Ruckus Wireless ZoneDirector 1200 Скачать руководство пользователя страница 305 | Manualshive

Страница: 305 / 361

Ruckus Wireless ZoneDirector 1200 Скачать руководство пользователя страница 305

Recommended Action

Description

Status

AP is connected to
ZoneDirector via its Ethernet
port, but acts as a Mesh AP
using another Mesh AP as
its uplink

Connected (eMesh AP, n
hops

• The AP may be

configured incorrectly.
Verify that the mesh
SSID and passphrase
configured on the AP are
correct.

• If Uplink Selection is set

to Manual, the uplink AP
specified for this AP may
be off or unavailable.

AP is disconnected from the
ZoneDirector mesh

Isolated Mesh AP

Using the ZoneFlex LEDs to Determine the Mesh
Status

In addition to checking the mesh status of ZoneFlex APs from the ZoneDirector web
interface, you can also check the LEDs on the APs. The LED behaviors that indicate the
AP's mesh status vary depending whether the AP is a single-band or a dual-band model.

On Single-band ZoneFlex APs

On single-band ZoneFlex APs (for example, ZoneFlex 7352), the two LEDs that indicate
the mesh status are:

• WLAN (Wireless Device Association) LED - Indicates downlink status and client

association status

• AIR (Signal/Air Quality) LED - Indicates uplink status and the quality of the wireless

signal to the uplink AP

305

Ruckus Wireless ZoneDirector™ Release 10.0 User Guide

Deploying a Smart Mesh Network

Using the ZoneFlex LEDs to Determine the Mesh Status

«
...
303
304
305
306
307
...
»

Содержание ZoneDirector 1200

Страница 1: ...Ruckus Wireless ZoneDirector Release 10 0 User Guide Part Number 800 71463 001 Rev A Published 02 May 2017 www ruckuswireless com...

Страница 2: ...LICENSORS MAKE NO WARRANTY OF ANY KIND EXPRESS OR IMPLIED WITH REGARD TO THE MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY NON INFRINGEMENT AND FITNESS FOR A PARTICUL...

Страница 3: ...w to Ensure that APs Can Discover ZoneDirector on the Network 27 Firewall Ports that Must be Open for ZoneDirector Communications 35 Accessing ZoneDirector s Command Line Interface 36 Using the ZoneDi...

Страница 4: ...Systems 65 Enabling SmartCell Insight Communication 65 Enabling Management via FlexMaster 66 Enabling Northbound Portal Interface Support 68 Configuring SNMP Support 69 Enabling Telnet 75 4 Configurin...

Страница 5: ...128 Bridge Service Records 128 Creating a Bonjour Gateway Rule ZD Site 129 Creating a Bonjour Gateway Rule AP Site 131 Applying a Bonjour Policy to an AP 132 Example Network Setup 133 Bonjour Fencing...

Страница 6: ...rvice Provider Profile 185 Create an Operator Profile 186 Create a Hotspot 2 0 WLAN 188 Bypass Apple CNA 189 Customizing the Web Portal Logo 190 6 Managing Access Points Adding New Access Points to th...

Страница 7: ...or 228 Internal User Database 228 Managing Current User Accounts 229 Changing an Existing User Account 229 Deleting a User Record 230 Creating New User Roles 230 Role Based Access Control Policy 231 M...

Страница 8: ...nitoring Location Services 290 Monitoring Mesh Status 291 Real Time Monitoring 291 Real Time Monitoring Widgets 292 Detecting Rogue Access Points 292 Monitoring System Information 295 Monitoring Syste...

Страница 9: ...efault Factory Settings 321 Alternate Factory Default Reset Method 323 Upgrading ZoneDirector and ZoneFlex APs 323 Importing an AP Firmware Patch 324 Enabling Secure AP Image Upgrade 325 Performing an...

Страница 10: ...g ZoneDirector 353 13 Mesh Networking Best Practices Calculating the Number of APs Required 355 Placement and Layout Considerations 355 Signal Quality Verification 356 Mounting and Orientation of APs...

Страница 11: ...vised that the ZoneDirector will periodically connect to Ruckus and Ruckus will collect the ZoneDirector serial number software version and build number Ruckus will transmit a file back to the ZoneDir...

Страница 12: ...interface and is searchable Command Line Reference Guide Provides a list of CLI commands their usage syntax and examples SNMP Reference Guide Provides a list of supported Simple Network Management Pr...

Страница 13: ...including free introductory courses to wireless networking essentials site surveys and Ruckus Wireless products visit the Ruckus Wireless Training Portal at https training ruckuswireless com 13 Ruckus...

Страница 14: ...Ruckus Wireless ZoneDirector Release 10 0 User Guide 14 About This Guide Online Training Resources...

Страница 15: ...highly configurable guest access features and advanced security features within a single system User authentication can be accomplished using an internal user database or forwarded to an external Aut...

Страница 16: ...oneDirector to factory default settings press and hold the F D button for at least five 5 seconds For more information refer to Alternate Factory Default Reset Method on page 323 NOTE Resetting ZoneDi...

Страница 17: ...arting up or shutting down Flashing Red The port is connected to a device Solid Green or Amber Ethernet Link The port is transmitting or receiving traffic Flashing Green or Amber The port has no netwo...

Страница 18: ...wo seconds Reset For Ruckus Wireless Support use only USB RJ 45 port for accessing the ZoneDirector command line interface Console Two auto negotiating 10 100 1000Mbps Ethernet ports 10 100 1000 Ether...

Страница 19: ...nected or is not receiving a link signal Off The port is connected to a 1000Mbps device Amber Ethernet Rate The port is connected to a 100Mbps device Green The port is connected to a 10Mbps device Off...

Страница 20: ...l lock to remove the front bezel and gain access to the hard drive bays Front Bezel Lock Front Panel Bezel Removed Figure 4 ZoneDirector 5000 front panel bezel removed Table 8 ZoneDirector front panel...

Страница 21: ...nitions Table 3 Fan status LED 4 Critical alarm not used 5 MJR alarm not used 6 NMI pin hole button factory reset button 7 Chassis ID button 8 NIC 1 NIC 2 activity LED 9 HDD activity LED not used 10 P...

Страница 22: ...power source detected 3 More than one fan failure detected Amber On Non critical alarm Amber Blinking Rear Panel Features Figure 6 ZoneDirector 5000 rear panel features Table 11 Rear panel features Fe...

Страница 23: ...IT refers to ZoneDirector s simple setup and ease of use features which allow end users to automatically self configure wireless settings on Windows and Mac OS clients as well as many mobile devices...

Страница 24: ...overy in the Network and Sharing Center Advanced Sharing Settings 2 Double click the ZoneDirector icon when UPnP displays it or 3 Point your web browser to ZoneDirector s IP address default 192 168 0...

Страница 25: ...ed to obtain IP addresses from a DHCP server If APs are assigned static IP addresses they must be using a local DNS server that you can configure to resolve the ZoneDirector IP address using zonedirec...

Страница 26: ...he same time and waits for a response from any ZoneDirector that can respond The AP may receive multiple responses from DHCP and DNS if multiple ZoneDirector IP addresses have been configured on the D...

Страница 27: ...subnet as ZoneDirector before moving the AP to another subnet To do this connect the AP to the same network as ZoneDirector When the AP starts up it will discover and attempt to register with ZoneDir...

Страница 28: ...ma separated IP address strings for discovering ZoneDirectors and also TLV based option 43 encapsulation as specified in RFC 2132 For ZoneDirector information sub option code 03 Type 0x03 Length Count...

Страница 29: ...ts 1 In the Server Manager window right click the IPv4 icon and choose Define Vendor Classes from the menu 2 In the DHCP Vendor Classes dialogue click Add to create a new vendor class 3 Enter the valu...

Страница 30: ...nterface eth1 AdvSendAdvert on AdvOtherConfigFlag on prefix 2001 db8 0 2 64 4 Edit the dhcp6 conf file as follows default lease time 600 max lease time 7200 log facility local7 subnet6 2001 db8 0 2 64...

Страница 31: ...the correct IP info through DHCPv6 option 17 you can check the tmp dhcp6_vendor_opts file Use the following command on the AP CLI cat tmp dhcp6_vendor_opts code3 2001 1920 1cf 3 2001 1920 1cf 4 end c...

Страница 32: ...NOTE The following procedures describe how to customize a DHCP server running on Microsoft Windows Server If your DHCP server is running on a different operating system the procedure may be different...

Страница 33: ...click Configure Options The tab of the Scope Options dialog box appears 4 Under Available Options look for the 6 DNS Servers check box and then select it 5 In the IP address box under Data Entry type...

Страница 34: ...rmation on configuring the built in DNS server on Windows is available at http support microsoft com kb 814591 NOTE If your DNS server prompts you for the corresponding host name for each ZoneDirector...

Страница 35: ...irmware upgrade TCP destination port as specified in FM Inventory Device Web Port Number Mapping FlexMaster ZoneDirector management interface TCP destination port 22 SSH ZoneDirector CLI access TCP de...

Страница 36: ...and secondary ZD IPs An active ZoneDirector behind NAT will be unable to perform upgrades to the standby ZoneDirector on the other side of the NAT device Accessing ZoneDirector s Command Line Interfa...

Страница 37: ...information on using the CLI see the Ruckus Wireless ZoneDirector Command Line Interface Reference Guide available from http support ruckuswireless com Using the ZoneDirector Web Interface The ZoneDir...

Страница 38: ...mmary of the total number of WLANs APs and clients currently connected above the map view The map view itself provides a geographical view of the placement of APs if map coordinates are configured and...

Страница 39: ...ector 1 Go to Administer Registration 2 Enter your contact information on the Registration page and click Apply 3 The information is sent to a CSV file that opens in a spreadsheet program if you have...

Страница 40: ...Figure 14 The Product Registration page Your ZoneDirector is now registered with Ruckus Wireless...

Страница 41: ...ognizable system name for ZoneDirector If needed you can change that name by following these steps 1 Go to Configure System 2 In System Name under Identity delete the text and then type a new name The...

Страница 42: ...ess in your web browser or use the UPnP application to rediscover ZoneDirector IPv6 Configuration ZoneDirector supports IPv6 and dual IPv4 IPv6 operation modes If both IPv4 and IPv6 are used ZoneDirec...

Страница 43: ...HCPv6 vendor specific options Aeroscout RFID tag detection SSL certificate generation UPnP remote access to ZD and L2TP and WISPr in standalone APs are not supported when in IPv6 mode Figure 16 Enabli...

Страница 44: ...ment interface with a different gateway from the gateway configured under Device IP Settings select Default gateway is connected with this interface and enter the gateway IP address in the field provi...

Страница 45: ...l gateway 1 Go to Configure System and locate the Static Route section 2 Click Create New to create a new static route 3 Enter a Name for this access route 4 Enter a Subnet in the format A B C D M whe...

Страница 46: ...by state If the active ZoneDirector fails the standby device becomes active When the original active device recovers it automatically assumes the standby state as it discovers an already active ZoneDi...

Страница 47: ...address Configuring ZoneDirector for Smart Redundancy For management convenience both ZoneDirectors in a Smart Redundancy deployment can be managed via a single shared IP address In this situation thr...

Страница 48: ...empt to discover its peer on the network 9 If discovery is successful the details of the peer device will be displayed to the right 10 If discovery is unsuccessful you will be prompted to retry discov...

Страница 49: ...ensed APs the total number of licenses is displayed in the Smart Redundancy dashboard widget in the License Pool entry When one device is disconnected the remaining active ZD will continue to use the...

Страница 50: ...nse level only Figure 23 If a third ZD connects with a lower license level than the 2nd disconnected ZD the user can choose to use the original license pool for up to 60 days Table 15 Max AP Licenses...

Страница 51: ...DHCP Server section select the Enable DHCP Server check box 3 In Starting IP type the first IP address that the built in DHCP server will allocate to DHCP clients The starting IP address must be on th...

Страница 52: ...ses that have been assigned by the DHCP server sentence A table appears and lists all current DHCP clients with their MAC address IP address and the remaining lease time You can clear DHCP leases on Z...

Страница 53: ...tor s web interface To restrict access to ZoneDirector s web interface 1 Go to Configure System 2 Locate the Management Access Control section and click the Create New link 3 In the Create New menu th...

Страница 54: ...ime 1 Go to Configure System 2 In the System Time features you have the following options Refresh Click this to update the ZoneDirector display a static snapshot from the internal clock Sync Time with...

Страница 55: ...cate the Country Code section and choose your location from the pull down menu 3 Click Apply to save your settings Figure 28 The Country Code settings Channel Optimization If your Country Code is set...

Страница 56: ...P as its downlink you will need to set the Channel Optimization setting to Optimize for Compatibility This is due to the DFS capable AP s ability to use more channels than the non DFS capable APs whic...

Страница 57: ...ing a restricted indoor only channel Changing the System Log Settings ZoneDirector maintains an internal log of current events and alarms This file has a fixed capacity at a certain level ZoneDirector...

Страница 58: ...remote syslog server for APs __ IP Address Enabling this feature allows ZoneDirector to supply client association information to a third party application that can then deploy ACL policies to a firew...

Страница 59: ...e priority level as follows All Include all syslog messages 0 emerg 1 alert 2 crit 3 err 4 warning 5 notice 6 info 7 debug Lower numbers indicate higher priority The syslog server will only receive lo...

Страница 60: ...or All Figure 32 Enable client association logs in syslog for firewall integration The flow of user data from the end point to the firewall will use the following path 1 The user authenticates to an...

Страница 61: ...Add operation add seq 1 sta_ip 192 168 120 16 sta_mac 60 36 dd 19 17 ac zd ap 00 0c 29 11 5a 0b 58 93 96 29 4c 60 sta_ostype Windows7 Vista sta_name 60 36 dd 19 17 ac stamgr_handle_remote_ipc Delete o...

Страница 62: ...name provided by your ISP or mail administrator This might be just the part of your email address before the symbol or it might be your complete email address If you are using a free email service su...

Страница 63: ...rver for 10 seconds If it is unable to connect to the mail server it will stop trying and quit NOTE When the alarm email is first enabled the alarm recipient may receive a flood of alarm notifications...

Страница 64: ...configure ZoneDirector to use an existing Twilio or Clickatell account for SMS delivery The first step is to inform ZoneDirector of your Twilio or Clickatell account information 1 Go to Configure Syst...

Страница 65: ...ZoneDirector supports several external network management systems including Ruckus Wireless SmartCell Insight FlexMaster server SNMPv2 SNMPv3 and Telnet server These options are configured from the C...

Страница 66: ...Enter the SCI login user name used for ZD SCI communications Password Enter the SCI login password used for ZD SCI communications System ID Enter the System ID that you used for the ZD data source on...

Страница 67: ...the Enable management by FlexMaster check box 5 In URL type the FlexMaster DNS host name or IP address of the FlexMaster server 6 In Interval type the time interval in minutes at which ZoneDirector w...

Страница 68: ...registration account setup or authentication ZoneDirector redirects authentication requests to an outside portal If access is granted ZoneDirector provides a unique dynamic PSK The DPSK can be delive...

Страница 69: ...s Both SNMPv2 and SNMPv3 can be enabled at the same time The SNMPv3 framework provides backward compatibility for SNMPv1 and SNMPv2c management applications so that existing management applications ca...

Страница 70: ...ick Apply to save your changes Figure 40 Enabling the SNMPv2 agent If your network uses SNMPv3 To enable SNMPv3 management 1 Go to Configure System Scroll down to the bottom of the page and click the...

Страница 71: ...and client events that indicate possible network issues To enable SNMP trap notifications 1 In the Network Management section of the Configure System page scroll down to the bottom of the page 2 Under...

Страница 72: ...s to the SNMP server that you specified The following table lists the trap notifications that ZoneDirector sends and when they are sent Table 17 Trap notifications Description Trap Name An AP has join...

Страница 73: ...contact with ZoneDirector The AP s MAC address is included in the trap notification ruckusZDEventAPLostTrap An AP s heartbeat has been lost The AP s MAC address is included in the trap notification r...

Страница 74: ...MAC address AP s MAC address and SSID are included ruckusZDEventClientRoamOut A client has roamed in to an AP The client s MAC address AP s MAC address and SSID are included ruckusZDEventClientRoamIn...

Страница 75: ...d state ruckusZDEventSmartRedundancy ActiveDisconnected The standby ZoneDirector has detected its peer and is in standby connected state ruckusZDEventSmartRedundancy StandbyConnected The standby ZoneD...

Страница 76: ...4 Click Apply to save your changes Figure 44 Enabling Telnet server...

Страница 77: ...are very close to each other The 2 4G and 5G radio bands are considered independently If all conditions are met the AP will reduce its power by half The other AP may or may not necessarily reduce its...

Страница 78: ...which scans are run Run a background scan on the 2 4 GHz radio every Select this check box enter the time interval 1 65535 seconds default is 20 that you want to set between each scan Run a backgroun...

Страница 79: ...ity every 15 seconds and changes channel when based on historical data a different channel is likely to offer higher capacity than the current channel Each AP makes channel decisions based on this his...

Страница 80: ...ChannelFly per band If you have 2 4 GHz clients that do not support 802 11h Ruckus recommends disabling ChannelFly for 2 4 GHz but leaving it enabled for the 5 GHz band To configure the self healing...

Страница 81: ...client s signal is so strong that it really belongs on this AP The APs maintain these desired client limits and enforce them once they reach the limits by withholding probe responses and authenticati...

Страница 82: ...e This setting affects select outdoor dual band 802 11n AP also only be available if the Country Code settings are configured to allow use of DFS channels see Setting the Country Code on page 55 AeroS...

Страница 83: ...to the Ekahau Settings section near the bottom of the page 3 Select the Enable Ekahau tag detection check box 4 Enter the Ekahau Controller IP address and Ekahau Controller Port 5 Click the Apply butt...

Страница 84: ...ncrypted tunnel to send them to ZoneDirector Block multicast traffic from network to tunnel Prevents all non well known multicast traffic from propagating on the tunnel Block broadcast traffic from ne...

Страница 85: ...ghbor discovery traffic over the air by replacing broadcast messages with unicast messages for known hosts When these packets are received for an unknown host the Packet Inspection Filter supplements...

Страница 86: ...d To enable Ethernet Port Redundancy 1 Go to Configure Services 2 Locate the Ethernet Port Redundancy section at the bottom of the page 3 Enable the check box and enter the Up Delay Time and Down Dela...

Страница 87: ...ction describes the tasks that you need to perform on ZoneDirector to ensure ZoneDirector can communicate with your AAA server NOTE For specific instructions on AAA server configuration refer to the d...

Страница 88: ...ctive Directory server in one of two ways Single Domain Active Directory Authentication Multi Domain Active Directory Authentication Single Domain Active Directory Authentication To enable Active Dire...

Страница 89: ...ust support TLS1 0 TLS1 1 TLS1 2 NOTE Note that Secure Active Directory requires the import of a root CA for TLS encryption The import option is provided on the Configure Certificate Advanced Options...

Страница 90: ...vell eDirectory Sun JES limited support To configure an LDAP server for user authentication 1 Go to Configure AAA Servers and click Create New under Authentication Accounting Servers The Create New fo...

Страница 91: ...If you want to filter more specific settings see Advanced LDAP Filtering on page 91 The Admin account need not have write privileges but must able to read and search all users in the database Figure 5...

Страница 92: ...udent and enter student in the Group Attributes field Then you can select which WLANs you want this Role to have access to and decide whether this Role should have Guest Pass generation privileges and...

Страница 93: ...port number and Shared Secret of the RADIUS RADIUS Accounting server When an external RADIUS RADIUS Accounting server is used for authentication or accounting user credentials can be entered as a sta...

Страница 94: ...oth a primary and backup RADIUS server an additional option will be available in the Test Authentication Settings To configure a backup RADIUS RADIUS Accounting server 1 Click the check box next to En...

Страница 95: ...r See Using an External AAA Server on page 87 2 Create a user on the RADIUS server using the MAC address of the client as both the user name and password The MAC address format can be configured in on...

Страница 96: ...AC Address Authentication With the 802 1X EAP MAC Address authentication method clients configured with either open or EAP MD5 authentication methods are both supported on the same WLAN The encryption...

Страница 97: ...ss request or accounting request messages The RADIUS server in turn sends an access challenge access accept or access reject message in response to an access request and an accounting response message...

Страница 98: ...the RADIUS access request packet In the case of a state attribute it indicates that an access request packet is a response to the last received access challenge packet by copying the state AVP unmodi...

Страница 99: ...me 7 WISPr Bandwidth Max Up Maximum transmit rate bits second 8 WISPr Bandwidth Max Down Maximum receive rate bits second 25 Class 27 Session timeout 29 Termination action Session timeout event become...

Страница 100: ...80 Message Authenticator WISPr Web Auth Guest RADIUS Accounting attributes The following table lists attributes used in RADIUS accounting messages Table 19 RADIUS attributes used in Accounting Attribu...

Страница 101: ...ot supplicant restart idle timeout 802 1X MAC Auth Sent from RADIUS server in Accept messages 1 User name 25 Class 85 Acct interim interval 27 Session timeout 29 Termination action Session timeout eve...

Страница 102: ...itional attributes supported in WISPr WLANs WISPr vendor specific attributes vendor id 14122 1 WISPr location id 2 WISPr location name WISPr Web Auth Guest Access Configuring Microsoft IAS for PAP Aut...

Страница 103: ...e 59 On the Microsoft IAS page right click the user group and select Properties 103 Ruckus Wireless ZoneDirector Release 10 0 User Guide Configuring Security and Other Services Using an External AAA S...

Страница 104: ...ent tasks Operator Admin Change settings affecting single AP s only Monitoring Admin Monitoring and viewing operation status only TACACS is an extensible AAA protocol that provides customization and f...

Страница 105: ...changes Figure 62 Configuring a TACACS AAA server Once your TACACS server is configured on the AAA Servers page you can select it from the list of servers used to authenticate ZoneDirector administra...

Страница 106: ...the Test Against drop down menu 3 In User Name and Password enter an Active Directory LDAP or RADIUS user name and password 4 Click Test If ZoneDirector was able to connect to the authentication serve...

Страница 107: ...k Create NewAlternatively you can create a Layer 2 MAC ACL from the WLAN creation page while creating a new WLAN or modifying an existing WLAN Configure WLANs Edit Advanced Options Access Control L2 M...

Страница 108: ...efault 7 In Rules click Create New or click Edit to edit an existing rule 8 Define each access policy by configuring a combination of the following Type The access privilege allow or deny that this po...

Страница 109: ...ng WLAN Configure WLANs Edit Advanced Options Access Control Precedence Policy Create New 3 Under Rules click Create New to create a new rule for this policy 4 Select an Attribute VLAN or Rate Limitin...

Страница 110: ...s precedence over an ACL MAC addresses that are in the deny list are blocked at the AP not at ZoneDirector Temporarily Disconnecting Specific Client Devices Follow these steps to temporarily disconnec...

Страница 111: ...these steps to permanently block a client device from WLAN connections 1 Look at the Status column to identify any unauthorized users 2 Click the Block button in the Action column in a specific user r...

Страница 112: ...P addresses that are not part of a per WLAN white list You can create exceptions to client isolation such as allowing access to a local printer for example by creating Client Isolation White Lists To...

Страница 113: ...ess Client Isolation under Options select the level of client isolation you want to enforce Isolate wireless client traffic from other clients on the same AP Enable client isolation on the same Access...

Страница 114: ...limit traffic by application and then apply the policy to WLANs using the WLAN Advanced Options The Application Recognition and Filtering aka Application Recognition and Control or ARC features allow...

Страница 115: ...policy s name on the Applications pie charts tables on the Wireless Clients monitoring page Application identification policies are implemented according to the following priority order 1 IP based us...

Страница 116: ...hence it has the lowest priority as a means of application identification If for example you configure a port based user defined application for port 80 TCP any such matching wireless traffic not iden...

Страница 117: ...h as blocking social media sites The following usage guidelines need to be taken into consideration when defining Application Denial Policies www corporate com This will block access to the host web s...

Страница 118: ...ications or to user defined applications Rate Limiting Rate limiting rules can be applied to any of the system defined or user defined applications Set the maximum uplink and downlink rates 0 25 20 Mb...

Страница 119: ...Type NOTE When using port based rules There is no distinction between the TCP and UDP protocols so care should be taken if wishing to block a specific application port as that will apply to both IP p...

Страница 120: ...the Dashboard To import a floorplan map go to Configure Maps and click Create New Enter a Name for the map and either enter the street Address or GPS coordinates in Latitude and Longitude Next click C...

Страница 121: ...ters or feet Figure 78 Create a floorplan map Click Next On the next screen drag APs from the list on the left onto the map to represent their actual physical locations Figure 79 Drag an AP on to the...

Страница 122: ...ect my wireless network against excessive wireless requests If this capability is activated excessive 802 11 probe request frames and management frames launched by malicious attackers will be discarde...

Страница 123: ...nd other sensitive data Same Network These are rogue access points that are detected by other access points as transmitting traffic on your internal network They are detected by ZoneDirector managed a...

Страница 124: ...A rogue DHCP server is a DHCP server that is not under the control of network administrators and is therefore unauthorized When a rogue DHCP server is introduced to the network it could start assignin...

Страница 125: ...ion on ZoneDirector enabled by default 1 Go to Configure WIPS 2 In the Rogue DHCP Server Detection section select the Enable rogue DHCP server detection check box 3 Click the Apply button that is in t...

Страница 126: ...essages from the DHCP server back to the client The traffic flow is as follows 1 Client sends DHCP discover broadcast 2 AP tunnels this DHCP discover frame to ZoneDirector 3 DHCP Relay Agent sends uni...

Страница 127: ...ant to configure 3 Under Advanced Options when Tunnel Mode is enabled the DHCP Relay option becomes available 4 Under DHCP Relay select Enable DHCP relay agent with __ DHCP server and select the serve...

Страница 128: ...ction the following network configuration requirements must be met The target networks must be segmented into VLANs VLANs must be mapped to different SSIDs The controller must be connected to a VLAN t...

Страница 129: ...ce Apple File Server will have at least one service entry depending on what is enabled mdnsservice name Apple File Sharing id 6 service type _afpovertcp _tcp mdnsservice In heavy use and if using AirP...

Страница 130: ...onjour service from the list Selecting Other allows you to create custom rules for example creating a rule for _googlecast _tcp would allow you to bridge Chromecast services across VLANs From VLAN Sel...

Страница 131: ...col packets from other VLANs Dynamic VLANs are not supported Some AP models are incompatible with this feature due to memory requirements To configure rules for AP site bridging Bonjour services acros...

Страница 132: ...policy To enable Bonjour policy on an AP 1 Go to Configure Access Points 2 Click Edit next to the AP you want to configure 3 In Bonjour Gateway enable the check box and select a Bonjour policy that yo...

Страница 133: ...access to all classroom resources Students SSID VLAN 300 Students have a separate SSID with no authentication they must be able to backup their iPads to the classroom iMac but should not have access...

Страница 134: ...the following 1 Name Type a name for the policy 2 Description Type a description for the policy 3 Fencing Rule Create the policy rule by configuring the following a Click Create The Create New Fencing...

Страница 135: ...onjour Fencing Policy to an AP or AP Group on page 135 Applying a Bonjour Fencing Policy to an AP or AP Group Once you have created a Bonjour Fencing policy you will need to apply the policy to either...

Страница 136: ...oup SPoT Location Services To take advantage of Ruckus Wireless SmartPositioning Technology SPoT location services ZoneDirector must be configured with the Venue information that is displayed in the S...

Страница 137: ...the SPot Admin Portal nto the four fields provided 7 Click OK to save your changes 8 Go to Configure Access Points and in Access Point Groups click Create New or Edit to configure one or more AP group...

Страница 138: ...page Figure 94 Enter the venue information in ZoneDirector s Configure Location Services page For more information on configuration and management of your SPoT Location Services see the SPoT User Guid...

Страница 139: ...eed a WLAN that utilizes WEP encryption for wireless devices that only support WEP key encryption To create special WLANs with different settings for specific purposes For example a VoIP WLAN for voic...

Страница 140: ...encryption WLANs also known as WPA Personal are the most common type of WLAN and should be the default configuration if there are no special requirements for authentication or encryption The 802 1X EA...

Страница 141: ...ew WLAN The individual options are explained in detail in the next section beginning with General Options on page 142 Table 22 Create new WLAN options Description Option Enter WLAN name and descriptio...

Страница 142: ...atically removed If a disallowed ASCII character not within the range 32 126 is included an error message will appear In general the WLAN name is the same as the advertised SSID the name of the wirele...

Страница 143: ...s WLANs on page 143 Social Media Social Media WLANs require the visitor to log in using a social media account before being allowed Internet access See Social Media WLANs on page 144 Autonomous WLANs...

Страница 144: ...and other options using the Facebook WiFi configuration panel For more information see the Facebook Wi Fi Help Center The following caveats and limitations should be considered before deploying a Fac...

Страница 145: ...r Social Media login methods you must enter an Application ID and Application Refer to the documentation for the social media website for which you want to provide social media login to obtain this in...

Страница 146: ...you have selected a Social Media Login type Figure 97 Click here link from within ZD WLAN creation screen Figure 98 Create new project on Google OAuth Console 2 Once the project has been created go t...

Страница 147: ...e project https console developers google com project _ apiui credential 3 The Credentials page appears as shown below Figure 100 Credentials page 4 Click New credentials and select OAuth client ID as...

Страница 148: ...p as shown below NOTE If you have imported a certificate with FQDN to ZoneDirector you should use the real FQDN instead of zd ruckuswireless com For example if the FQDN is mydomain com the Authorized...

Страница 149: ...shown Figure 103 OAuth Client ID and Client Secret 7 Take note of the Client ID and Client Secret You will need to enter these values into the ZoneDirector web interface 8 Continue to Create an OAuth...

Страница 150: ...edIn developer network https www linkedin com developer apps Figure 104 LinkedIn My Applications 2 Click Create application 3 Enter the required application information and click Submit Ruckus Wireles...

Страница 151: ...com user auth jsp NOTE If you have imported a certificate with FQDN to ZoneDirector you should use the real FQDN instead of zd ruckuswireless com For example if the FQDN is mydomain com the Authorized...

Страница 152: ...to launch Microsoft Live development dashboard and create an application https account live com developers applications index 2 Click Create application NOTE If you have not previously created any pro...

Страница 153: ...id redirect callback URL http zd ruckuswireless com user auth jsp NOTE If you have imported a certificate with FQDN to ZoneDirector you should use the real FQDN instead of zd ruckuswireless com For ex...

Страница 154: ...provide you Client ID and Client secret Take note of these values as you will need to enter them into the ZoneDirector web interface later Ruckus Wireless ZoneDirector Release 10 0 User Guide 154 Mana...

Страница 155: ...for example Google OAuth 2 0 4 Input the Client ID and Client Secret 5 Click OK to save your changes Figure 111 Creating an OAuth 2 0 Social Media WLAN on ZoneDirector User Login to Social Media WLAN...

Страница 156: ...will only be displayed once the first time the user logs in unless the user revokes the relationship from the Google account management center 5 Click Accept ZoneDirector immediately sets the user to...

Страница 157: ...is way clients that support the 11r standard including iOS devices can achieve significantly faster roaming between APs Encryption Options Encryption choices include WPA2 WPA Mixed WEP 64 WEP 128 and...

Страница 158: ...6 characters in length Alternatively click Generate to have ZoneDirector automatically generate a WEP key Passphrase WPA PSK methods only Click in this field and type the text of the passphrase used f...

Страница 159: ...eate New button to create a new AAA server object from within the WLAN configuration screen Figure 114 Click Create New to create a new AAA server A popup window appears in which you can configure an...

Страница 160: ...ed Keys on page 222 Priority Set the priority of this WLAN to Low if you would prefer that other WLAN traffic takes priority For example if you want to prioritize internal traffic over guest WLAN traf...

Страница 161: ...ng on the 2 4 GHz radio and 10 calls on the 5 GHz radio seven active and three reserved for roaming Enable this feature if you want this WLAN to serve as a VoIP WLAN to support Spectralink phones You...

Страница 162: ...E When tunnel mode is enabled on a WLAN multicast video packets are blocked on that WLAN Multicast voice packets however are allowed Proxy ARP When enabled on a WLAN the AP provides proxy service for...

Страница 163: ...P name SSID and MAC address into the DHCP request packets before forwarding them to the DHCP server The DHCP server can then use this information to allocate an IP address to the client from a particu...

Страница 164: ...ple NOTE This feature will not work properly if ZoneDirector does not have the correct time To ensure ZoneDirector always maintains the correct time configure an NTP server and point ZoneDirector to t...

Страница 165: ...anning Configure Services and Report Rogue Devices Configure WIPS must be enabled for 802 11k radio resource management to work properly If these options are not enabled the AP will send neighbor repo...

Страница 166: ...it its use to a select group of users e g Marketing Engineering you can do so by following these steps 1 Make a list of the group of users 2 Go to Configure WLANs 3 When the WLANs page appears the int...

Страница 167: ...ir first wireless network To review the security configuration and the available options customize the existing WLAN setup or replace it with a totally different configuration review the following pro...

Страница 168: ...ion for modern wireless clients Open Auth WPA Mixed encryption Allows both WPA and WPA2 devices on the same WLAN Use this option only if older WPA devices cannot be upgraded to WPA2 802 1X EAP Auth An...

Страница 169: ...equires the selection of Local Database as the authentication server If you are re configuring your internal WLAN to use 802 1X EAP authentication you normally have to generate and install certificate...

Страница 170: ...lient use use the wireless settings generated by ZoneDirector Working with WLAN Groups WLAN groups are used to specify which APs provide which WLAN services If your wireless network covers a large phy...

Страница 171: ...AN Groups section click Create New The Create New form appears 3 In Name type a descriptive name that you want to assign to this WLAN group For example if this WLAN will contain WLANs that are designa...

Страница 172: ...u can set up a ZoneDirector wireless LAN as an extension of a VLAN network environment by tagging wireless client traffic to specific VLANs Qualifications include the following Verifying that the VLAN...

Страница 173: ...above the switch ports would need to be configured as follows Corp VLAN 20 Guest VLAN 30 Management VLAN optional Some common VLAN scenarios include WLANs assigned to specific VLANs ZD and APs with n...

Страница 174: ...kes automatic AP provisioning more complicated and should not be undertaken without a thorough understanding of your own network configuration as well as the ZoneFlex wireless deployment Configuring a...

Страница 175: ...n be used to automatically and dynamically assign wireless clients to different VLANs based on RADIUS attributes Dynamic VLAN Requirements A RADIUS server must have already been added to ZoneDirector...

Страница 176: ...ules ZoneDirector prioritizes and applies these three features in the following order Dynamic VLAN top priority VLAN Tunnel Mode How It Works User associates with a WLAN on which Dynamic VLAN has been...

Страница 177: ...pe 802 6 65 Tunnel Medium Type VLAN ID 81 Tunnel Private Group Id Here is an example of the required attributes for three users as defined on Free RADIUS 0018ded90ef3 User Name user1 Tunnel Type VLAN...

Страница 178: ...clients into multiple VLANs without the need for a RADIUS server To create a VLAN pool 1 Go to Configure WLANs and locate the VLAN Pooling section 2 Click Create New to create a new VLAN pool 3 Enter...

Страница 179: ...ent features In case of conflict the priority is as follows 1 Role Based Access Control RBAC 2 AAA Server 3 Device Policy 4 VLAN Pooling For additional information on configuring VLANs for Access Poin...

Страница 180: ...AN s for which you want to enable Hotspot service ZoneDirector supports up to 32 WISPr Hotspot service entries each of which can be assigned to multiple WLANs To create a Hotspot service 1 Go to Confi...

Страница 181: ...AA Servers page If a RADIUS server is selected an additional option appears Enable MAC authentication bypass no redirection Enabling this option allows users with registered MAC addresses to be transp...

Страница 182: ...ation will be blocked for 300 seconds If the same user unsuccessfully attempts to authenticate 30 times within the same time period the user will be blocked for 300 seconds 11 Click OK to save the hot...

Страница 183: ...reviously 5 Click OK to save your changes Figure 127 Assigning a Hotspot service to a Hotspot WLAN Common WISPr Attribute Abbreviations Table below lists common WISPr attributes and their definitions...

Страница 184: ...ff reason NOTE For more information on Captive Portal redirection for Hotspot Web Auth and Guest Access WLANs see Captive Portal Redirect on Initial Browser HTTPS Request on page 236 Creating a Hotspo...

Страница 185: ...a new WLAN or modifying an existing WLAN Configure WLANs Edit Type Hotspot 2 0 Hotspot 2 0 Operator Create New Service Provider Profiles Create New 3 Configure the settings in to create a Service Pro...

Страница 186: ...ternatively you can create a Hotspot 2 0 Operator Profile from the WLAN creation page while creating a new WLAN or modifying an existing WLAN Configure WLANs Edit Type Hotspot 2 0 Hotspot 2 0 Operator...

Страница 187: ...iles Homogenous extended service set identifier The HESSID is a 6 octet MAC address that identifies the homogeneous ESS The HESSID value must be identical to one of the BSSIDs in the homogeneous ESS H...

Страница 188: ...t 2 0 for WLAN type 4 In Hotspot 2 0 Operator select the name of the Operator profile that you created previously or click Create New to create a new HS2 0 Operator profile 5 In Authentication Server...

Страница 189: ...benefit However for other guest or public access designs the lack of ability to control the entire web authentication process is not desirable ZoneDirector provides an option to work around the Apple...

Страница 190: ...ats JPG GIF or PNG The recommended image size is 138 x 40 pixels and the maximum file size is 20KB To customize the guest login page 1 Go to Configure WLANs 2 Scroll down to the Web Portal Logo sectio...

Страница 191: ...Figure 130 Customizing the Web Portal logo 191 Ruckus Wireless ZoneDirector Release 10 0 User Guide Managing a Wireless Local Area Network Customizing the Web Portal Logo...

Страница 192: ...Ruckus Wireless ZoneDirector Release 10 0 User Guide 192 Managing a Wireless Local Area Network Customizing the Web Portal Logo...

Страница 193: ...ic AP approval is enabled by default Deselect this option to manually approve each AP join request Connecting the APs to the Network 1 Place the new APs in the appropriate locations 2 Write down the M...

Страница 194: ...e Action column click Allow After the status is changed from Disconnected to Connected the new AP is activated and ready for use Figure 132 The Monitor Access Points page Working with Access Point Gro...

Страница 195: ...r of AP groups by ZoneDirector model Max AP Groups ZoneDirector Model 128 ZoneDirector 1200 256 ZoneDirector 3000 512 ZoneDirector 5000 Modifying the System Default AP Group If you want to apply globa...

Страница 196: ...fault Enable this option if this AP radio will be used as a voice WLAN for Polycom Spectralink phones This option changes several AP radio settings such as DTIM BSS minrate and RTS CTS to improve voic...

Страница 197: ...Configure Access Points 2 In the Access Point Groups section click the Create New button 3 Enter a Name and optionally a Description for the new AP group 4 Modify any of the settings that you want to...

Страница 198: ...AP group membership Modifying Model Specific Controls The following settings can be applied to all APs of a particular model that are members of the AP group Max Clients Set the maximum number of clie...

Страница 199: ...tion to them External Antenna On APs with external antenna options select Override System Default and Enable for the external antenna to be enabled Once enabled enter a gain value in the range of 0 to...

Страница 200: ...guring AP Ethernet Ports You can use AP groups to control Ethernet ports on all APs of a certain model Then if you want to override the port settings for a specific AP you can do so as explained in th...

Страница 201: ...82 on page 202 8 For any enabled ports you can choose whether the port will be used as a Trunk Port an Access Port or a General Port The following restrictions apply All APs must be configured with a...

Страница 202: ...a request that is being forwarded to a DHCP server When this option is enabled for an Ethernet port or a WLAN SSID additional information will be encapsulated in DHCP option 82 and inserted into DHCP...

Страница 203: ...d to send the AP s MAC address or the client MAC plus ESSID or AP MAC plus ESSID Sub option 150 can be enabled to encapsulate the VLAN ID Sub option 151 can be enabled to encapsulate either the ESSID...

Страница 204: ...ffic is sent untagged If configured as a Trunk Port all untagged ingress traffic is the configured Untag VLAN by default 1 and all VLAN tagged traffic on VLANs 1 4094 will be seen when present on the...

Страница 205: ...onfigured Outgoing Traffic to the client Incoming Traffic from the client VLAN Settings All outgoing traffic on the port is sent untagged All incoming traffic is native VLAN VLAN 1 Access Port Untag V...

Страница 206: ...X authenticator it can be further defined as either Port based or MAC based MAC based authenticator mode is only supported if the port is an Access Port Table 28 Authenticator support vs Port Type Gen...

Страница 207: ...rnet Port as Supplicant You can also configure a port to act as a supplicant and force it to authenticate itself to an upstream authenticator port Until the AP has successfully done so the state of th...

Страница 208: ...ewing AP Ethernet Port Status You can view the status of an AP s port configuration by going to Monitor Access Points and clicking on the MAC address of the AP Ruckus Wireless ZoneDirector Release 10...

Страница 209: ...do this select the Limited ZD Discovery check box and then enter the IP addresses or FQDN of the primary and secondary ZoneDirector units to which you want APs to join When Limited ZD Discovery is ena...

Страница 210: ...set the Management VLAN ID that ZoneDirector needs to use on the Configure System page Otherwise ZoneDirector and the APs will be unable to communicate via the Management VLAN Load Balancing Balances...

Страница 211: ...as been restored 6 Click Apply to save your changes 7 Once all the APs WLANs WLAN groups and AP groups have been deployed on the primary ZoneDirector s back up the AP configurations for each primary c...

Страница 212: ...rt a range of 3G 4G LTE and WiMAX wireless USB devices for non Wi Fi wireless connection to a service provider s network The ZoneDirector web interface allows administrators to provision SmartPoint AP...

Страница 213: ...n process and establishes an LWAPP tunnel with ZoneDirector 7 ZoneDirector pushes the 802 11 wireless configuration to the AP 8 The AP implements the 802 11 wireless configuration and is ready to prov...

Страница 214: ...e 133 4 By clicking Override Group Config and changing the default values the following parameters can be configured independently for each AP radio Channel Range Settings Deselect any channels that y...

Страница 215: ...settings netmask gateway and DNS servers If you want to assign a static IP address to the AP click the Manual option next to Device IP Settings and then set the values for the following options IP Add...

Страница 216: ...Click OK to save your settings Figure 146 Ethernet port configuration Override Group Config Configuring Hotspot 2 0 Venue Settings for an AP If this Access Point will be serving a Hotspot 2 0 hotspot...

Страница 217: ...sessing AP performance in the context of network performance you can reset channels and adjust transmission power or adjust the priority of certain WLANs over others as needed Assessing Current Perfor...

Страница 218: ...lly configure this AP s Mesh role Root AP Mesh AP or Disable Default is Auto Uplink Selection Use this setting to manually define which APs can serve as an uplink for this Mesh AP 5 Click OK The adjus...

Страница 219: ...ero IT activation do the following 1 Go to Configure WLANs 2 Click Edit on the WLAN where you want to enable Zero IT Activation 3 Enable WPA2 not WPA Mixed selecting WPA Mixed will disable the Zero IT...

Страница 220: ...the user simply connects to the ZoneDirector activation URL and runs the self activation script For clients running Mac OS X the user must be logged in as an administrator for Zero IT activation to w...

Страница 221: ...e wireless settings by clicking the link at the bottom of the page see Provisioning Clients that Do Not Support Zero IT on page 222 Figure 150 Corporate WLAN configuration You have completed Zero IT c...

Страница 222: ...nfiguration page displays the settings needed for manual configuration Figure 151 Manual configuration information Working with Dynamic Pre Shared Keys Dynamic PSK is a unique Ruckus Wireless feature...

Страница 223: ...ot enable it during the initial ZoneDirector Setup Wizard process To enable DPSK for a WLAN 1 Go to Configure WLANs 2 Either Edit an existing WLAN or Create New to open the WLAN configuration form 3 U...

Страница 224: ...ynamic Pre Shared Keys once their credentials are verified against either the internal database or an external AAA server Figure 152 Enabling Dynamic PSK for a WLAN Setting Dynamic Pre Shared Key Expi...

Страница 225: ...Scroll down to the Dynamic PSK Batch Generation section 3 In Target WLAN select one of the existing WLANs with which the users will be allowed to associate Only WLANs with DPSK enabled will be listed...

Страница 226: ...d them the following information User Name The user name generated via batch DPSK generation by default Batch_DPSK_User_ WLAN Name This is the WLAN with which they are authorized to access and use the...

Страница 227: ...ng columns User Name Required Type the name of the user one name per row MAC Address Optional If you know the MAC address of the device that the user will be using type it here Figure 154 Editing the...

Страница 228: ...base To use the internal user database as the default authentication source and to create new user accounts in the database 1 Go to Configure Users 2 In the Internal User Database table click Create N...

Страница 229: ...ose the appropriate role for this user For more information on roles and their application see Creating New User Roles on page 230 5 Click OK to save your settings Be sure to communicate the user name...

Страница 230: ...o log in with non standard client devices or to grant permission to generate guest passes You can then edit the default role to disable the guest pass generation option To create a new user Role 1 Go...

Страница 231: ...ccess Control Policy Enforce an access control policy on members of this role See Role Based Access Control Policy on page 231 5 When you finish click OK to save your settings This role is ready for a...

Страница 232: ...RBAC Policy Options The following control policies can be applied to a role OS type Limit access based on operating system device type VLAN Assign a VLAN ID to this role Rate Limiting Limit per statio...

Страница 233: ...lowing these steps 1 Go to Monitor Generated PSK Certs The Generated PSK Certs page appears 2 Select the check boxes for the PSKs and Certificates that you want to delete 3 Click Delete to delete the...

Страница 234: ...nting If you select this option you also need to enter the IP address of the RADIUS Accounting server its port number default is 1813 and its shared secret 4 Additional options appear depending on whi...

Страница 235: ...onnect to the Login page and enter the required login information To activate web authentication 1 Go to Configure WLANs The WLAN page appears 2 Look for the WLAN that you want to edit and then click...

Страница 236: ...re when browsing secure sites and ensure their authenticity However there are two options to help mitigate these warnings 1 Completely disable the redirect on initial browser HTTPS request feature ref...

Страница 237: ...t Access Service which defines the behavior of the guest WLAN interface To create a Guest Access Service 1 Go to Configure Guest Access 2 Click Create New to configure a guest access service NOTE Alte...

Страница 238: ...ior to forwarding them to their destination When guest users land on this page they are shown the expiration time for their guest pass 8 Customize any of the following optional configuration settings...

Страница 239: ...icate with ZoneDirector until the specified expiration time An additional parameter A Guest Pass will expire in X days can be configured to specify when a guest pass will expire when unused The defaul...

Страница 240: ...lf Service Guest WLAN The simplest way to deploy a self service guest WLAN is to enable the self service option and do not change any of the default settings When a self service guest WLAN is deployed...

Страница 241: ...f Use page appears if enabled Click Accept and Continue Figure 167 Terms of Use 7 The Authenticated page appears Your guest pass is now activated and you can begin using the wireless network Click Con...

Страница 242: ...via Email on page 267 and Delivering Guest Passes via SMS on page 267 for more information Configure the following options if Sponsor Approval is enabled Sponsor number Set how many sponsors the user...

Страница 243: ...When a user connects to a guest WLAN with Sponsor Approval enabled the option to Request password appears Figure 170 Click Request Password to request a guest pass after sponsor approval To request a...

Страница 244: ...open the Sponsor Approver Authentication page Figure 172 Sponsor approval email 5 On the Sponsor Approver Authentication page enter a valid User Name and Password and click Log in to continue NOTE Thi...

Страница 245: ...wish to approve set the Duration for each and click Approve to approve them Figure 174 Guest Pass Approval 7 Approving a guest pass triggers delivery of an email and or SMS message containing the gue...

Страница 246: ...which the guest user is connected If you want to create additional rules that allow or restrict guest users from specific subnets use the Restricted Subnet Access section You can create up to 22 subne...

Страница 247: ...Repeat Steps 4 to 9 to create up to 22 subnet access rules Figure 177 The Restricted Subnet Access options Creating a Guest WLAN Once you have created a guest access service create a WLAN of the type...

Страница 248: ...the options to enable for this WLAN For more information on WLAN advanced options see Advanced Options on page 160 Optionally enable a Grace Period disabled by default and enter a value in minutes to...

Страница 249: ...Show Zero IT Device Registration button only 5 If Guest Pass is enabled configure Guest Pass options as described in Working with Guest Passes 6 Click Apply Figure 179 Enable Onboarding Portal When a...

Страница 250: ...st Access welcome and terms of use screens If the user clicks the Register Device button the web page will be redirected to the WLAN Connection Activation page from which the user can enter user name...

Страница 251: ...are temporary privileges granted to guests to access your wireless LANs ZoneDirector provides many options for customizing guest passes controlling who is allowed to issue guest passes and controlling...

Страница 252: ...000 concurrently connected clients When the maximum number of users that ZoneDirector supports has been reached additional clients attempting to connect will be refused Generating a Guest Pass from th...

Страница 253: ...vanced Options and configure the following Session Timeout Enable this check box and select a time increment after which guests will be required to log in again If this feature is disabled connected u...

Страница 254: ...rector admin privileges you can create a new user Role for the task and optionally you can also edit the Default role to not have guest pass generation privileges Users with the new role will then be...

Страница 255: ...Generation Privileges on page 255 and create a new role with guest pass generation enabled as described in Creating a Guest Pass Generation User Role on page 256 Controlling Guest Pass Generation Priv...

Страница 256: ...onnect to all WLANs or 2 limit this role s users to specific WLANs and then pick the WLANs they can connect to NOTE When creating a guest pass generator Role you must ensure that this Role is given ac...

Страница 257: ...to the appropriate end user Generating and Delivering a Single Guest Pass You can provide the following instructions to users with guest pass generation privileges A single guest pass can be used for...

Страница 258: ...User Name type your user name 4 In Password type your password 5 Click Log In The Guest Information page appears On this page you need to provide information about the guest user to enable ZoneDirecto...

Страница 259: ...s key must be unique and is distributed on all guest WLANs Remarks optional Type any notes or comments For example if the guest user is a visitor from a partner organization you could type the name of...

Страница 260: ...elect Default 13 Click Print Instructions A new browser page appears and displays the guest pass instructions At the same time the Print dialog box appears 14 Select the printer that you want to use a...

Страница 261: ...261 Ruckus Wireless ZoneDirector Release 10 0 User Guide Managing Guest Access Working with Guest Passes...

Страница 262: ...oneDirector to generate the guest passes 6 On the Guest Information page fill in the following options Creation Type Select Multiple Valid for Specify the time period during which the guest passes wil...

Страница 263: ...ass instructions that you want to print out If you did not create custom guest pass printouts select Default 9 Print the instructions for a single guest pass or print all of them To print instructions...

Страница 264: ...st Access page and then complete steps 6 to 10 in Generating and Printing Multiple Guest Passes at Once on page 262 to upload the guest pass profile and generate multiple guest passes Monitoring Gener...

Страница 265: ...Go to Configure Guest Access 2 Scroll down to the Guest Pass Printout Customization section 3 Click the click here link under the Guest Pass Printout Customization section title to download the sampl...

Страница 266: ...at are used in the guest pass printout Make sure that they are not accidentally deleted when you customize the guest pass printout Table 30 Tokens that you can use in the guest pass printout Desriptio...

Страница 267: ...t pass code use the following procedure 1 On the Configure Guest Access page locate the Customize the Email Content section 2 Customize the message in the text box and click Apply to save your changes...

Страница 268: ...Customize the message in the text box and click Apply to save your changes Figure 195 Customize the SMS content NOTE For more information on Captive Portal redirection for Hotspot Web Auth and Guest A...

Страница 269: ...ard for a map view of active APs Click the MAC address link of any AP record to see more details 2 Go to Monitor Access Points and review the usage and coverage of your APs Click the MAC address link...

Страница 270: ...n The ZoneFlex model number Model Displays the current status of the AP from ZoneDirector s perspective Approval Pending Connected Disconnected Root AP Mesh AP eMesh AP Number of hops Status Displays...

Страница 271: ...icking the Edit Columns button Additionally you can export the content of this table using the Export to CSV on page 271 button Figure 197 Click Edit Columns to customize the Currently Managed APs tab...

Страница 272: ...he search text will be exported Figure 198 Saving a managed AP list as a CSV file Currently Managed AP Groups Click the icon to expand the AP group to display all members of the group Ruckus Wireless...

Страница 273: ...e specific AP Table 32 AP Information details Description Heading Displays general information on the AP including software version IP address and model number uptime clients and mesh status General I...

Страница 274: ...urves show the actual throughput of a particular client or the current mix of clients These curves are influenced by the user session and they vary as a function of gaps in browsing activity and inter...

Страница 275: ...ng the RF environment RF Info Go to the Configure Access Points page and edit the configuration settings for this AP Configure Launch the SpeedFlex performance test tool to measure uplink downlink spe...

Страница 276: ...new controller either on premises or in the cloud Once the Migrate button is clicked the following two actions will be taken 1 The AP s SmartZone discovery process called wsgclient will be started 2...

Страница 277: ...e may or may not have an impact on performance RF Pollution is a measure of noise or other interference that is in fact impacting performance How do customers use this new concept to understand and ma...

Страница 278: ...tribution format The CDF plot is color coded based upon the frequency with which each point is observed during consecutive spectral sweeps of the entire 2 4 5Ghz frequency band Frequently occurring po...

Страница 279: ...several calculations to determine which APs are in proximity to one another This information can be useful in planning or redesigning your Smart Mesh topology or in troubleshooting link performance is...

Страница 280: ...status in this section Temperature and orientation sensors are available on most Ruckus Wireless outdoor APs Orientation Desktop Horizontal Mount Ceiling Horizontal Mount Wall Vertical Mount Temperatu...

Страница 281: ...and testing connectivity using Ping and Traceroute using the Action icons see Active Client Action Icons on page 282 The Wireless Clients monitoring page also includes the following details on active...

Страница 282: ...speeds to from this client See MeasuringWirelessNetworkThroughputwithSpeedFlexonpage339 SpeedFlex Troubleshoot connectivity issues using Ping and Traceroute See Using the Ping and Traceroute Tools on...

Страница 283: ...ient activity Click the Show Details button to display detailed application or port usage percentages 283 Ruckus Wireless ZoneDirector Release 10 0 User Guide Monitoring Your Wireless Network Reviewin...

Страница 284: ...ions pie chart can also be used to discover which clients are using the most used applications When you mouse over a section of the pie chart a table is displayed to the right providing a list of the...

Страница 285: ...information is displayed To view detailed information about a specific client 1 Go to Monitor Wireless Clients 2 Click the link for the MAC address of the client you want to monitor The page refreshe...

Страница 286: ...ring Client Performance on page 286 General Displays a client specific subset of the events in the All Events Activities table Events Figure 214 Viewing individual client information and performance s...

Страница 287: ...ransmitting to that client It is measured in bits s and takes into account the PHY rate error rate and all contention due to 802 11 and non 802 11 transmitters Because it takes into account every sour...

Страница 288: ...cent connection and authentication events related to wired clients only Monitoring AAA Server Statistics To monitor AAA server RADIUS statistics go to Monitor AAA Servers Reviewing Current Alarms If a...

Страница 289: ...ies table 3 The first 15 entries are displayed by default Click Show More to expand the display 4 Click Clear All to delete all entries in the table NOTE AP events display the first 17 characters of a...

Страница 290: ...n Services NOTE For information on configuration and administration of Ruckus SmartPositioning Technology SPoT service please refer to the SPoT User Guide available from the Ruckus support site https...

Страница 291: ...sh page Real Time Monitoring The Real Time Monitoring tool provides a convenient at a glance overview of performance statistics such as CPU and memory utilization number of APs and clients on the netw...

Страница 292: ...ting Rogue Access Points Rogue unauthorized APs pose problems for a wireless network in terms of airtime contention as well as security Usually a rogue AP appears in the following way an employee obta...

Страница 293: ...the user 4 To mark an AP as malicious click Mark as Malicious This AP will now be blocked and listed in the User Blocked Rogue Devices table The malicious rogue AP protection mechanisms enabled from...

Страница 294: ...n physically locating rogue devices click the plus sign icon next to a detected rogue AP This expands a list to display which ZoneFlex APs have detected this rogue sorted according to signal strength...

Страница 295: ...Monitoring System Ethernet Port Status To view the status of ZoneDirector s Ethernet ports go to Monitor System Info The table displays the MAC address Interface ID physical link status link speed and...

Страница 296: ...Ruckus Wireless ZoneDirector Release 10 0 User Guide 296 Monitoring Your Wireless Network Monitoring System Information...

Страница 297: ...imilated into the mesh network In the Ruckus Wireless Smart Mesh network all traffic going through the mesh links is encrypted A passphrase is shared between mesh nodes to securely pass traffic When d...

Страница 298: ...acket takes from one Mesh AP to the Root AP For example if the Root AP is the uplink of Mesh AP 1 then Mesh AP 1 is one hop away from the Root AP In the same scenario if Mesh AP 1 is the uplink of Mes...

Страница 299: ...bridge topology In this topology ZoneDirector and the upstream router are on the primary wired LAN segment and another isolated wired segment exists that needs to be bridged to the primary LAN segmen...

Страница 300: ...h AP to for example bridge a wired LAN segment inside a building to a wireless mesh outdoors In designing a mesh network connecting an eMAP to a Mesh AP extends the Smart Mesh network without expendin...

Страница 301: ...ecide on the number of APs that you will deploy including the number of Root APs and Mesh APs and then create a simple sketch of where you will deploy each Root AP and Mesh AP Remember that Root APs n...

Страница 302: ...as described in Managing Access Points Individually 5 In Mesh Name ESSID type a name for the mesh network Alternatively do nothing to accept the default mesh name that ZoneDirector has generated 6 In...

Страница 303: ...esh related settings to take effect To provision and deploy a mesh node 1 Using one of the AP s Ethernet ports connect it to the same wired network to which ZoneDirector is connected and then power it...

Страница 304: ...cations on the network you can check the Monitor Mesh page to verify that mesh associations have been established and mesh trees formed 1 Go to Monitor Mesh 2 Check if all the mesh nodes that you have...

Страница 305: ...n to checking the mesh status of ZoneFlex APs from the ZoneDirector web interface you can also check the LEDs on the APs The LED behaviors that indicate the AP s mesh status vary depending whether the...

Страница 306: ...st one mesh downlink exists and At least one client is associated with the AP Fast blinking green At least one mesh downlink exists and No client is associated with the AP Slow blinking green Signal A...

Страница 307: ...t blinking green This is a Mesh AP that is currently searching for a Root AP or This AP is currently searching for ZoneDirector Slow blinking green Indoor Dual Band APs On dual band ZoneFlex indoor AP...

Страница 308: ...e flash every two seconds Mesh network is enabled Not connected to an uplink AP searching for a mesh uplink Off AIR LED Using Action Icons to Configure and Troubleshoot APs in a Mesh The following act...

Страница 309: ...route Troubleshoot Initiate a reboot of this AP Restart Recover an isolated Mesh AP Recover Allow this AP to be managed by ZoneDirector This icon will only appear if you have disabled automatic approv...

Страница 310: ...Director via Ethernet and on the same LAN segment should be configured as Root APs Mis configuring a Mesh AP or an eMAP as a Root AP can cause the AP to become isolated or in the case of eMAP can resu...

Страница 311: ...the Monitor Access Points page and provides possible reasons for the isolation and the recommended steps for resolving the issue Possible Reason Status You have set uplink selection to Manual but none...

Страница 312: ...type near this AP No APs with matching radio type Recovering an Isolated Mesh AP When a Mesh AP becomes isolated it begins broadcasting a recovery SSID named island last 6 digits of AP s MAC address...

Страница 313: ...neDirector 3 You can now access the AP s web interface by entering the AP s recovery IP address 169 254 1 1 in the browser NOTE Note that because the AP is still in ZoneDirector managed state you cann...

Страница 314: ...If a management VLAN is used for ZoneDirector AP management traffic enter the following command set ipaddr wan vlan vlan ID 8 Enter the command reboot to restart the AP with the new configuration cha...

Страница 315: ...name should be changed only if necessary NOTE If authentication with an external server is enabled and the Fallback to admin name password if failed check box is disabled you will be unable to edit th...

Страница 316: ...figuration only Monitoring Admin Allows monitoring operations only This section provides basic instructions for setting up ZoneDirector to authenticate additional administrator accounts with an extern...

Страница 317: ...eDirector Administration check box administrators that are assigned this role will be unable to log into ZoneDirector even if all other settings are configured correctly 4 Test your authentication set...

Страница 318: ...e new backup files at that time too Backing Up a Network Configuration To back up your ZoneDirector configuration to a backup file 1 Go to Administer Backup 2 Under the Backup Configuration sections c...

Страница 319: ...e device to use all the settings configured in the backup file including the IP address wireless settings access control lists AP and WLAN group configurations etc NOTE If you use the Restore everythi...

Страница 320: ...s complete ZoneDirector automatically restarts and your wireless network will be ready for use again Figure 232 Select the restore level for restoring from a backup file Restoring AP Configuration Set...

Страница 321: ...rt this backup file and additional backup file s Then click Import When the import is complete you will be prompted to import AP configurations from additional backup files 4 When finished click Impor...

Страница 322: ...ctor Quick Start Guide QSG Before restoring ZoneDirector to factory default settings you should open and print out the QSG pages You can follow those instructions to set up ZoneDirector after restorin...

Страница 323: ...k upgrade of both ZoneDirector and APs by following the steps detailed below NOTE Upgrading ZoneDirector and the APs will temporarily disconnect them and any associated clients from the network To min...

Страница 324: ...mically support new AP models without requiring a ZoneDirector code change or a full system image upgrade The steps required for importing an AP firmware patch are similar to the steps in Upgrading Zo...

Страница 325: ...st followed by the active unit If you do this some configuration options may get lost during the upgrade process Be sure to begin the upgrade process from either the active ZoneDirector s web interfac...

Страница 326: ...he required requester information Submit the CSR to a public CA for signing Receive a signed certificate from the CA Import the signed certificate into ZoneDirector Generating a Certificate Signing Re...

Страница 327: ...administrator interface standard captive portal and guest access captive portal Subject Alternative Name Optional Select either IP or DNS from the menu and enter either alternative IP addresses or alt...

Страница 328: ...ertificate and then paste it into a text file 8 Save the file You may now import the signed certificate into ZoneDirector Importing an SSL Certificate After you receive the signed certificate from the...

Страница 329: ...wse button and select the file containing the intermediate certificate PEM format to upload it If there are no additional intermediate certificates click the Import button to install the uploaded cert...

Страница 330: ...ing it for disaster recovery or for use on another ZoneDirector If your ZoneDirector is replaced due to an RMA you will need to restore the private key if you have installed a public certificate Ensur...

Страница 331: ...on with each trusted CA separated by a string of number symbols Options include Add a new trusted CA Import a single CA file Cover all trusted CA Use the new trusted CA file to cover all existing trus...

Страница 332: ...o the following URL https certrenewal ruckuswireless com certificate_renewal_requests new You will need to login to the Ruckus Support portal to continue 5 Once logged in you will be redirected to the...

Страница 333: ...23397 res 10 On the SSL Certificate Advanced Options click Choose File to import the new certificate package res file The file is uploaded to ZoneDirector 11 Click Import to import the new certificate...

Страница 334: ...ensure that your DNS server is configured to resolve that name to the IP address of ZoneDirector Wildcard Certificates In Smart Redundancy With Captive Portals In order to prevent redirect loops when...

Страница 335: ...nding on the number of Ruckus Wireless APs you need to manage with your ZoneDirector you may need to upgrade your license as your network expands Contact your authorized Ruckus Wireless reseller to pu...

Страница 336: ...eller to purchase additional support service After you have purchased a support contract you can download the entitlement file and automatically import into your ZoneDirector or manually download the...

Страница 337: ...system s qualifications Option 1 If the client is running a supported operating system check the wireless network adapter to verify the implementation of WPA Option 2 Upgrade to Windows 7 and if neede...

Страница 338: ...ed to guide the user through a reset of their WLAN configuration This requires deleting the user record then creating a new user record after which the user must repeat the Zero IT Activation process...

Страница 339: ...hroughput For instructions on how to run SpeedFlex from a wireless client for users refer to Allowing Users to Measure Their Own Wireless Throughput NOTE SpeedFlex is unable to measure the throughput...

Страница 340: ...mance test can continue Click the OK button on the message download the appropriate SpeedFlex version Windows Mac or Android from http ZoneDirector IP Address perf and email it to the user or instruct...

Страница 341: ...Figure 248 The SpeedFlex interface 341 Ruckus Wireless ZoneDirector Release 10 0 User Guide Troubleshooting Measuring Wireless Network Throughput with SpeedFlex...

Страница 342: ...peedFlex in a Multi Hop Smart Mesh Network SpeedFlex can also be used to measure multi hop throughput between APs and ZoneDirector in a mesh tree For example if you have a mesh tree that is three hops...

Страница 343: ...SpeedFlex icon changes to an icon with a green check mark and the Multi Hops SpeedFlex button appears 3 Click Multi Hops SpeedFlex The SpeedFlex utility launches in a new browser window 4 Select Uplin...

Страница 344: ...your browser 3 Click the Start button The following message appears Your computer does not have SpeedFlex running Click the OK button download the SpeedFlex application for your operating system and...

Страница 345: ...c RF scanning feature that is built into the Ruckus ZoneDirector That automatic scan assesses one radio frequency at a time every 20 seconds by default To manually start a complete radio frequency sca...

Страница 346: ...om anywhere in the UI that you see the icon For example from the Monitor Access Points page click the icon next to an AP to launch the troubleshooting window Figure 254 Launching the Ping Traceroute T...

Страница 347: ...o a convenient location on your local computer After the file is saved you can email it to the technical support representative NOTE The debug or diagnostics file is encrypted and only Ruckus Wireless...

Страница 348: ...kets and either save them to a local file or stream them to a packet inspection program such as Wireshark for later analysis Local Capture Streaming Mode NOTE Performing packet capture on the 5 GHz ra...

Страница 349: ...re streaming Both modes allow compound filter expressions conforming to the pcap filter syntax which is described at filter Local Capture To capture packets to a local file for external analysis 1 Cho...

Страница 350: ...ed on Ruckus APs include some information that is not available when capturing from other Wi Fi devices This additional information is stored in the Per Packet Information PPI header that precedes the...

Страница 351: ...ext spatial streams 28 29 Ness ext spatial streams STBC 0 not applied 1 yes 27 STBC 0 not applied 1 yes LDPC 0 not applied 1 yes 26 LDPC 0 not applied 1 yes LDPC indicator valid 25 LDPC indicator val...

Страница 352: ...nd a Delete button Click the Download button to download the core dump log file for delivery to Ruckus Support to assist with troubleshooting if requested to do so Click the Delete button to delete th...

Страница 353: ...the particular Access Point record The Status column should display Connected 3 Click the Restart icon The Status column now displays Disconnected along with the date and time when ZoneDirector last...

Страница 354: ...hen the Restart Shutdown features appear click Restart You will be automatically logged out of ZoneDirector After a minute when the Status LED is steadily lit you can log back into ZoneDirector Figure...

Страница 355: ...urrently if you use an oversubscription ratio of 4 1 such a network could actually support 40 users at 1Mbps In a Smart Mesh network the Root AP RAP has all its wireless bandwidth available for bandwi...

Страница 356: ...er means and actually checking the Signal Quality throughout the mesh network In addition once the mesh is deployed the Signal Quality should be periodically monitored to make sure the mesh is operati...

Страница 357: ...ty as your benchmark as explained in Signal Quality Verification on page 356 Ensure that the Signal is better than 25 for trouble free operation For additional mounting details please also consult the...

Страница 358: ...Ruckus Wireless ZoneDirector Release 10 0 User Guide 358 Mesh Networking Best Practices Mounting and Orientation of APs...

Страница 359: ...nient and possible MAPs and RAPs should all be at a similar elevation from the ground For example for an indoor outdoor mesh if all your indoor RAPs and MAPs are at ceiling height standard 15 foot cei...

Страница 360: ...distributed evenly throughout the coverage area rather than clumped together 5 Once the APs are mounted on a test basis or permanently use the Signal quality measurement to ensure that the uplink sig...

Страница 361: ...Copyright 2017 Ruckus Wireless Inc 350 West Java Drive Sunnyvale CA www ruckuswireless com...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды