groups with users to whom you want to grant administrator access. One way to do 
this is to edit each user’s Member of profile and add the group to which you want the user to 
belong. Remember the group names that you set; you will enter this information when you create 
administrator roles in the NXA-WAPZD1000 (see Step 3).

2.

Set up the NXA-WAPZD1000 to use an AAA server (Configure > AAA Servers).

3.

Create an Administrator Role in the NXA-WAPZD1000 (Configure > Roles).



Allow access to all/specific WLANs.



Allow/deny Guest Pass Generation.



Ensure that Allow ZoneDirector Administration is enabled, and choose Full Privileges or Limited 
Privileges.

FIG. 40  

The imported certificate does not match ZoneDirector’s private key

FIG. 41  

Importing a private key

Summary of Contents for NXA-WAPZD1000

Page 1: ...Operation Reference Guide Network Communication NXA WAPZD1000 ZoneDirector Smart WLAN Controller Initial Release 3 28 2011 ...

Page 2: ...rked on the outside of each box The RMA is valid for a 30 day period After the 30 day period the RMA will be cancelled Any shipments received not consistent with the RMA or after the RMA is cancelled will be refused AMX is not responsible for products returned without a valid RMA number AMX is not liable for any damages caused by its products or for the failure of its products to perform This incl...

Page 3: ...MPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE WITH REGARD TO THE AMX SOFTWARE THIS LIM ITED WARRANTY GIVES LICENSEE SPECIFIC LEGAL RIGHTS Any supplements or updates to the AMX SOFTWARE including without limitation any if any service packs or hot fixes provided to Licensee after the expiration of the ninety 90 day Limited Warranty period are not covered by any warranty o...

Page 4: ......

Page 5: ... the NXA WAPZD1000 s Command Line Interface 15 About Wireless WLAN Security 17 Enabling Smart Redundancy 17 Configuring the NXA WAPZD1000 for Smart Redundancy 17 Forcing Failover to the Backup NXA WAPZD1000 18 Browser Based Configuration Pages 19 Overview 19 Dashboard 20 Dashboard Widgets 21 Monitor Tab 23 Reviewing Recent Network Events 23 Monitoring Access Point Status 23 Access Points 24 Assess...

Page 6: ...he Current Log Contents 39 Clearing Recent Events Activities 39 All Alarms 40 Mesh 41 Real Time Monitoring 42 Configure Tab 43 System 44 Changing the System Name 46 Changing the Network Addressing 46 Enabling The Built in DHCP Server 46 Viewing DHCP Clients 47 Enabling an Additional Management Interface 47 Checking the Current Log Settings 47 Setting the System Time 48 Setting the Country Code 48 ...

Page 7: ... Setting Dynamic Pre Shared Key Expiration 61 Generating Multiple Dynamic PSKs 61 Creating a Batch Dynamic PSK Profile 62 Enabling Automatic User Activation with Zero IT 63 Authenticating Clients with Zero IT 63 Authenticating Clients that Do Not Support Zero IT 64 Activating Web Authentication 64 Creating a Guest WLAN 65 Access Points 66 Assigning a WLAN Group to an AP 67 Deploying NXA WAPZD1000 ...

Page 8: ...t Pass Generation 87 Generating and Printing a Single Guest Pass 87 Generating and Printing Multiple Guest Passes at Once 88 Creating a Guest Pass Profile 89 Monitoring Generated Guest Passes 89 Configuring Guest Subnet Access 90 Customizing the Guest Login Page 90 Creating a Custom Guest Pass Printout 90 Guest Pass Printout Tokens 91 Hotspot Services 92 Creating a Hotspot Service 93 Mesh 95 Enabl...

Page 9: ...Private Key 109 Using an External Server for Administrator Authentication 110 Administer Tab 112 Preferences 112 Changing the NXA WAPZD1000 Administrator User Name and Password 112 Changing the Browser Based Configuration Pages Display Language 113 Back up Restore 114 Backing Up a Network Configuration 114 Restoring Archived Settings to the NXA WAPZD1000 114 Restoring the NXA WAPZD1000 to Default ...

Page 10: ...Network Is Up 131 Using the ZoneFlex LEDs to Determine the Mesh Status 133 WLAN LED 133 Signal Air Quality LED 133 5G LED 133 Understanding Mesh related AP Statuses 134 Using Action Icons to Configure and Troubleshoot APs in a Mesh 134 Setting Mesh Uplinks Manually 135 Troubleshooting Isolated Mesh APs 135 Understanding Isolated Mesh AP Statuses 136 Recovering an Isolated Mesh AP 137 Step 1 Obtain...

Page 11: ...eshooting Failed User Logins 143 Fixing User Connections 143 If WLAN Connection Problems Persist 143 Measuring Wireless Network Throughput with SpeedFlex 144 Using SpeedFlex in a Multi Hop Smart Mesh Network 146 Allowing Users to Measure Their Own Wireless Throughput 147 How to Measure the Speed of Your Wireless Connection 147 Diagnosing Poor Network Performance 148 Starting a Radio Frequency Scan...

Page 12: ...viii NXA WAPZD1000 ZoneDirector Smart WLAN Controller Table of Contents ...

Page 13: ...e client traffic between any member of the mesh and the wired network Meshing greatly reduces the cost and time requirements of deploying an enterprise class WLAN in addition to providing much greater flexibility in AP placement The NXA WAPZD1000 also integrates network radio frequency RF and location management within a single system User authentication is accomplished with an integrated captive ...

Page 14: ...e Flashing amber LED Device is starting up or shutting down 10 100 1000 Ethernet Two 10 100 1000Mbps RJ 45 ports for Ethernet connectivity Solid green or amber left LED The port is connected to a device Blinking green or amber left LED The port is transmitting or receiving data traffic Green right LED The port is connected to a 1000Mbps device Amber right LED The port is connected to a 100Mbps or1...

Page 15: ...The NXA WAP1000 centralizes authentication and authorization decisions for all access points Automatic User Security Supports Ruckus s patent pending Dynamic Pre Shared Key PSK capability eliminating the requirement to configure and update individual PC client devices with unique encryption keys Power Adapter Compatibility The NXA WAPZD1000 is shipped with an appropriate power adapter for the coun...

Page 16: ...Introduction 12 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...

Page 17: ...cable or adapter is connected to a power source verify that the power cable is connected properly to the power jack To shut off the device press and hold the Power button for one to two seconds and the Status LED will switch from green to amber to denote that the device is shut down Press the button again to restart the device Resetting the NXA WAPZD1000 The NXA WAPZD1000 may be reset in one of tw...

Page 18: ...ess into a Web browser In case the LAN has no DHCP server the NXA WAPZD1000 s default IP address is 192 168 0 2 with a network mask of 255 255 255 0 If a DHCP server is used an IP address is assigned automatically Working with the Setup Wizard Before using the Wireless Setup wizard obtain and enter the following information to complete the configuration Language Pick the language you prefer to use...

Page 19: ...ll automatically discover the NXA WAPZD1000 Accessing the NXA WAPZD1000 s Command Line Interface Aside from using the NXD WAPZD1000 s Browser Based Configuration Pages page 19 you can also perform many management and configuration tasks using the NXD WAPZD1000 s Command Line Interface CLI by connecting directly to the Console port To access the NXD WAPZD1000 CLI 1 Connect an admin PC to the NXD WA...

Page 20: ...00 with limited privileges As a user with limited privileges you can view a history of previously executed commands and ping a device If you want to run more commands you can switch to privileged mode by entering enable at the root prompt To view a list of commands that are available at the root level enter help or ...

Page 21: ...gnificantly reduces the amount of setup required Finally you can choose to authenticate clients by MAC address This can be used to allow or deny access to clients based on their MAC addresses Of course it also requires that each authorized client s MAC address be listed in an authentication database Enabling Smart Redundancy The NXA WAPZD1000 s Smart Redundancy feature allows two devices to be con...

Page 22: ... prompted to retry discovery or continue configuring the current device 9 Install the second NXA WAPZD1000 and complete the Setup Wizard 10 Go to Configure System enable Smart Redundancy and enter the primary NXA WAPZD1000 s IP address in Peer IP address 11 Click Apply If an active NXA WAPZD1000 is discovered the second device will assume the standby state If an active device is not discovered you...

Page 23: ... and monitor your entire WLAN including the NXA WAPZD1000 and all access points connecting to it To access the browser based configuration pages enter the IP address for the NXA WAPZD1000 into your preferred Web browser The browser will then display the Ruckus Wireless ZoneDirector Login page FIG 3 FIG 3 NXA WAPZD1000 ZoneDirector login page The default Admin Name is admin and the default Password...

Page 24: ...of licensed APs serial number and software version number Devices Overview Shows the number of access points being managed by the NXA WAPZD1000 as well as the number of clients connected to these managed APs It also shows the number of rogue devices that have been detected by the NXA WAPZD1000 Most Frequently Used Access Points Lists the access points that are serving the most client requests Usag...

Page 25: ...efer to the System section on page 44 Currently Managed APs displaying all of the available WAPs being managed through the NXA WAPZD1000 including the MAC address the device name the device description the WAP model its current status the mesh mode being used the device s IP address its VLAN channel and the number of clients currently accessing it The component also allows the user to access the W...

Page 26: ...the component in the Widgets section as a selectable entry These may be accessed and used at any time When finished installing or moving widgets click the Finish link at the bottom of the Widgets section to save your changes The Widgets column will disappear but it accessible again by clicking the Add Widgets link again ...

Page 27: ...ecifically focuses on the selected WLAN category 5 Under the Monitor tab click either the All Alarms button or the All Events Activities button to see a complete list with all categories represented in chronological order Monitoring Access Point Status The NXA WAPZD1000 provides several different features for monitoring the status and performance of your APs The following are three ways you can qu...

Page 28: ...MAC address Description The AP s description This can be modified on the Configure Access Points page by clicking the Edit link next to the AP s MAC address Model The model number if applicable Status Displays the current status of the AP from the NXA WAPZD1000 s perspective Approval Pending Connected Disconnected Root AP Mesh AP eMesh AP Number of hops Mesh Mode Displays whether the AP is manuall...

Page 29: ...ed view of information related to that AP The Monitor Access Points MAC Address page provides the following details on the specific AP Monitor Tab Access Points Cont Activities The specific activity involved in the event FIG 7 Monitor Tab Access Points MAC Address page Monitor Tab Access Points MAC Address General Displays general information on the AP including software version IP address and mod...

Page 30: ...nknown Restarting an Access Point One helpful fix for network coverage issues is to restart individual APs To do so 1 Go to Monitor Access Points 2 When the Access Points page appears look in the Currently Managed APs table for the particular Access Point record The Status column should display Connected 3 Click the Restart icon The Status column now displays Disconnected along with the date and t...

Page 31: ...ew from the Map drop down list Coverage Selecting 2 4GHz enables a signal strength view of your placed 2 4GHz APs Selecting 5GHz displays the signal coverage of 5GHz radios Selecting either 2 4 or 5GHz opens the Signal legend on the right side of the Map View Show Rogue APs Selecting Yes displays any detected rogue APs in the floorplan Access Points The number of active APs within the selected map...

Page 32: ...and place each AP on the appropriate map Floorplan area The floorplan displays in this main area You can manipulate the size and angle of the floorplan by using the tools on this screen Upper slider The upper slider is a zoom slider allowing you to zoom in and out of the floorplan This is helpful in exact AP marker placement and in assessing whether physical obstructions that affect RF coverage ar...

Page 33: ...overage 1 Click and drag individual AP markers to new positions on the Map View floorplan until your RF coverage coloration is optimized Additional APs may be needed to fill in large coverage gaps 2 When your adjustments are complete note the new locations of relocated AP markers 3 After physically relocating the actual APs according to the Map View placements reconnect the APs to a power source A...

Page 34: ...he heat map appears look for a Signal scale in the upper right corner of the map Note the color range especially colors that indicate low coverage 5 Look at the floorplan and evaluate the current coverage Moving the APs into More Efficient Positions To move the APs into more efficient positions 1 From Monitor Map View click and drag individual AP markers on the Map View floorplan until your RF cov...

Page 35: ... mode being used by the WLAN Clients The number of clients accessed by the WLAN Currently Active WLAN Groups This is a listing of the currently active groups of WLANs being managed by the NXA WAPZD1000 Name The name used for the WLAN group Description Optional A more detailed description of the WLAN group WLANs The WLANs included within the group Events Activities This is a breakdown of all activi...

Page 36: ... WLAN Group To view the APs that belong to a particular WLAN group 1 Go to Monitor WLANs 2 Under Currently Active WLAN Groups click the WLAN group name for which you want to view the member AP list 3 On the page that loads look for the Member APs section All APs that belong to this WLAN group are listed ...

Page 37: ...er IP The name or IP address of the client Access Point The access point through which the client is connected to the network WLAN The WLAN through which the client is connected VLAN The VLAN if any through which the client is connected Channel The channel being used by the client Radio The radio frequency being used by the client Signal dB The signal strength of the client s connection Status The...

Page 38: ...individual clients from this page including blocking unauthorized clients deleting clients from the table which will allow them to attempt to reconnect testing throughput using SpeedFlex and testing connectivity using Ping and Traceroute To review blocked clients go to Configure Access Control Blocked Clients page 74 ...

Page 39: ...elete the generated user keys and certificates 1 Go to Monitor Generated PSK Certs 2 Select the check boxes for the PSKs and Certificates that you want to delete 3 Click Delete to delete the selected items The selected PSKs and Certificates are deleted from the system A user with a deleted PSK or a deleted certificate will not be able to connect to the wireless network without obtaining a new key ...

Page 40: ...e name of the guest accessing the network Remarks Optional Type any notes or comments For example if the guest user is a visitor from a partner organization you can type the name of the organization Expires The date the guest pass expires Session Enable this check box and select a time increment after which guests will be required to log in again If this feature is disabled connected users will no...

Page 41: ...ices Currently Active Rogue Devices This is the complete list of all active rogue devices currently connecting to the network MAC Address The MAC address of the rogue device Channel The radio channel being used by the rogue device Radio The radio frequency being used by the rogue device Type The type of device being used to access the network Encryption This notes whether the connection is encrypt...

Page 42: ...is open 6 If a listed AP is part of another nearby neighbor network click Mark as Known This identifies the AP as posing no threat while copying the record to the Known Recognized Rogue Devices table 7 To locate rogue APs that do pose a threat to your internal WLAN click the MAC Address of a device to open the Map View page 27 If your worksite floorplan is imported into the Map View window and you...

Page 43: ...sted below 3 Click a column header to sort the contents by that category 4 Click any column twice to switch chronological or alphanumeric sorting modes Clearing Recent Events Activities To review the current events and if appropriate clear all resolved events 1 Go to Monitor All Events Activities 2 The Events Activities table lists the unresolved events the most recent at the top 3 Review the cont...

Page 44: ...contents of this table 4 If a listed alarm condition has been resolved click the now active Clear link to the right You also have the option of clicking Clear All to resolve all alarms at one time FIG 15 Monitor Tab All Alarms Monitor Tab All Alarms Alarms This section lists all alarms uncleared by the NXA WAPZD1000 administrator Date Time The date and time when the alarm was triggered Name The al...

Page 45: ...APs connected to the NXA WAPZD1000 Signal dB The current signal strength of the mesh network connection Description Optional A more detailed description of the mesh network connection Channel The radio channel being used to maintain the mesh network IP Address The IP address of the AP Action Select between the icons to perform a specific action System Info RF Info Configure Troubleshoot Your Netwo...

Page 46: ...be lower when Real Time Monitoring is not running FIG 17 Monitor Tab Real Time Monitoring The Real Time Monitoring function may also be accessed from the Toolbox link at the top of the Browser Based Configuration Pages Monitor Tab Real Time Monitoring Start Monitoring button Click this button to start monitoring CPU Util Displays the percentage utilization of the NXA WAPZD1000 s CPU Memory Util Di...

Page 47: ...to configure and maintain a NXA WAPZD1000 network This tab includes access to WLAN specifications identification of users guest access and configuration of mesh networks When making any changes in the Browser Based Configuration Pages you must click Apply before you navigate away from the page or your changes will not be saved ...

Page 48: ... set of parameters is configured during the Setup Wizard process These parameters and others can be customized on this page FIG 18 Configure Tab System Configure Tab System System Name The currently chosen name for the NXA WAPZD1000 network Device IP Settings The current IP settings for the NXA WAPZD1000 If Manual is selected these fields must be filled by the operator If DHCP is selected these fi...

Page 49: ...vices Management IP Address The IP address for the server used to manage the network If the Management Interface has not been enabled this field will be disabled Management Access Control This section lists the specific IP addresses which are allowed access to the NXA WAPZD1000 Name The name of the device or network accessing the NXA WAPZD1000 Restriction Select between Single Range and Subnet Sin...

Page 50: ...1000 s DHCP server will only assign addresses to devices that are on its own subnet and part of the same VLAN if VLANs are assigned Note that before you can enable the built in DHCP server the NXA WAPZD1000 must be assigned a manual static IP address If you configured the device to obtain its IP address from another DHCP server on the network the options for the built in DHCP server will not be vi...

Page 51: ...em 2 In the Device IP Settings section click the Click Here link next to the text If ZoneDirector needs another interface for management traffic 3 Click the box next to Enable Management Interface and enter the IP Address Netmask and VLAN information for the additional interface 4 Click Apply to save your settings 5 If the Management Interface is to be shared by two devices repeat steps 1 5 for th...

Page 52: ...cate the Country Code section and choose your location from the pull down menu 3 Click Apply to save your settings Enabling Management via FlexMaster If you have a Ruckus Wireless FlexMaster server installed on the network you can enable FlexMaster management to centralize monitoring and administration of the NXA WAPZD1000 and other supported devices The NXA WAPZD1000 supports the following FlexMa...

Page 53: ...ap notifications 1 In the Network Management section of the System page scroll down to the bottom of the page 2 Under SNMP Trap select the Enable SNMP Trap check box 3 In Trap Server IP type the IP address of the SNMP trap server on the network 4 Click Apply to save your changes Trap Notifications Sent by the NXA WAPZD1000 The NXA WAPZD1000 will send trap notifications to the SNMP server for seven...

Page 54: ...ent Access Control section and click the Create New link 3 In the Create New menu that appears enter a name for the user s that you want to allow access to the Browser Based Configuration Pages 4 Enter an IP address address range or subnet 5 Click OK to confirm You can create up to 16 entries to the Management ACL When you create a management access control rule all IP addresses and subnets other ...

Page 55: ...AN Description Optional A more detailed description of the WLAN Authentication The type of authentication being used by the WLAN Encryption The type of encryption being used by the WLAN Actions Select Edit to make changes to the WLAN and Clone to make an exact copy of the WLAN WLAN Groups This table lists your current WLAN groups and provides basic details about them Name The name of the WLAN grou...

Page 56: ...ific WLANs esp regarding authentication and encryption algorithm can be set up that support specific groups of users This requires a two step process 1 create the custom WLAN and link it to qualified user accounts by roles and 2 assist all qualified users to prepare their client devices for custom WLAN connection As a result you will have the default internal WLAN plus the needed WLANs that fulfil...

Page 57: ... WLAN Description Enter a brief description of the qualifications purpose for this WLAN e g Engineering or Voice WLAN Usages Select usage type standard guest access hotspot Authentication Options Select authentication method open shared key 802 1X EAP MAC address Encryption Options Select encryption method WPA WPA2 WPAMixed WEP encryption algorithm and passphrase or WEP key If any authentication m...

Page 58: ...ed by the WiFi Alliance and are the recommended encryption methods The Wi Fi Alliance will be mandating the removal of WEP because it is easily cracked so it should not be used Method WPA Standard Wi Fi Protected Access with either TKIP or AES encryption WPA2 Enhanced WPA encryption using the stronger AES encryption algorithm WPA Mixed Allows mixed networks of WPA and WPA2 compliant devices Use th...

Page 59: ...ctive use this option to designate the server used to authenticate Web based user login When 802 1X or MAC Address authentication is active use this option to designate the server used to authenticate users without Web authentication Options include Local Database RADIUS server Active Directory and LDAP When one of these authentication server types is selected other than Local Database you will ne...

Page 60: ...imiting controls fair access to the network When enabled the network traffic throughput of each network device i e client is limited to the rate specified in the traffic policy and that policy can be applied on either the uplink or downlink Toggle the Uplink and or Downlink drop down lists to limit the rate at which WLAN clients upload download data The Disabled state means rate limiting is disabl...

Page 61: ...arketing Engineering you can do so by following these steps 1 Make a list of the group of users who ideally are using client devices running Windows XP SP2 Windows Vista SP1 Windows 7 or Mac OS X or iPhone or iTouch handhelds 2 Go to Configure WLANs When the WLANs page appears the default internal and guest networks are listed in the table once you have created a WLAN it will appear in this table ...

Page 62: ... start click Edit in the Internal WLAN row 3 When the Editing Internal options appear look at the two main categories Authentication Options and Encryption Options 4 If you click an Authentication Option Method such as Open Shared or 802 1X different sets of encryption options are displayed Open allows you to configure a WPA or WEP based encryption or none if you re so inclined After selecting a W...

Page 63: ...eat the Zero IT Wireless Activation process and download the certificates and an activation script generated by the NXA WAPZD1000 2 Each user must first install certificates to his her computer 3 Each user must then execute the activation script in order to configure the correct wireless setting on his her computer 4 To manually configure 802 1X EAP settings for non EAP capable client use use the ...

Page 64: ...ning a WLAN to Provide Hotspot Service After you create a hotspot service configuration you need to specify the WLANs to which you want to deploy the hotspot configuration To configure an existing WLAN to provide hotspot service 1 Go to Configure WLANs 2 In the WLANs section look for the WLAN that you want to assign as a hotspot WLAN and then click the Edit link that is on the same row The Editing...

Page 65: ...ption to enable Zero IT activation 6 If using MAC Address authentication choose an Authentication Server to authenticate clients against from either Local Database or RADIUS Server if you chose Open only Local Database is available 7 Ensure that the Zero IT Activation check box is enabled 8 Next to Dynamic PSK enable the check box next to Enable Dynamic PSK 9 Click OK to save your settings This WL...

Page 66: ...ation WLAN Name This is the WLAN with which they are authorized to access and use the dynamic PSK that you generated passphrase Passphrase This is the network key that the user needs to enter on his WLAN configuration client to access the WLAN Expiration Optional This is the date when the passphrase network key will expire After this date the user will no longer be able to access the WLAN using th...

Page 67: ...ally enable Dynamic PSK if your WLAN s authentication and encryption methods support it 6 If the Authentication Method is 802 1X or MAC Address select which Authentication Server to authenticate users against If you are not using an external server for authentication you can use the NXA WAPZD1000 s internal database 7 Note the Activation URL in the Zero IT Activation section further down the page ...

Page 68: ...nformation To activate Web authentication 1 Go to Configure WLANs 2 Look for the WLAN that you want to edit and then click the Edit link that is on the same row 3 When the Editing WLAN_Name form appears locate the Web Authentication option 4 Click the check box to enable portal Web authentication 5 Select the preferred authentication server for Web Authentication from the Authentication Server dro...

Page 69: ...s to remember e g Guest WLAN The Description field is optional 4 Under Type select Guest Access 5 Since this is a Guest network the only Authentication Option available is Open 6 Choose an Encryption Method that provides the best compromise between security and compatibility based on the kinds of client devices that you expect your guests will use 7 If you want your internal wireless traffic to ha...

Page 70: ...cast power of the AP WLAN Group The individual WLAN group or groups to which the AP belongs Approved The notice as to whether or not this AP has been approved to access the network Actions Click Edit to make changes to the AP configuration and Allow to allow the AP onto the WLAN Access Point Policies Approval Click this box to automatically approve all join requests from APs Limited ZD Discovery C...

Page 71: ... performance and security of a network If your network is designed to segment management traffic to a specific VLAN and you want to include the NXA WAPZD1000 s AP management traffic in this VLAN you can set the parameters in the NXA WAPZD1000 system configuration To assign ZD AP management traffic to a management VLAN 1 Go to Configure System 2 In Device IP Settings enter the VLAN ID in the VLAN f...

Page 72: ...he AP along with the VLAN ID that has been assigned to the user on the RADIUS server 4 User joins the AP and is segmented to the VLAN ID that has been assigned to him For dynamic VLAN to work you must configure the following RADIUS attributes for each user Tunnel Type Set this attribute to VLAN Tunnel Medium Type Set this attribute to IEEE 802 Tunnel Private Group ID Set this attribute to the VLAN...

Page 73: ...r source Verifying Approving New APs 1 Go to Monitor Access Points 2 The Access Points page appears showing the first 15 access points that have been approved or are awaiting approval If the NXA WAPZD1000 is managing more than 15 access points the Show More button at the bottom of the page will be active To display more access points in the list click Show More When all access points are displayed...

Page 74: ...D1000s in a Smart Redundancy configuration on your network you can enter the primary and secondary ZD IP addresses here or you can leave Limited ZD Discovery disabled If the Limited ZD Discovery and Smart Redundancy information you enter is inconsistent a warning message will be displayed asking you to confirm Management VLAN You can enable the NXA WAPZD1000 management VLAN if you want to separate...

Page 75: ...1 Go to Configure Access Points 2 Find the AP to edit in the Access Points table and then click Edit under the Actions column 3 Edit any of the following Device Name Give a name to the AP Description Enter a description for the AP This description is used to identify the AP in the Map View Location Enter a recognizable location for the AP GPS Coordinates Enter GPS coordinates for location on Googl...

Page 76: ...s on each of your network APs After assessing AP performance in the context of network performance you can reset channels and adjust transmission power or adjust the priority of certain WLANs over others as needed Adjusting AP Settings 1 Go to Configure Access Points 2 Review the Access Points table and identify an AP that you want to adjust 3 Click the Edit button in that AP row 4 Review and adju...

Page 77: ...gnal is so strong that it really belongs on this AP The APs maintain these desired client limits and enforce them once they reach the limits by withholding probe responses and authentication responses on any radio that has reached its limit Key points on load balancing These rules apply only to client devices the AP always responds to another AP that is attempting to set up or maintain a mesh netw...

Page 78: ...ss control list to allow or deny wireless devices based on their MAC addresses Name The name of the L2 MAC access control list Description Optional A more detailed description of the L2 MAC access control list Restriction Notes on whether the list only allows or denies all stations listed MAC Address The MAC address of the device maintaining the access control list Stations L3 4 IP Address Access ...

Page 79: ...Access Controls configuration options you define Layer 2 MAC address ACLs which can then be applied to one or more WLANs upon WLAN creation or edit ACLs are either allow only or deny only that is an ACL can be set up to allow only specified clients or to deny only specified clients MAC addresses that are in the deny list are blocked at the AP not at the NXA WAPZD1000 To configure an L2 MAC ACL 1 G...

Page 80: ... If you have a specific IP address to which you want to allow or deny access type it here Otherwise select Any IP addresses must be in the format A B C D M where M is the bitmask Application If you have a specific application to which you want to allow or deny access select it from the menu Otherwise select Any If you select an option here besides Any the Protocol and Destination Port options are ...

Page 81: ...ror message appears when these file size limits are reached Additionally the maximum file size per floorplan image is 512Kb Importing a Floorplan Image 1 Go to Configure Maps 2 Click Create New The Create New form appears 3 In Name type a name to assign to the floorplan image that you will be importing Type a description as well if preferred 4 Click Browse The Choose File dialog box appears 5 Brow...

Page 82: ...Configure Tab 78 NXA WAPZD1000 ZoneDirector Smart WLAN Controller 6 Go to Monitor Map View page 27 to see this image You can now use the Map View to place the Access Point markers FIG 25 Maps Editing ...

Page 83: ...ory LDAP users with the same group attributes are automatically mapped to this user role Allow All WLANs You have two options 1 Allow Access to all WLANs or 2 Specify WLAN Access If you select the second option you must specify the WLANs by clicking the check box next to each one This option requires that you create WLANs prior to setting this policy see Creating a New WLAN Guest Pass If you want ...

Page 84: ...formation please refer to the Group Extraction section on page 99 Enter the User Group name here Active Directory LDAP users with the same group attributes are automatically mapped to this user role Policies Allow All WLANs You have two options 1 Allow Access to all WLANs or 2 Specify WLAN Access If you select the second option you must specify the WLANs by clicking the check box next to each one ...

Page 85: ...ectory as your authentication server Enter the Active Directory User Group names here Active Directory users with the same group attributes are automatically mapped to this user role Allow All WLANs You have two options 1 allow all users with this role to connect to all WLANs or 2 limit this role s users to specific WLANs and then pick the WLANs to which they can connect Guest Pass If you want use...

Page 86: ...ess users by referring to accounts that are stored in the NXA WAPZD1000 s internal user database FIG 28 Configure Tab Users Configure Tab Users User Name The name of the particular user Full Name The full name of the particular user Role The role assigned to the user Actions Click Edit to make modifications to the selected user and Clone to make an exact copy of it ...

Page 87: ...nts as needed To change an existing user account 1 Go to Configure Users 2 Locate the specific user account in the Internal User Database panel and then click Edit 3 When the Editing user name form appears make the needed changes 4 If a role must be replaced open that menu and choose a new role for this user 5 Click OK to save your settings Be sure to communicate the relevant changes to the approp...

Page 88: ...nternal users database Assigning a Pass Generator Role to a User Account To assign a guest pass generator role to a user account 1 Go to Configure User 2 At the bottom of the Internal Users Database click Create New 3 When the Create New form appears fill in the text fields with the appropriate entries 4 Open the Role menu and choose the assigned role for this user 5 Click OK to save your settings...

Page 89: ... and contractors Such a guest pass allows its user to connect to the WLAN You must decide whether or not to permit all or some users to generate guest passes Additionally you may also want to review the default settings and policies that control guest use of the network These include options you can fine tune to fit your work environment FIG 30 Configure Tab Guest Access ...

Page 90: ...ir destination When guest users land on this page they are shown the expiration time for their guest pass 5 Click Apply to save your settings Configure Tab Guest Access Enable Guest Access Use these features to set limits for guest pass access to your wireless network Authentication Select the level of authorization to be given to the guest Terms of Use Click the box to show the terms of use to th...

Page 91: ...y any end user Effective from first use This type of guest pass is valid from the time the user uses it to authenticate with the NXA WAPZD1000 until the specified expiration time An additional parameter A Guest Pass will expire in X days can be configured to specify when an unused guest pass will expire regardless of use The default is 7 days 5 When you finish click Apply to save your settings and...

Page 92: ... pass expires 7 Click Next The Guest Pass Generated page appears 8 In the drop down menu select the guest pass instructions that you want to print out If you did not create custom guest pass printouts select Default 9 Click Print Instructions A new browser page appears and displays the guest pass instructions At the same time the Print dialog box appears 10 Select the printer that you want to use ...

Page 93: ...ct the printer that you want to use and then click OK to print the guest pass instructions You have completed generating and printing guest passes for your guest users If you want to save a record of the batch guest passes that you have generated click the here link in Click here to download the generated Guest Passes record and then download and save the CSV file to your computer Creating a Guest...

Page 94: ...in Page You can customize the guest user login page to display your corporate logo and to note helpful instructions along with a Welcome title If you want to include a logo you will need to prepare a Web ready graphic file in one of three acceptable formats JPG GIF or PNG Make sure that the logo file does not exceed the following Length Two inches on any side File size 20KB To customize the guest ...

Page 95: ...ort to save the HTML file to the NXA WAPZD1000 database You have completed creating a custom guest pass printout When users generate a guest pass the custom printout that you created will appear as one of the options that they can print Guest Pass Printout Tokens The following table lists the tokens that are used in the guest pass printout Make sure that they are not accidentally deleted when you ...

Page 96: ... have associated with your hotspot will be redirected for authentication purposes Users will need to enter a valid user name and password before they are allowed access to the Internet through the hotspot Open source captive portal packages such as Chillispot are available on the Internet RADIUS Server A Remote Authentication Dial In User Service RADIUS through which users can authenticate For ins...

Page 97: ...m appears FIG 32 3 In Login Page under Redirection type the URL of the captive portal the page where hotspot users can log in to access the service 4 Configure optional settings as preferred In Start Page configure where users will be redirected after logging in successfully You could redirect them to the page that they want to visit or you could set a different page where users will be redirected...

Page 98: ... unauthenticated user is given access for the purpose of setting up an account After the account is established the user is allowed out of the Walled Garden URLs will be resolved to an IP address up to four Users will not be able to click through to other URLs that may be presented on a page if that page is hosted on a server with a different IP address Avoid using common URLs that are translated ...

Page 99: ...sh downlinks after which the NXA WAPZD1000 should trigger warning messages Then click Apply in the same section 6 In the Mesh Settings section click Apply to save your settings and enable Smart Mesh You have completed enabling mesh capability on the NXA WAPZD1000 You can now start provisioning and deploying the APs that you want to be part of your wireless mesh network FIG 33 Configure Tab Mesh Co...

Page 100: ...ver then point the NXA WAPZD1000 to the AAA server so that requests will be passed through the NXA WAPZD1000 before access is granted This section describes the tasks that you need to perform on the NXA WAPZD1000 to ensure the device can communicate with your AAA server The NXA WAPZD1000 supports three types of AAA server Active Directory LDAP RADIUS RADIUS Accounting FIG 34 Configure Tab Authenti...

Page 101: ...ccounting server is chosen Also note that attribute formats vary between AAA servers Active Directory In Active Directory objects are organized in a number of levels including domains trees and forests At the top of the structure is the forest A forest is a collection of multiple trees that share a common global catalog directory schema logical structure and directory configuration In a multi doma...

Page 102: ... same password for confirmation 6 Click OK to save changes LDAP The NXA WAPZD1000 supports several of the most commonly used LDAP servers including OpenLDAP Apple Open Directory Novell eDirectory Sun JES limited support To enable LDAP user authentication for all users 1 Go to Configure AAA Servers 2 Click the Edit link next to LDAP The Editing LDAP form appears 3 Enter the IP address and Port of y...

Page 103: ...9 and create a Role based on this User Group Click the Create New link in the Roles section In the Group Attributes field enter Group attributes exactly as they were returned from the Test Authentication Settings dialog Specify WLAN access Guest Pass generation and NXA WAPZD1000 administration privileges as desired for this Role At this point any user who logs in and is authenticated against your ...

Page 104: ...is WLAN will be authenticated using a three way handshake based on the Challenge Handshake Authentication Protocol CHAP and the MAC address of each client attempting to access this WLAN must match an entry in the RADIUS database before access is granted Testing Authentication Settings The Test Authentication Settings feature allows you to query an AAA server for a known authorized user and return ...

Page 105: ...b Alarm Settings Email Notification Enable this option to send an email message when an alarm is triggered Email Address The Email address to which the message should be sent SMTP Server Name The name of the SMTP server being accessed SMTP Server Port The SMTP server port being accessed SMTP Authentication Username The username authorized for the SMTP server SMTP Authentication Password The passwo...

Page 106: ...ofing AP When the NXA WAPZD1000 detects that an unauthorized AP is spoofing the MAC address of one of your APs it sends the following alarm message A new MAC spoofing rogue AP name with SSID is detected Detection of rogue DHCP server When the NXA WAPZD1000 detects a rogue DHCP server on the network it sends the following alarm message Rogue DHCP server on ip is detected When any of these events oc...

Page 107: ...o enhance performance so that it can efficiently shift AP specific settings and resources to improve coverage Intrusion Detection The NXA WAPDZD1000 has built in intrusion prevention features that help protect the wireless network from excessive requests and intrusion attempts Background Scanning The NXA WAPDZD1000 regularly samples the activity in all Access Points to assess radio frequency RF us...

Page 108: ...e one channel at a time in each AP so as not to interfere with network use This information is then applied in Map View page 27 and other NXA WAPDZD1000 monitoring features You can if you prefer customize the automatic scanning of RF activity deactivate it if you feel it s not helpful or adjust the frequency if you want scans at greater or fewer intervals Note that background scanning must be enab...

Page 109: ...determine which ones are rogue and then disconnect them or shut down the DHCP service on them To enable rogue DHCP server detection on the NXA WAPZD1000 1 Go to Configure Services 2 In the Rogue DHCP Server Detection section select the Enable rogue DHCP server detection check box 3 Click the Apply button that is in the same section Regularly checking the All Events Activities page page 39 periodic...

Page 110: ...ge Configure Tab Certificate Generate a Request Common Name Enter the NXA WAPZD1000 s Fully Qualified Domain Name FQDN Subject Alternative Name Optional Select either IP or DNS from the menu and enter either alternative IP addresses or alternate DNS names Organization Type the complete legal name of your organization for example Ruckus Wireless Inc Do not abbreviate your organization name Organiza...

Page 111: ...ccessing the NXA WAPZD1000 i e administrator interface standard captive portal and guest access captive portal Subject Alternative Name Optional Select either IP or DNS from the menu and enter either alternative IP addresses or alternate DNS names Organization Type the complete legal name of your organization for example Ruckus Wireless Inc Do not abbreviate your organization name Organization Uni...

Page 112: ... certificate file and the key pair password that you set when you created the certificate signing request CSR file To import an SSL certificate 1 Copy the certificate file to a location either on the local drive or a network share that you can access from the Browser Based Configuration Pages 2 Log in to the Browser Based Configuration Pages and then click Configure Certificate 3 Under Import Cert...

Page 113: ...an always revert to the factory default and start over Back Up Certificate Private Key Allows you to save the key for use in another NXA WAPZD1000 or keep a copy in case the device needs to be factory reset and loses its current key Re Generate Private Key Only used to generate a new private key of a different length when required by the Certificate Authority Saving an SSL Certificate or Private K...

Page 114: ...ZD1000 administrators using an AAA server 1 Set up Group Attributes on the AAA server RADIUS Ruckus Wireless private attribute Vendor ID 25053 Vendor Type Attribute Number 1 Ruckus User Groups Value Format group_attr1 group_attr2 group_attr3 Cisco private attribute if your network is using a Cisco access control server Vendor ID 9 Vendor Type Attribute Number 1 Cisco AVPair Value Format shell role...

Page 115: ...ration Pages even when the authentication server is unavailable You have completed setting up the NXA WAPZD1000 to use external servers for administrator authentication Whenever a user with administrator privileges logs into the Browser Based Configuration Pages an event will be recorded The following is an example of the event details that you will see Admin user_name login authenticated by Authe...

Page 116: ...t click Apply before you navigate away from the page or your changes will not be saved FIG 42 Administer Tab Preferences Administer Tab Preferences Language Select the display language that you want to use on the Browser Based Configuration Pages Administrator Name Password Admin Name Enter the administrator s username Current Password Enter the administrator s current password New Password Enter ...

Page 117: ...g the Browser Based Configuration Pages Display Language Depending on your preferences you can change the language in which the Browser Based Configuration Pages are displayed in your Web browser The default is English This change only affects how the actual interface appears and does not modify either OS system or browser settings which are managed through other processes 1 Go to Administer Prefe...

Page 118: ...ew the Restore Configuration instructions and then click Browse 3 Use the Browse dialog box to locate the backup file 4 Select the file and then click Open Three restore options appear Restore everything Select this option if you want the device to use all the settings configured in the backup file including the IP address wireless settings and access control list among others FIG 43 Administer Ta...

Page 119: ... the Status LED is a blinking red then a blinking green indicating that the system is in the factory default state After you complete the Setup Wizard the Status LED will be steady green Alternate Factory Default Reset Method If you are unable to complete a software based resetting of the NXA WAPZD1000 you can do the following hard restore To perform a hard factory default reset 1 Locate the Reset...

Page 120: ...ect the NXA WAPZD1000 from the power source To follow this procedure which simultaneously shuts down the NXA WAPZD1000 and all APs then restarts all devices A restart of individual APs To restart the NXA WAPZD1000 and all currently active APs 1 Go to Administer Restart 2 When the Restart Shutdown features appear click Restart You will be automatically logged out of the NXA WAPZD1000 After a minute...

Page 121: ...ation Pages run the upgrade and then restart itself When the upgrade process is complete the Status LED on the device FIG 1 is steadily lit You may now log back into the Browser Based Configuration Pages as Administrator FIG 45 Administer Tab Upgrade Administer Tab Upgrade Current Software Click the Check for Updates button to see if software upgrades are available Software Upgrade Select a locati...

Page 122: ...owse The Browse dialog box appears 4 Browse to the location where you saved the upgrade package and then click Open 5 When the upgrade file name appears in the text field the Browse button becomes the Upgrade button 6 Click Upgrade The backup NXA WAPZD1000 is upgraded first 7 When the backup NXA WAPZD1000 upgrade is complete the backup device reboots and becomes active begins accepting AP requests...

Page 123: ...Based Configuration Pages it takes effect immediately Current license information description PO number status etc is displayed on the Browser Based Configuration Pages Importing a New License File To import a new license file 1 Go to Administer License 2 Click Browse to find your license 3 Once you find your license and close the Browse window the NXA WAPZD1000 immediately attempts to validate an...

Page 124: ...field 4 Click Apply to save your settings 5 In the Save Debug Info section click Save Debug Info 6 When the File Download dialog box appears select Save File and click OK 7 When the Save As dialog box appears pick a convenient destination folder type a name for the file and click Save 8 When the Download Complete dialog box appears click Close After the file is saved you can email it to the techni...

Page 125: ... recent AP activity from the Browser Based Configuration Pages To view AP logs 1 Go to Administer Diagnostics and locate the AP Logs section 2 Click the Click Here link next to To show current AP logs The log data is displayed in the text box beneath the link The debug or diagnostics file is encrypted and only AMX support representatives have the proper tools to decrypt this file ...

Page 126: ...es click on the Administer tab and then choose Registration 2 Enter your information on the Registration page and click Apply 3 The information is sent to a CSV file that opens in a spreadsheet program if you have one installed 4 Email the CSV file which includes the serial number and MAC address of your NXA WAPZD1000 and all known access points in addition to your contact information to register ...

Page 127: ...ty issues while managing the NXA WAPZD1000 without having to exit the UI The Ping and Traceroute tools can be accessed from anywhere in the UI that you see the icon For example from the Dashboard if the Currently Managed APs widget is open click the icon next to an AP to launch the troubleshooting window When the Network Connectivity window FIG 50 opens click Ping to ping the IP address or Trace R...

Page 128: ...such as CPU and memory utilization number of APs and clients on the network and number of packets transmitted To view the Real Time Monitoring page locate the Toolbox link at the top of the page and select Real Time Monitoring from the pull down menu You can also access the Real Time Monitoring page from the Monitor Real Time Monitoring tab page 42 FIG 51 Real Time Monitoring Tool ...

Page 129: ...When all active clients are displayed on the page the Show More button disappears 4 To block any listed client devices follow the next set of steps Temporarily Disconnecting Specific Client Devices Follow these steps to temporarily disconnect a client device from your WLAN The user can simply reconnect manually if they prefer This is helpful as a troubleshooting tip for problematic network connect...

Page 130: ...Blocking Client Devices 126 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...

Page 131: ...deploying your Smart Mesh network getting familiar with the following terms that are used in this document to describe wireless mesh networks is recommended Smart Mesh Networking Terms Term Definition Mesh Node A Ruckus Wireless ZoneFlex AP with mesh capability enabled Root AP Root Access Point A mesh node communicating to an NXA WAPZD1000 through its Ethernet that is wired interface Mesh AP Mesh ...

Page 132: ...rees FIG 52 to the wired LAN segment In this topology all APs connected to the wired LAN are considered Root APs and any AP not connected to the wired LAN is considered a Mesh AP Wireless Bridge Topology If you need to bridge isolated wired LAN segments you can set up a mesh network using the wireless bridge topology In this topology the NXA WAPZD1000 and the upstream router are on the primary wir...

Page 133: ...rough its Ethernet port Multiple eMAPs can be connected to a single Mesh AP to for example bridge a wired LAN segment inside a building to a wireless mesh outdoors In designing a mesh network connecting an eMAP to a Mesh AP extends the Smart Mesh network without expending a wireless hop and can be set on a different channel to take advantage of spectrum reuse Use the Monitor Mesh page page 41 to s...

Page 134: ...how to enable Auto Approval please refer to the Adding New Access Points to the WLAN section on page 69 Step 2 Enable Mesh Capability on the NXA WAPZD1000 If you did not enable mesh capability on the NXA WAPZD1000 when you completed the Setup Wizard you can enable it on the Configure Mesh screen page 95 Step 3 Provision and Deploy Mesh Nodes In this step you will connect each AP to the same wired ...

Page 135: ...es select Monitor Map View The Map View appears and shows the mesh nodes that are currently active For instructions on importing a map please refer to the Importing a Floorplan Image section on page 77 2 Check if all the mesh nodes that you have provisioned and deployed appear on the Map View 3 Verify that a mesh network has been formed by checking if dotted lines appear between the mesh nodes FIG...

Page 136: ...g table Map View AP Icons Icon Meaning An AP with the upward pointing arrow is a Root AP An AP with a number in a circle is a Mesh AP The number indicates the number of hops from the mesh AP to the Root AP An AP with a dimmed blue square indicates that it is a Root AP without any active downlinks An AP with a red square is an Ethernet Linked Mesh AP eMAP An AP with an X icon is disconnected ...

Page 137: ...ted with the AP Solid amber No mesh downlink and No client is associated with the AP Fast blinking green At least one mesh downlink exists and At least one client is associated with the AP Slow blinking green At least one mesh downlink exists and No client is associated with the AP Signal Air Quality LED Behavior LED Color Behavior Root AP eMAP Mesh AP Solid green N A Connected to a Root AP or ano...

Page 138: ... may need to reboot it to activate the mesh Connected Root AP AP is connected to the NXA WAPZD1000 via its Ethernet port Connected Mesh AP n hops AP is connected to the NXA WAPZD1000 via its wireless interface and is n hops away from the Root AP Connected eMesh AP n hops AP is connected to the NXA WAPZD1000 via its Ethernet port but acts as a Mesh AP using another Mesh AP as its uplink Isolated Me...

Page 139: ...e that were once managed by the NXA WAPZD1000 but are now unreachable They are up and running and constantly searching for mesh uplinks but are unable to connect to any root AP You can check if you have any isolated mesh APs on the network by checking the Monitor Access Points page Action Icons Cont Restart Initiate a reboot of this AP Recover Recover an isolated Mesh AP Allow Allow this AP to be ...

Page 140: ... for uplinks This is usually a temporary state and is typically resolved automatically within 15 minutes as the mesh network stabilizes If there is a significant number of APs on the network it might take longer for the AP to resolve this Config error The AP attempted to establish the mesh uplink but was unsuccessful If you recently updated the mesh SSID and passphrase it is likely that your chang...

Page 141: ... 255 255 255 252 2 Create a wireless network from your computer If you are running Windows XP you can use the Wireless Network Setup Wizard to create the wireless network Configure the wireless network with the following settings Association mode WPA2 Encryption method AES SSID Type the AP s last known SSID which you obtained in the previous section PSK Type the AP s last known PSK which you obtai...

Page 142: ...ser at 10Mbps or 10 users at 1Mbps each In reality due to statistical multiplexing just like the phone system the fact that not all users are using the network concurrently if you use an oversubscription ratio of 4 1 such a network could actually support 40 users at 1Mbps But first some background on mesh technology and its impact on performance A Root AP RAP in a mesh network has all its wireless...

Page 143: ...ng the AP Multiplier to Account for Mesh table because 50 is between 40 and 60 the more conservative higher is more conservative AP Multiplier of 1 6 is chosen of APs 20 x 1 6 32 APs 10 RAP and 22 MAP Placement and Layout Considerations Utilize two or more RAPs To prevent having a single point of failure it is always best to have 2 or more RAPs so that there are alternate paths back to the wired n...

Page 144: ...se for uplink and both should have a Signal value of 25 or better For a more conservative design you may use 35 as your Signal benchmark Mounting and Orientation of APs ZoneFlex APs are very tolerant to a variety of mounting and orientation options due to Ruckus Wireless use of its unique BeamFlex technology in which the RF signal is dynamically concentrated and focused towards the other end of th...

Page 145: ...xample provided calculate the number of RAPs and MAPs required for your coverage area and bandwidth requirements 3 Ideally deploy two or more RAPs so there is an alternate path for reliability even when capacity and coverage only require one RAP 4 Avoid an excessive number of hops Ideally keep hop count to 3 or less 5 Having more Roots is better for performance 6 Place your Root towards the middle...

Page 146: ...Smart Mesh Networking Best Practices 142 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...

Page 147: ...for more information please refer to the Authenticating Clients that Do Not Support Zero IT section on page 64 Option 4 If the client s OS cannot be upgraded and the wireless adapter is limited to WEP you will need to do the following Create an additional WLAN for non standard client connections then create a Role that refers to this WLAN and assign that role to the relevant user accounts Enter th...

Page 148: ...then click the SpeedFlex link on the same row The SpeedFlex Wireless Performance Test interface loads showing a speedometer and the IP address of the AP or client that you want to test 6 If you are testing AP throughput you have the option to test both Downlink and Uplink throughput Both options are selected by default If you only want to test one of them clear the check box for the option that yo...

Page 149: ...10 30 seconds If you re testing AP throughput and you selected both Downlink and Uplink options both tests should take about one minute to complete When the tests are complete the results appear below the Start button Information that is shown includes the downlink uplink throughput and the packet loss percentage during the tests FIG 56 SpeedFlex interface FIG 57 Click the download link for the ta...

Page 150: ...t results for each hop as well as the aggregate throughput from NXA WAPZD1000 to the final AP in the tree To measure throughput across multiple hops in a Smart Mesh tree 1 In the Browser Based Configuration Pages go to Monitor Mesh or open the Mesh Topology widget on the Dashboard 2 Locate the AP whose throughput you want to measure and click the SpeedFlex icon on the same row as that AP The Speed...

Page 151: ...d of Your Wireless Connection The following instructions describe how you can use SpeedFlex to measure the speed of your wireless connection to your access point 1 Make sure that your wireless device is connected only to the wireless network If your wireless device is also connected to the wired network unplug the network cable 2 Start your Web browser and then enter the following in the address o...

Page 152: ...d troubleshooting techniques to resolve poor network performance 1 From the Browser Based Configuration Pages go to Monitor Map View 2 Look on the map for rogue APs If there is a large number and they belong to neighboring networks proceed to the next task 3 Go to Configure Access Points 4 Edit each AP record to assign each device a channel that will not interfere with other APs For example if you...

Page 153: ...Troubleshooting 149 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...

Page 154: ...ation knowledge In the ever changing AV industry continual education is key to success AMX University is dedicated to ensuring that you have the opportunity to gather the information and experience you need to deliver strong AMX solutions Plus AMX courses also help you earn CEDIA NSCA InfoComm and AMX continuing education units CEUs Visit AMX University online for 24 7 365 access to Schedules and ...

Reviews:

No comments