Ruckus Wireless ZoneDirector 3000 Скачать руководство пользователя страница 138 | Manualshive

Страница: 138 / 430

Ruckus Wireless ZoneDirector 3000 Скачать руководство пользователя страница 138

Controlling Network Access Permissions

Configuring Application Denial Policies

138

Ruckus Wireless, Inc.

•

“www.corporate.com” – This will block access to the host web server at the
organization “corporate.com” i.e. the FQDN. It will not block access to any other
hosts such as ftp, ntp, smtp, etc. at the organization “corporate.com”.

•

“corporate.com” – this will block access to all hosts at the domain “corpo-
rate.com” i.e. it will block access to www.corporate.com, ftp.corporate.com,
smtp.corporate.com, etc.

•

“corporate” – This will block access to any FQDN containing the text “corporate”
in any part of the FQDN. Care should be taken to use as long as possible string
for matching to prevent inadvertently blocking sites that may contain a shorter
string match i.e. if the rule is “net” then this will block access to any sites that
have the text “net” in any part of the FQDN or .net as the FQDN suffix.

•

*.corporate.com – This is an invalid rule. Wildcard “*” and other regular expres-
sions cannot be used in any part of the FQDN.

•

“www.corporate.com/games” - This is an invalid rule. The filter cannot parse and
block access on text after the FQDN, i.e., in this example it cannot filter the micro-
site “/games”.

Notes:

•

Many global organizations have both a “.com” suffix and country specific suffix
such as “.co.uk”, “.fr”, “.au”.etc. To block access to say the host web server in
all regional specific web sites for an organization a rule like “www.corporate”
could be used.

•

Many global organizations use distributed content delivery networks such as
Akamai. In such cases creating a rule such as “www.corporate.com” may not
prevent access to the entire site. Further investigation of the content network
behavior may need to be undertaken to fully prevent access.

When using Port based rules:

There is no distinction between the TCP and UDP protocols, so care should be
taken if wishing to block a specific application port as that will apply to both IP
protocols and may inadvertently block another application using the other protocol.

«
...
136
137
138
139
140
...
»

Содержание ZoneDirector 3000

Страница 1: ...Ruckus Wireless ZoneDirector Release 9 8 User Guide Part Number 800 70599 001 Rev B Published July 2014 www ruckuswireless com...

Страница 2: ......

Страница 3: ...IS PROVIDED FOR GENERAL INFORMATION PURPOSES ONLY RUCKUS AND ITS LICENSORS MAKE NO WARRANTY OF ANY KIND EXPRESS OR IMPLIED WITH REGARD TO THE MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTI...

Страница 4: ...4 Ruckus Wireless Inc...

Страница 5: ...eDirector 30 How APs Discover ZoneDirector on the Network 31 How to Ensure that APs Can Discover ZoneDirector on the Network 32 Firewall Ports that Must be Open for ZoneDirector Communications 39 Inst...

Страница 6: ...ail Alarm Notifications 83 Customizing Email Alarms that ZoneDirector Sends 86 Configuring SMS Settings for Guest Pass Delivery via SMS 86 Enabling Network Management Systems 88 Enabling Management vi...

Страница 7: ...l Policies 137 Configuring User Defined Applications 139 Configuring Application Port Mapping 140 Configuring Precedence Policies 142 Blocking Client Devices 143 Using an External AAA Server 148 Activ...

Страница 8: ...Shared Keys on a WLAN 220 Setting Dynamic Pre Shared Key Expiration 221 Generating Multiple Dynamic PSKs 223 Creating a Batch Dynamic PSK Profile 224 Enabling the Bypass Apple CNA Feature 225 5 Managi...

Страница 9: ...Efficient Positions 268 Reviewing Current Alarms 269 Reviewing Recent Network Events 269 Clearing Recent Events Activities 270 Moniting WLAN Status 270 Reviewing Current User Activity 272 Viewing Appl...

Страница 10: ...er for User Authentication 311 Activating Web Authentication 313 8 Managing Guest Access Configuring Guest Access 316 Creating a Guest Access Service 316 Configuring Guest Subnet Access 317 Creating a...

Страница 11: ...361 Best Practices and Recommendations 363 10 Setting Administrator Preferences Changing the ZoneDirector Administrator User Name and Password 366 Setting Administrator Login Session Timeout 367 Chan...

Страница 12: ...wing Current System and AP Logs 402 Packet Capture and Analysis 404 Local Capture 405 Streaming Mode 405 Importing a Script 408 Enabling Remote Troubleshooting 408 Restarting an Access Point 408 Resta...

Страница 13: ...Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format PDF or HTML on the Ruckus Wireless Support website at https support ruckuswireless com documents NOTE...

Страница 14: ...enter Device name set ipaddr 10 0 0 12 default font bold Keyboard keys software buttons and field names On the Start menu click All Programs italics Screen or page names Click Advanced Settings The A...

Страница 15: ...Notes Provide information about the current software release including new features enhancements and known issues Documentation Feedback Ruckus Wireless is interested in improving its documentation a...

Страница 16: ...Documentation Feedback 16 Ruckus Wireless Inc...

Страница 17: ...his chapter Overview of ZoneDirector ZoneDirector Physical Features Introduction to the Ruckus Wireless Network Ensuring That APs Can Communicate with ZoneDirector Installing ZoneDirector Accessing Zo...

Страница 18: ...e requirements of deploying an enterprise class WLAN in addition to providing much greater flexibility in AP placement ZoneDirector also integrates network monitoring sophisticated user access control...

Страница 19: ...irector 1100 This section describes the following physical features of ZoneDirector 1100 Buttons Ports and Connectors Front Panel LEDs Figure 1 ZoneDirector 1100 Buttons Ports and Connectors Table 1 d...

Страница 20: ...ory Default Reset Method WARNING Resetting ZoneDirector to factory default settings will erase all configuration changes that you made except for AP licenses and SSL certificates LED Label State Meani...

Страница 21: ...e set to 100Mbps auto negotiation or 1000Mbps auto negotiation Ethernet Link Solid Green or Amber The port is connected to a device Flashing Green or Amber The port is transmitting or receiving traffi...

Страница 22: ...and connectors on ZoneDirector 3000 Table 3 ZoneDirector 3000 front panel elements Label Meaning Power Located on the rear panel Press this button to power on ZoneDirector F D To reset ZoneDirector t...

Страница 23: ...ps Ethernet ports For information on what the two Ethernet LEDs indicate refer to Table 4 LED Label State Meaning Power Green ZoneDirector is receiving power Off ZoneDirector is NOT receiving power If...

Страница 24: ...s connected to a device Flashing Green or Amber The port is transmitting or receiving traffic Off The port has no network cable connected or is not receiving a link signal Ethernet Rate Amber The port...

Страница 25: ...Removed Control Panel Rear Panel Features Figure 3 ZoneDirector 5000 Front Panel Front Panel Features Table 5 ZoneDirector 5000 front panel features Feature Description Control Panel See Control Panel...

Страница 26: ...l bezel removed Table 6 ZoneDirector front panel elements Control Panel Figure 5 Control panel buttons and indicators Number Feature 1 ESD ground strap attachment 2 Hard drive bays not used 3 Control...

Страница 27: ...ton 9 NIC 1 NIC 2 activity LED 10 HDD activity LED not used 11 PWR alarm LED not used 12 MNR alarm Amber system unavailable OFF system available LED Status Definition Off No power supply detected or t...

Страница 28: ...nnector not used 2 Two low profile PCIe add in cards not used 3 Three full length PCIe add in cards not used 4 Power supply 2 backup AC power 5 Power supply 1 primary AC power 6 RJ45 serial port COM2...

Страница 29: ...tor 5000 ZoneDirector 9 8 User Guide 800 70599 001 Rev B 29 Table 10 NIC status LEDs LED Color LED State NIC State Green Amber Left Off 10Mbps Green 100Mbps Amber 1000Mbps Green Right On Active connec...

Страница 30: ...orkers contractors and visitors can be granted limited controlled access to a separate Guest WLAN with minimal setup You can now fine tune and monitor your network through the web interface which enab...

Страница 31: ...tor s and will skip the DHCP DNS last joined ZoneDirector steps If it is unable to contact its pre configured Zone Director it will enter sulk state and will remain in an idle discover sulk loop until...

Страница 32: ...Option 1 Perform Auto Discovery on Same Subnet then Transfer the AP to Intended Subnet Option 2 Customize Your DHCP Server Option 3 Register ZoneDirector with a DNS Server NOTE If the AP and ZoneDirec...

Страница 33: ...the AP If there are multiple ZoneDirector devices on the network the AP will automatically select a ZoneDirector to register with from this list of IP addresses RFC 2132 describes DHCP Option 60 and O...

Страница 34: ...to hexadecimal you can use an online conversion website such as http www easycalculation com decimal converter php to perform the conversion The table below lists the sub option code FlexMaster URL an...

Страница 35: ...ormat of the sub option code 03 for ZoneDirector and comma separated IP addresses in ASCII text string 7 Configure the option with a value either at the server level scope level or at Reservation just...

Страница 36: ...em the procedure may be different Step 1 Set the DNS Domain Name on the DHCP Server 1 From Windows Administrative Tools open DHCP and then select the DHCP server that you want to configure 2 If the Sc...

Страница 37: ...t the DHCP server you want to configure 2 If the Scope folder is collapsed click the plus sign to expand it 3 Right click Scope Options and then click Configure Options The General tab of the Scope Op...

Страница 38: ...he DHCP server with DNS related information you need to register the IP addresses of ZoneDirector devices on the network with your DNS server The procedure for this task depends on the DNS server soft...

Страница 39: ...9 2 ZoneDirector can be deployed in a private network behind a NAT Network Address Translation device When ZoneDirector is deployed on an isolated private network where NAT is used administrators can...

Страница 40: ...ed to ZoneDirector s private IP address on the NAT device s port mapping table ports 21 22 80 443 12222 12223 Note that there are some limitations with this configuration including SpeedFlex performan...

Страница 41: ...oneDirector using UPnP Universal Plug and Play On Windows 7 you may need to Turn on network discovery in the Network and Sharing Center Advanced Sharing Settings 2 Double click the ZoneDirector icon w...

Страница 42: ...tor web interface You can also perform many management and configuration tasks using the ZoneDirector Command Line Interface CLI by connecting directly to the Console port or an Ethernet port To acces...

Страница 43: ...efault admin and password default admin You are now logged into ZoneDirector with limited privileges As a user with limited privileges you can view a history of previously executed commands and ping a...

Страница 44: ...ard summary needs Tabs Click any of the four tabs Dashboard Configure Monitor and Administer to take advantage of related sets of features and options When you click a tab ZoneDirector displays a coll...

Страница 45: ...Figure 12 The Dashboard NOTE Some indicators may not be present upon initial view The Add Widgets feature located at the bottom left area of the screen enables you to show or hide indicators See Using...

Страница 46: ...a mesh uplinks or downlinks Most Active Client Devices Identifies the most active clients by MAC address IP address and user name Bandwidth usage is calculated in megabytes MB and is based on the tota...

Страница 47: ...Usage Lists the top 10 applications their total usage in KB and percent of the total Top 10 APs by Usage Lists the top 10 APs their total usage in KB and percent of the total Top 10 Clients by Usage L...

Страница 48: ...13 The Add Widgets link is at the bottom left corner of the Dashboard The Widgets pane opens at the upper left corner of the Dashboard 3 Select any widget icon and drag and drop it onto the Dashboard...

Страница 49: ...widget icons appear at the top left corner of the Dashboard 4 Click Finish in the Widgets pane to close it Removing a Widget To remove a widget from the Dashboard click the icon for any of the widgets...

Страница 50: ...verview of performance statistics such as CPU and memory utilization number of APs and clients on the network and number of packets transmitted To view the Real Time Monitoring page locate the Toolbox...

Страница 51: ...process itself consumes a small amount of system resources it should be used as a general overview tool rather than a precise measurement Actual resources used CPU and memory utilization will be lower...

Страница 52: ...oneDirector performance Stopping and Starting Auto Refresh By default ZoneDirector web interface pages automatically refresh themselves periodically depending on activity You can pause auto refresh on...

Страница 53: ...P information To register your ZoneDirector 1 Click the Product Registration link in the Support widget on the Dashboard or 2 Go to Administer Registration 3 Enter your contact information on the Regi...

Страница 54: ...Registering Your Product Stopping and Starting Auto Refresh 54 Ruckus Wireless Inc Figure 21 The Product Registration page Your ZoneDirector is now registered with Ruckus Wireless...

Страница 55: ...ddressing Creating Static Route Entries Enabling Smart Redundancy Configuring the Built in DHCP Server Controlling ZoneDirector Management Access Setting the System Time Setting the Country Code Chang...

Страница 56: ...y from the page or your changes will not be saved Changing the System Name When you first worked through the Setup Wizard you were prompted for a network recognizable system name for ZoneDirector If n...

Страница 57: ...If you need to update the IP address and DNS server settings of ZoneDirector follow the steps outlined below CAUTION As soon as the IP address has been changed applied you will be disconnected from y...

Страница 58: ...information in the now active fields IP Address Netmask and Gateway are required DHCP If you select DHCP no further information is required 4 Click Apply to save your settings You will lose connection...

Страница 59: ...y been configured such as Access Control Lists ACLs AAA server addresses Syslog server SNMP trap receiver etc When IPv6 is enabled the other fields where IP addresses are entered such as Additional Ma...

Страница 60: ...be configured to allow an administrator to manage ZoneDirector from its management VLAN thereby separating management traffic from LWAPP traffic between the controller and the access points The Manag...

Страница 61: ...s Netmask and Access VLAN information for the additional interface If IPv6 enter Prefix Length instead of Netmask 4 Optional If you want to configure this management interface with a different gateway...

Страница 62: ...are deployed in a Smart Redundancy configuration both of the actual IP addresses must be used rather than the management IP address Creating Static Route Entries Static routes can be created to allow...

Страница 63: ...address 6 Click OK to save your changes You can create up to 4 static route entries Figure 26 Creating a static route entry Static Route Example As an example in a network where the APs are connected...

Страница 64: ...ce becomes active When the original active device recovers it automatically assumes the standby state as it discovers an already active ZoneDirector on the network The ZoneDirector in active state man...

Страница 65: ...vior They will continue trying to commu nicate sending discover messages every 6 seconds to peers until the ZDs are communicating again when they will determine Active Standby roles based on 1 most ma...

Страница 66: ...under Configure Access Points Access Point Policies you must identify the IP address of both ZoneDirectors that the APs should connect to when Smart Redundancy is active If the Limited ZD Discovery a...

Страница 67: ...rompted to retry discovery or to continue configuring the current device Once Smart Redundancy has been enabled a status link is displayed at the top of the web interface Figure 29 Smart Redundancy st...

Страница 68: ...ondary Alternatively you can specify the IP addresses of both ZoneDirectors through DHCP Option 43 see Option 2 Customize Your DHCP Server Forcing Failover to the Backup ZoneDirector After Smart Redun...

Страница 69: ...section select the Enable DHCP check box 3 In Starting IP Address type the first IP address that the built in DHCP server will allocate to DHCP clients The starting IP address must be on the same subn...

Страница 70: ...HCP clients click the click here link at the end of the To view all currently assigned IP addresses that have been assigned by the DHCP server sentence A table appears and lists all current DHCP clien...

Страница 71: ...stem screen Options include limiting access by subnet single IP address and IP address range NOTE When you create a management access control rule all IP addresses and subnets other than those specifi...

Страница 72: ...rrent IP address is shown for convenience be sure not to create an ACL that prevents the admin s own IP address from accessing the web interface 5 Click OK to confirm You can create up to 16 entries t...

Страница 73: ...erver as detailed below which provides continual updating with the latest time 1 Go to Configure System 2 In the System Time features you have the following options Refresh Click this to update the Zo...

Страница 74: ...tions Setting the Country Code to the proper regulatory region ensures that your ZoneFlex network does not violate local and national regulatory restrictions ZoneDirector s web interface can be used t...

Страница 75: ...band should be available for use by your APs Note that these settings only affect Ruckus Wireless APs that support the extended DFS channel list Channel Optimization settings are described in the foll...

Страница 76: ...s including 100 104 108 112 116 120 124 128 132 136 140 Channel Mode Some countries restrict certain 5 GHz channels to indoor use only For instance Germany restricts channels in the 5 15 GHz to 5 25 G...

Страница 77: ...unctioning as MAPs the mesh backhaul link must initially use a non indoor only channel Your ZoneFlex Outdoor MAPs may fail to join if the mesh backhaul link is using a restricted indoor only channel C...

Страница 78: ...ging levels Show More Warning and Critical Events or Critical Events Only Remote Syslog To enable syslog logging select the Enable reporting to remote syslog server at check box and then type the IP a...

Страница 79: ...ting with release 9 8 ZoneDirector will generate syslog messages upon acqui sition update or deletion of an IP address by a wireless station This feature allows enhanced integration with popular firew...

Страница 80: ...w of user data from the end point to the firewall will use the following path 1 The user authenticates to an authentication server via AP 2 ZoneDirector verifies the user s identity 3 After the statio...

Страница 81: ...P to which the station is currently connected seq Indicates the sequence number of the log message It is increased by one after a log is sent The UDP packet can be adjusted to the right order by this...

Страница 82: ...ettings and expand the Remote Syslog Advanced Settings section 3 In ZoneDirector Settings set the facility name as follows Keep Original Retain the original facility name local0 local7 Specify facilit...

Страница 83: ...t log If you prefer an email notification can be sent to a configured email address of your choosing To activate this option follow these steps 1 Go to Configure Alarm Settings 2 To enable email notif...

Страница 84: ...d by your ISP or mail administrator This might be just the part of your email address before the symbol or it might be your complete email address If you are using a free email service such as Hotmail...

Страница 85: ...ailed appears at the bottom of the Email Notification page Go back to Step 5 and then verify that the SMTP settings are correct 7 Click Apply The email notification settings you configured become acti...

Страница 86: ...il Notification section NOTE With the exception of the Lost contact with AP event ZoneDirector only sends one email alarm notification for each event If the same event happens again no alarm will be s...

Страница 87: ...eDirector 9 8 User Guide 800 70599 001 Rev B 87 You can now allow guest pass generators to deliver guest pass codes to guests using the SMS button when generating a new guest pass You must also enter...

Страница 88: ...m Reboot Backup of ZoneDirector settings Performance monitoring When the FlexMaster management option is enabled you will still be able to access the ZoneDirector web interface to perform other manage...

Страница 89: ...n authentication WLANs meant for public access By enabling the Northbound Portal Interface a wireless service provider can provide simple but secure Wi Fi access without pre registration account setup...

Страница 90: ...irector information such as system status WLAN list AP list and clients list and to set a number of system settings using a Network Management System NMS or SNMP MIB browser You can also enable SNMP t...

Страница 91: ...ge and click the Network Management link to open the Network Management section 2 Under the SNMPv2 Agent section select the Enable SNMP Agent check box 3 Enter the following information In SNMP RO com...

Страница 92: ...3 Enter the following information for both the Read Only and Read Write privileges User Enter a user name between 1 and 31 characters Authentication Choose MD5 or SHA authentication method default is...

Страница 93: ...SNMP trap notifications to the server Enable this feature if you want to automatically receive notifications for AP and client events that indicate possible network issues see Trap Notifications That...

Страница 94: ...Support 94 Ruckus Wireless Inc If you select SNMPv3 enter up to four trap receiver IP addresses along with authentication method passphrase and privacy encryption settings 4 Click Apply to save your...

Страница 95: ...trap notifications that ZoneDirector sends and when they are sent Table 15 Trap notifications Trap Name Description ruckusZDEventAPJoinTrap An AP has joined ZoneDirector The AP s MAC address is includ...

Страница 96: ...ent has successfully joined an AP The client s MAC address the AP s MAC address and SSID are included in the trap notification ruckusZDEventClientJoinFailed A client has attempted and failed to join a...

Страница 97: ...has exceeded the set value ruckusZDEventAPMEMvalve An AP s memory utilization has exceeded the set value ruckusZDEventSmartRedundancyChan getoActive The standby Smart Redundancy ZoneDirector has fail...

Страница 98: ...packets and sends them to the DHCP servers then delivers DHCP Offer Ack messages from the DHCP server back to the client The traffic flow is as follows 1 Client sends DHCP discover broadcast 2 AP tun...

Страница 99: ...Go to Configure WLANs 2 If creating a new WLAN click Create New Otherwise click Edit for the WLAN you want to configure 3 Under Advanced Options when Tunnel Mode is enabled the DHCP Relay option beco...

Страница 100: ...network configuration required Multicast applications such as Bonjour require special consideration when being deployed over wireless networks Bonjour only works within a single broadcast domain whic...

Страница 101: ...es from one VLAN to another Using the ZD Site Bonjour Gateway feature ZoneDirector serves as the Bonjour proxy for forwarding Bonjour packets to the designated VLANs Requirements Layer 2 switch betwee...

Страница 102: ...s the memory processor requirements this feature is only supported on certain APs and delivers a set of service rules a Bonjour policy to the AP to perform the VLAN bridging NOTE This feature is only...

Страница 103: ...n the AP Site table to create a new Bonjour service rule 3 In the Create New form configure the following options Bridge Service Select the Bonjour service from the list From VLAN Select the VLAN from...

Страница 104: ...nt to configure 3 in Bonjour Gateway enable the check box and select a Bonjour policy that you created on the Configure Bonjour Gateway page from the list 4 Click OK to save your changes Figure 53 Des...

Страница 105: ...pple TV attached to a projector Teachers SSID VLAN 200 802 1X authentication for a MacBook and iPad needs to have access to all classroom resources Students SSID VLAN 300 Students have a separate SSID...

Страница 106: ...Enabling Bonjour Gateway Example Network Setup 106 Ruckus Wireless Inc...

Страница 107: ...e 800 70599 001 Rev B 107 3 Configuring Security and Other Services In this chapter Configuring Self Healing Options Configuring Wireless Intrusion Prevention Controlling Network Access Permissions Us...

Страница 108: ...d same Zone Director 3 The AP can hear the other AP at a minimum of 50dB which means the Access Points are very close to each other Note that the 2 4G and 5G radio bands are considered independently I...

Страница 109: ...orical data and maintains an internal log of channel performance individually When ChannelFly changes channels it utilizes 802 11h channel change announce ments to seamlessly change channels with no p...

Страница 110: ...healing options 1 Go to Configure Services 2 Review and change the following self healing options Automatically adjust AP radio power to optimize coverage where interference is present Enable automati...

Страница 111: ...s not helpful or adjust the frequency if you want scans at greater or fewer intervals Note that Background Scanning must be enabled for ZoneDirector to detect rogue APs on the network To configure Ba...

Страница 112: ...disable scanning for a particular WLAN click the Edit link next to the WLAN for which you want to disable scanning open Advanced Options and click the check box next to Disable Background Scanning To...

Страница 113: ...ses subsequent scans to update the list of adjacent radios periodically and when a new AP sends its first scan report When an AP leaves ZoneDirector immediately updates the list of adjacent radios and...

Страница 114: ...sbehavior The process does not require any time critical interaction between APs and ZoneDirector Provides control of adjacent AP distance with safeguards against abandoning clients Can be disabled on...

Страница 115: ...ng across adjacent APs by radio type To disable Load Balancing on a per WLAN basis 1 Go to Configure WLANs 2 Click the Edit link beside the WLAN for which you want to disable load balancing 3 Click th...

Страница 116: ...ing balances the client load on radios by distributing clients between the 2 4 GHz and 5 GHz radios This feature is enabled by default and set to a target of 25 of clients connecting to the 2 4 GHz ba...

Страница 117: ...hannels in the 5 GHz band to ensure the channel is clear of radar signals prior to transmitting on the channel If a channel is blocked by this feature it will be listed as DFS Block Radar in the AP mo...

Страница 118: ...software component of the AeroScout visibility system that produces accurate location and presence data If you are using AeroScout Tags in your organization you can use the APs that are being managed...

Страница 119: ...ocuments For more information on AeroScout Tags and the AeroScout Engine refer to your AeroScout documentation Ekahau Tag Detection Utilizing Wi Fi wireless network as an infrastructure the Ekahau Rea...

Страница 120: ...or enables Ekahau tag detection on all its managed APs that support this feature Figure 63 Enabling Ekahau tag detection Active Client Detection Enabling active client detection allows ZoneDirector to...

Страница 121: ...el Mode To configure data encryption and filtering for tunneled WLANs 1 Go to Configure Services 2 Scroll down to the bottom of the page and locate the Tunnel Configuration section 3 Enable the check...

Страница 122: ...6 Neighbor Solicit over tunnels When ZoneDirector receives a broadcast ARP request for a known host it acts on behalf of the known host to send out unicast ARP replies at the rate limit specified If Z...

Страница 123: ...r for Mesh links see Optional Mesh Configuration Features Proxy ARP for WLAN interfaces see Advanced Options under Creating a WLAN Proxy ARP for Tunneled WLANs see Tunnel Configuration When Proxy ARP...

Страница 124: ...m Denial of Service attacks To configure the DoS protection options 1 Go to Configure WIPS 2 In the Denial of Service DoS section configure the following settings Protect my wireless network against e...

Страница 125: ...ts A Rogue Access Point is any access point detected by a ZoneDirector managed access point that is not part of the ZoneFlex network managed by ZoneDirector Rogue devices are detected during off chann...

Страница 126: ...or man in the middle attacks to exploit passwords and other sensitive data The last type of malicious rogue device is User Marked These are devices that are manually marked as malicious rogues by a Zo...

Страница 127: ...ork connections or preventing client devices from accessing network services It could also be used by hackers to compromise network security Typically rogue DHCP servers are network devices such as ro...

Страница 128: ...wing procedure to re enable To enable rogue DHCP server detection on ZoneDirector enabled by default 1 Go to Configure WIPS 2 In the Rogue DHCP Server Detection section select the Enable rogue DHCP se...

Страница 129: ...Configuring Wireless Intrusion Prevention Rogue DHCP Server Detection ZoneDirector 9 8 User Guide 800 70599 001 Rev B 129 Figure 69 Enabling Rogue DHCP server detection...

Страница 130: ...ss Control Lists Using the Access Controls configuration options you can define Layer 2 MAC address ACLs which can then be applied to one or more WLANs upon WLAN creation or edit ACLs are either allow...

Страница 131: ...ovides access control options at Layer 3 and Layer 4 This means that you can configure the access control options based on a set of criteria including Destination Address Application Protocol Destinat...

Страница 132: ...xample if you enter 192 168 0 1 24 the rule would allow or deny the entire Class C subnet To allow deny a single host use 32 as the netmask Application If you select a specific application from the me...

Страница 133: ...nother To create a Device Access Policy 1 Go to Configure Access Control 2 In the Device Access Policy section click Create New 3 Enter a Name and optionally a description for the access policy 4 In D...

Страница 134: ...evice Access Policy To apply a Device Access Policy to a WLAN 1 Go to Configure WLANs 2 To edit an existing WLAN click Edit next to the WLAN you want to edit 3 Expand the Advanced Options and locate t...

Страница 135: ...on is enabled and which are destined to IP addresses that are not part of a per WLAN white list You can create exceptions to client isolation such as allowing access to a local printer for example by...

Страница 136: ...nd click Delete 7 Click OK to save the white list Figure 74 Creating a Client Isolation White List To apply a Client Isolation White List to a WLAN 1 Go to Configure WLANs 2 Click Edit next to the WLA...

Страница 137: ...elect a Whitelist from the drop down list of those you created on the Configure Access Control page 4 Click OK to save your changes Figure 75 Selecting a Client Isolation White List Configuring Applic...

Страница 138: ...com This is an invalid rule Wildcard and other regular expres sions cannot be used in any part of the FQDN www corporate com games This is an invalid rule The filter cannot parse and block access on t...

Страница 139: ...ches a configured policy will be displayed using the policy s name on the Application widget on the Dashboard and the Applications pie charts tables on the Wireless Clients monitoring page In case of...

Страница 140: ...page You can create new port to application name mappings individually or you can batch upload a list in csv format Click the click here link to download a sample of the csv file format This type of p...

Страница 141: ...Application Visibility ZoneDirector automatically identifies several hundred applications for use in appli cation recognition and denial policies The following links provide lists of many the most co...

Страница 142: ...create a new policy to be selectable from the WLAN configuration dialog 3 Under Rules click Create New to create a new rule for this policy 4 Select an Attribute VLAN or Rate Limiting to apply a prec...

Страница 143: ...rm to monitor block and unblock client devices manually from the ZoneDirector web interface Note the following considerations when managing the Blocked Clients list The block list is system wide and i...

Страница 144: ...all active clients are displayed on the page the Show More button disappears 4 To block any listed client devices follow the next set of steps Temporarily Disconnecting Specific Client Devices Follow...

Страница 145: ...f this proves to be a problem may prompt you to consider Permanently Blocking Specific Client Devices Permanently Blocking Specific Client Devices Follow these steps to permanently block a client devi...

Страница 146: ...the Block button to permanently delete a client Reviewing a List of Previously Blocked Clients 1 Go to Configure Access Control 2 Review the Blocked Clients table 3 You can unblock any listed MAC add...

Страница 147: ...Controlling Network Access Permissions Blocking Client Devices ZoneDirector 9 8 User Guide 800 70599 001 Rev B 147...

Страница 148: ...tory objects are organized in a number of levels such as domains trees and forests At the top of the structure is the forest A forest is a collection of multiple trees that share a common global catal...

Страница 149: ...r the Windows Domain Name e g domain ruckuswireless com 6 Click OK Figure 84 Enable Active Directory for a single domain For single domain authentication admin name and password are not required Multi...

Страница 150: ...tory partitions in the forest If the server attempting to bind over port 3268 is not a Global Catalog server the server refuses the bind 3 Leave the Windows Domain Name field empty to search all domai...

Страница 151: ...ser authentication for all users 1 Click the Edit link next to LDAP on the Configure AAA Servers page The Editing LDAP form appears 2 Enter the IP address and Port of your LDAP server The default port...

Страница 152: ...te privileges but must able to read and search all users in the database Figure 86 Creating a new LDAP server object in ZoneDirector Advanced LDAP Filtering A search string in LDAP format conforming t...

Страница 153: ...to If everything is configured correctly the result will display the groups associated with the student which should include a group called student or whatever was configured on your LDAP server Next...

Страница 154: ...they were returned from the Test Authentication Settings dialog Specify WLAN access Guest Pass generation and ZoneDirector administra tion privileges as desired for this Role At this point any user w...

Страница 155: ...server is available enable the check box next to Backup RADIUS and additional fields appear Enter the relevant information for the backup server and click OK When you have configured both a primary a...

Страница 156: ...Server RADIUS RADIUS Accounting 156 Ruckus Wireless Inc 6 In Reconnect Primary enter the number of minutes after which ZoneDirector will attempt to reconnect to the primary RADIUS server after failove...

Страница 157: ...Using an External AAA Server RADIUS RADIUS Accounting ZoneDirector 9 8 User Guide 800 70599 001 Rev B 157 Figure 89 Enable backup RADIUS server...

Страница 158: ...DIUS server using the MAC address of the client as both the user name and password The MAC address format can be configured in one of the following formats A single string of characters without punctu...

Страница 159: ...completed configuring the WLAN to authenticate users by MAC address from a RADIUS server Using 802 1X EAP MAC Address Authentication With the 802 1X EAP MAC Address authentication method clients confi...

Страница 160: ...onitor Wireless Clients page shows the actual authentication method used for clients in an 802 1X EAP MAC Address authentication WLAN Using 802 1X with EAP MD5 EAP MD5 differs from other EAP methods i...

Страница 161: ...tication and Table 16 lists those used in accounting ZoneDirector will terminate a user session if it receives a Change of Authorization Disconnect Message COA DM from the RADIUS server The COA DM mes...

Страница 162: ...rd coded to be Framed User 2 12 Framed MTU hard coded to be 1400 30 Called Station ID user configurable 31 Calling Station ID format is sta s mac 32 NAS Identifier user configurable 61 NAS Port Type h...

Страница 163: ...Tunnel Type value only relevant if it is 13 VLAN 65 Tunnel Medium Type value only relevant if it is 6 802 as in all 802 media plus ethernet 81 Tunnel Private Group ID this is the VLAN ID assignment p...

Страница 164: ...o be Framed User 2 8 Framed IP address 30 Called Station ID user configurable 31 Calling Station ID format is sta s mac 32 NAS Identifier user configurable 44 Account session ID Ruckus private attribu...

Страница 165: ...radius auth 1 50 Acct Multi Session ID 61 NAS Port Type hard coded to be 802 11 port 19 77 Connection Info indicates client radio type 25 Class if received in radius accept message from AAA Ruckus pri...

Страница 166: ...lass 85 Acct interim interval 27 Session timeout 29 Termination action Session timeout event becomes a disconnect event or re authentication event if termination action indicates 1 radius request For...

Страница 167: ...le 45 Acct authentic 50 Acct Multi Session Id 61 NAS port type 77 Connection Info indicates client radio type Ruckus private attribute Vendor ID 25053 Vendor Type Attribute Number 3 Ruckus SSID Additi...

Страница 168: ...click the user or group and select Properties to open the user group name Properties dialog box 3 On the Properties dialog box click Edit Profile The Edit Dial in Profile dialog box opens 4 Click the...

Страница 169: ...RADIUS RADIUS Accounting ZoneDirector 9 8 User Guide 800 70599 001 Rev B 169 6 Click OK 7 Repeat this procedure for additional users or groups Figure 94 On the Microsoft IAS page right click the user...

Страница 170: ...Server RADIUS RADIUS Accounting 170 Ruckus Wireless Inc Figure 95 On the Properties page click Edit Profile Figure 96 On the Authentication tab of the Edit Dial in Profile dialog select Unencrypted au...

Страница 171: ...ngle AP s only Monitoring Admin Monitoring and viewing operation status only TACACS is an extensible AAA protocol that provides customization and future development features and uses TCP to ensure rel...

Страница 172: ...172 Ruckus Wireless Inc Figure 97 Configuring a TACACS AAA server Once your TACACS server is configured on the AAA Servers page you can select it from the list of servers used to authenticate ZoneDire...

Страница 173: ...neDirector After you have configured one or more authentication servers in ZoneDirector perform this task to ensure that ZoneDirector can connect to the authentication server and retrieve the groups a...

Страница 174: ...ups attributes the information appears at the bottom of the page The following is an example of the message that will appear when ZoneDirector authenticates successfully with the server Success Groups...

Страница 175: ...works About Ruckus Wireless WLAN Security Creating a WLAN Creating a New WLAN for Workgroup Use Customizing WLAN Security Working with WLAN Groups Deploying ZoneDirector WLANs in a VLAN Environment Wo...

Страница 176: ...urity settings For example you may need a WLAN that utilizes WEP encryption for wireless devices that only support WEP key encryption To create special WLANs with different settings for specific purpo...

Страница 177: ...oth internal users and guests Authentication options include Open 802 1X EAP MAC Address 802 1X EAP MAC Address Encryption options depend on which type of authentication is chosen Open authentication...

Страница 178: ...ays all WLANs that have already been created in ZoneDirector 2 In the top section WLANs click Create New The Create New workspace displays the following Figure 100 Creating a new WLAN The WLAN Create...

Страница 179: ...26 is included an error message will appear WLAN Usages Select usage type standard guest access hotspot autonomous Authentication Options Select an authentication method for this WLAN open 802 1X EAP...

Страница 180: ...efault Guest Access WLAN with open access and customizable encryption see Configuring Guest Access Guest WLANs are subject to guest access policies such as redirection and subnet access restric tions...

Страница 181: ...uding ZoneDirector displayed client statistics may be incorrect Stations may be disconnected when an unreachable ZoneDirector becomes reachable again as ZoneDirector will re deploy all WLAN services t...

Страница 182: ...tion choices include WPA2 WPA Mixed WEP 64 WEP 128 and None WPA2 is the only encryption method certified by the Wi Fi Alliance and is the recommended method WEP has been proven to be easily circumvent...

Страница 183: ...802 11i compliant NICs Auto Automatically selects TKIP or AES encryption based on the client s capabilities Note that since it is possible to have clients using both TKIP and AES on the same WLAN onl...

Страница 184: ...ireless Client Isolation to prevent all commu nication between WLAN clients and other local resources unless they are specifically allowed in a white list A Client Isolation White List must first be c...

Страница 185: ...Control Policy Call Admission Control Disabled by default Enable Wi Fi Multimedia Admission Control WMM AC to support Polycom Spectralink VIEW certification When enabled the AP announces in beacons i...

Страница 186: ...dvertised at any time This will not affect performance or force the WLAN user to perform any unnecessary tasks Tunnel Mode Select this check box if you want to tunnel the WLAN traffic back to ZoneDire...

Страница 187: ...when enabled globally check this box For more information see Band Balancing Max Clients Limit the number of clients that can associate with this WLAN per AP radio default is 100 You can also limit t...

Страница 188: ...walled garden web pages without adding to transmission statistics until after authorization Application Visibility Enable this option to allow APs to collect client application data which can then be...

Страница 189: ...pt according to the Web Proxy Autodiscovery Protocol WPAD WPAD uses discovery methods such as DNS and DHCP Option 252 to locate the configuration file To use this feature you must designate where the...

Страница 190: ...returns a neighbor report containing information about known neighbor APs that are candidates for a service set transition NOTE Background Scanning Configure Services and Report Rogue Devices Configu...

Страница 191: ...ngineering you can do so by following these steps 1 Make a list of the group of users 2 Go to Configure WLANs 3 When the WLANs page appears the default internal and guest networks are listed in the ta...

Страница 192: ...their first wireless network To review the security configuration and the available options customize the existing WLAN setup or replace it with a totally different configuration review the following...

Страница 193: ...WPA encryption with no authentication Open Auth WPA2 Switch to this encryption method if you prefer the IEEE 802 11i standard which provides the highest level of security but is limited to devices wit...

Страница 194: ...ll want to review and then change the security options for the internal network To start click Edit in the Internal WLAN row 3 When the Editing Internal options appear look at the two main categories...

Страница 195: ...t in EAP server and Zero IT Wireless Activation certificates are automatically generated and installed on the end user s computer Users simply follow the instructions provided during the Zero IT Wirel...

Страница 196: ...eir wireless device connection settings If Switching to 802 1X based Security 1 Applies only to the use of the built in EAP server Each user should be able to repeat the Zero IT Wireless Activation pr...

Страница 197: ...WLAN Group and provide normal level access NOTE Creating WLAN groups is optional If you do not need to provide different WLAN services to different areas in your environment you do not need to create...

Страница 198: ...want to be part of this WLAN group 6 In the VLAN override settings choose whether to override the VLAN configured for each member WLAN Available options include No Change Click this option if you want...

Страница 199: ...h AP or radio on dual radio APs can only be a member of a single WLAN group 4 Click OK to save your changes Figure 105 Assign a WLAN group to an AP Viewing a List of APs That Belong to a WLAN Group 1...

Страница 200: ...that allows the user to designate untagged frames going in out of a port to a specific VLAN For example if an 802 1Q port has VLANs 1 20 and 30 enabled with VLAN 1 being the native VLAN frames on VLA...

Страница 201: ...mon VLAN scenarios include WLANs assigned to specific VLANs ZD and APs with no management VLAN WLANs assigned to specific VLANs ZD and APs within their own single management VLAN WLANs assigned to spe...

Страница 202: ...d to segment management traffic to a specific VLAN and you want to include ZoneDi rector s AP management traffic in this VLAN you can set the parameters in the ZoneDirector system configuration NOTE A...

Страница 203: ...anging management VLAN settings 8 Go to Administer Restart and click Restart to reboot ZoneDirector CAUTION When configuring or updating the management VLAN settings make sure that the same VLAN setti...

Страница 204: ...amic VLAN Requirements A RADIUS server must have already been added to ZoneDirector WLAN authentication method must be set to 802 1X MAC address or 802 1X MAC address To enable Dynamic VLAN for a WLAN...

Страница 205: ...N Priority of VLAN Dynamic VLAN and Tunnel Mode If the VLAN Dynamic VLAN and Tunnel Mode features are all enabled and they have conflicting rules ZoneDirector prioritizes and applies these three featu...

Страница 206: ...s attribute to VLAN Tunnel Medium Type Set this attribute to IEEE 802 Tunnel Private Group ID Set this attribute to the VLAN ID to which you want to segment this user Depending on your RADIUS setup yo...

Страница 207: ...eDirector provides two types of Hotspot services based on the WISPr Wireless Internet Service Provider roaming 1 0 and 2 0 specifications as described in the following sections Creating a Hotspot Serv...

Страница 208: ...Create New The Create New form appears 3 In Name enter a name for this hotspot service You will need to choose this name from a list when creating a WLAN to serve this hotspot service 4 In WISPr Smar...

Страница 209: ...nfigure AAA Servers page If a RADIUS server is selected an additional option appears Enable MAC authentication bypass no redi rection Enabling this option allows users with registered MAC addresses to...

Страница 210: ...Garden In Restricted Subnet define L3 4 IP address access control rules for the hotspot service to allow or deny wireless devices based on their IP addresses Under Advanced Options enable Intrusion Pr...

Страница 211: ...ts added the client gets redirected to the IP address of the ZD instead of the FQDN Assigning a WLAN to Provide Hotspot Service After you create a hotspot service you need to specify the WLANs to whic...

Страница 212: ...L sent to the captive portal server See the following URL for an example http portal free com sip 192 168 120 15 mac 74911a20 dac0 client_mac 00216a95b0de uip 192 168 120 13 lid 101 dn free com url ss...

Страница 213: ...rvices offered or allow the user to manually select an SSID for which the user has login credentials ZoneDirector s Hotspot 2 0 implementation complies with the IEEE 802 11u stan dard and the Wi Fi Al...

Страница 214: ...st List of network access identifier NAI realms corresponding to SSPs or other entities whose networks or services are accessible via this AP Up to five NAI realm entries can be created Each NAI realm...

Страница 215: ...To create an Operator Profile 1 Go to Configure Hotspot 2 0 Services 2 Click Create New under Operator Profiles 3 Configure the settings in Table 113 to create a Hotspot 2 0 Operator profile Figure 1...

Страница 216: ...r including NAI realm domain name roaming consortium 3GPP cellular network info A Service Provider profile must first be created before it appears here Up to six Service Provider Profiles can be indic...

Страница 217: ...e Create a Hotspot 2 0 WLAN After you create a HS2 0 service you need to specify the WLANs to which you want to deploy the hotspot configuration To configure an existing WLAN to provide hotspot servic...

Страница 218: ...In Hotspot 2 0 Operator select the name of the Operator profile that you created previously 5 In Authentication Server select the RADIUS server used to authenticate users 6 Optionally enable Proxy ARP...

Страница 219: ...Keys Dynamic PSK is a unique Ruckus Wireless feature that enhances the security of normal Pre shared Key PSK wireless networks Unlike typical PSK networks which share a single key amongst all devices...

Страница 220: ...using Zero IT Activation see Enabling Automatic User Activation with Zero IT Enabling Dynamic Pre Shared Keys on a WLAN To use DPSK for client authentication you must enable it for a particular WLAN i...

Страница 221: ...ck OK to save your settings This WLAN is now ready to authenticate users using Dynamic Pre Shared Keys once their credentials are verified against either the internal database or an external RADIUS se...

Страница 222: ...checked expired DPSKs will remain in the system though unusable after expiration and clients using an expired DPSK can remain connected until the user disconnects from the WLAN 4 Click the Apply butto...

Страница 223: ...tomatically populate the names of each user BatchDPSK_User_1 BatchDPSK_User_2 and so on to generate the dynamic PSKs 5 In Role select the Role you want to apply to this batch of DPSK users 6 In Dynami...

Страница 224: ...longer be able to access the WLAN using the same passphrase network key Alternatively you can allow users to automatically self provision their clients using Zero IT as described in Enabling Automatic...

Страница 225: ...device assumes it has network connectivity and no action is taken However this login utility is not a fully functional browser and does not support HTML HTML5 PHP or other embedded video In some situ...

Страница 226: ...Locate the Bypass Apple CNA Feature section at the bottom of the page 3 Select any or all of the following WLAN types for which you want to bypass the Apple CNA feature Web Authentication Guest Access...

Страница 227: ...anaging Access Points In this chapter Adding New Access Points to the Network Working with Access Point Groups Reviewing Current Access Point Policies Importing a USB Software Package Managing Access...

Страница 228: ...ing AP join requests If you prefer you can disable Automatic Approval If this is your preference ZoneDirector will detect new APs alert you to their presence and then wait for you to manually approve...

Страница 229: ...first 15 access points that have been approved or are awaiting approval If ZoneDirector is managing more than 15 access points the Show More button at the bottom of the list will be active To display...

Страница 230: ...Adding New Access Points to the Network Verifying Approving New APs 230 Ruckus Wireless Inc Figure 121 The Monitor Access Points page...

Страница 231: ...n steps involved in working with AP groups Modifying the System Default AP Group The first step in working with AP groups is defining the default behavior of all APs controlled by ZoneDirector Creatin...

Страница 232: ...p settings Setting Description Name The System Default group name cannot be changed you can edit this field when creating editing any other AP group Description The System Default description cannot b...

Страница 233: ...s SmartPositioning Technology SPoT location based service solution Enter the SPoT server URL port password and venue name as configured on the SmartPositioning server For information on configuration...

Страница 234: ...Access Point Groups section click the Create New button The Create New form appears 3 Enter a Name and optionally a Description for the new AP group 4 Modify any of the settings in Table 23 that you...

Страница 235: ...p click the check box at the top of the column 2 Select the target AP group from the drop down list and click Move To The AP disappears from the current group list 3 Click OK to save your changes Figu...

Страница 236: ...e 7300 series APs This can be useful if your APs are installed in a public location and you don t want to draw attention to them External Antenna External antenna configuration is available for the 5...

Страница 237: ...least one Trunk Port For single port APs e g ZoneFlex R300 the single LAN port must be a trunk port and is therefore not configurable For ZoneFlex 7025 7055 the LAN5 Uplink port on the rear of the AP...

Страница 238: ...Working with Access Point Groups Modifying Model Specific Controls 238 Ruckus Wireless Inc Figure 124 The ZoneFlex 7982 has two Ethernet ports LAN1 and LAN2...

Страница 239: ...ing with Access Point Groups Modifying Model Specific Controls ZoneDirector 9 8 User Guide 800 70599 001 Rev B 239 Figure 125 The ZoneFlex 7025 7055 has four front facing Ethernet ports and one rear p...

Страница 240: ...ub options can be used to further customize the format and content of information provided in DHCP requests As of release 9 8 ZoneDirector supports the following Option 82 sub options Sub option 1 Age...

Страница 241: ...s members of specific VLANs thereby separating the traffic on these ports from traffic on other VLANs General Ports are user defined ports that can have any combination of up to 20 VLAN IDs assigned F...

Страница 242: ...e VLANs that exist on the AP switch and carries traffic for all those VLANs between switches Access Ports All Access Ports are set to Untag VLAN 1 by default This means that all Access Ports belong to...

Страница 243: ...supplicant and authenticator functionality at the same time NOTE If mesh mode is enabled on ZoneDirector the 802 1X port settings will be unavailable for any APs that support mesh The ZoneFlex 7025 d...

Страница 244: ...he network In MAC based mode each MAC host is individually authenticated Each newly learned MAC address triggers an EAPOL request identify frame Guest VLAN Default disabled When a station fails to aut...

Страница 245: ...pstream authenticator port Until the AP has successfully done so the state of the authenticator port is closed and packets from the AP or stations behind it will be dropped at the authenticator port I...

Страница 246: ...tatus 246 Ruckus Wireless Inc Figure 128 Configuring an AP Ethernet port as an 802 1X Supplicant Viewing AP Ethernet Port Status You can view the status of an AP s port configuration by going to Monit...

Страница 247: ...Working with Access Point Groups Viewing AP Ethernet Port Status ZoneDirector 9 8 User Guide 800 70599 001 Rev B 247 Figure 129 Viewing an AP s Ethernet port configuration...

Страница 248: ...ry If you have multiple ZoneDirectors on the network and want specific APs to join specific ZoneDirectors you can limit ZoneDi rector discovery To do this select the Limited ZD Discovery check box and...

Страница 249: ...e AP is disabled by default VLAN ID Enter a valid VLAN ID to segment management traffic into the VLAN specified Valid VLAN IDs are 1 4094 NOTE If you change the Management VLAN ID here you also need t...

Страница 250: ...rollers for example using a ZD3000 as a backup for several ZD1100s in remote locations you can use Limited ZD Discovery to achieve limited N 1 redundancy NOTE Using Limited ZD Discovery for redundancy...

Страница 251: ...apped to their respective settings on the backup controller If you do not configure these settings first before importing AP lists you will need to configure them for each AP after importing For examp...

Страница 252: ...guration files directly through ZoneDirector providing a simple and straightfor ward provisioning process with minimal human intervention required Provisioning requires that the SmartPoint Access Poin...

Страница 253: ...nnect the wired network connection then reboot the AP 6 After reboot the AP detects the appropriate drivers on its persistent storage goes through the 3G 4G LTE network connection process and establis...

Страница 254: ...umbers hyphens and underscores Note however that only the first 17 characters of the device name will be displayed in the Events Activities tables Description Enter a description for the AP This descr...

Страница 255: ...n also disable service for a particular WLAN at specific times of day or days of the week by setting the Service Schedule For more information see Advanced Options for creating a WLAN 13 External Ante...

Страница 256: ...et which APs can serve as its uplinks select the Manual radio button under Advanced Options Uplink Selection default is Smart The other APs in the mesh appear below the selection 18 Select the check b...

Страница 257: ...et the Venue Name for the venue at which the AP will be operating You can create up to two Venue Names two languages for the venue name To set the Hotspot 2 0 Venue Name for an AP 1 Go to Configure Ac...

Страница 258: ...eset channels and adjust transmission power or adjust the priority of certain WLANs over others as needed Assessing Current Performance Using the Map View REQUIREMENT The importing of a floorplan and...

Страница 259: ...e APs to a power source 4 To refresh the ZoneDirector Map View run a full system RF Scan as detailed in Starting a Radio Frequency Scan 5 When the RF scan is complete and ZoneDirector has recalibrated...

Страница 260: ...t is Auto Uplink Selection Use this setting to manually define which APs can serve as an uplink for this Mesh AP 5 Click OK The adjusted AP will be automatically restarted and when it is active will b...

Страница 261: ...ew Tools Evaluating and Optimizing Network Coverage Reviewing Current Alarms Reviewing Recent Network Events Moniting WLAN Status Reviewing Current User Activity Monitoring Individual Clients Monitori...

Страница 262: ...boring and rogue client devices and RF coverage You can see what devices are where in your floorplan and visually evaluate network coverage NOTE Map View to work your computer must have Java version 7...

Страница 263: ...rror message appears when these file size limits are reached Additionally the maximum file size per floorplan image is 512kb 200kb or smaller is recommended Requirements A floorplan image in GIF JPG o...

Страница 264: ...nting multiple floors in your building s make sure you place the access point markers on the correct floorplan 1 Have the list of APs handy with MAC addresses and locations 2 Go to Monitor Map View if...

Страница 265: ...the Map View as noted here and marked in the above illustration 1 Map drop down list Select the floorplan to view from the Map drop down list 2 Coverage and Show Rogue APs box For Coverage selecting...

Страница 266: ...the size and angle of the floorplan by using the tools on this screen Note the following icons 7 Signal This colored legend displays the signal strength coverage when you selected either 2 4 GHz or 5...

Страница 267: ...ove the icon A rogue AP displays a smaller red icon imprinted with a bug A bug icon with a lock on it indicates a rogue AP with security enabled In a Smart Mesh network an isolated AP displays a red X...

Страница 268: ...color range especially colors that indicate low coverage 6 Look at the floorplan and evaluate the current coverage Moving the APs into More Efficient Positions You can now move the APs into more effic...

Страница 269: ...e 137 The All Alarms page 3 Review the contents of this table The Activities column is especially informative 4 If a listed alarm condition has been resolved click the now active Clear link to the rig...

Страница 270: ...st events will be overwritten when new events occur Clearing Recent Events Activities To review the current events and if appropriate clear all resolved events follow these steps 1 Go to Monitor All E...

Страница 271: ...Moniting WLAN Status Clearing Recent Events Activities ZoneDirector 9 8 User Guide 800 70599 001 Rev B 271 Figure 138 The Monitor WLANs page...

Страница 272: ...in more detail Additionally you can perform a number of actions on individual clients from this page including blocking unauthorized clients deleting clients from the table which will allow them to at...

Страница 273: ...Activity Viewing Application Usage Statistics ZoneDirector 9 8 User Guide 800 70599 001 Rev B 273 Figure 139 Monitoring client activity Click the Show Details button to display detailed application or...

Страница 274: ...columns displayed by clicking the Edit Columns button You can also delete block run SpeedFlex and test connectivity using the action icons in this table Inactive Clients The Inactive Clients table di...

Страница 275: ...Reviewing Current User Activity Events Activities ZoneDirector 9 8 User Guide 800 70599 001 Rev B 275 Figure 141 Monitoring Clients...

Страница 276: ...ou want to monitor The page refreshes to display a page of client specific information and statistics The Monitoring Clients client MAC address page displays the following information about the connec...

Страница 277: ...d to track the uplink downlink throughput of a specific client over time To monitor a client s performance 1 Go to Monitor Wireless Clients and locate the client MAC address in the Active Clients list...

Страница 278: ...his estimate is based on measurements of downlink traffic and is updated only when the AP transmits more than 1000 packets each containing at least 1024 bytes of data within a one minute measurement i...

Страница 279: ...cate information on the APs that ZoneDirector is managing Open the Dashboard for a snapshot of the most active APs Click the MAC address link of any AP record to see more details Go to Monitor Map Vie...

Страница 280: ...om ZoneDirector s perspective Approval Pending Connected Disconnected Root AP Mesh AP eMesh AP Number of hops Mesh Mode Displays whether the AP is manually set as a Root or Mesh AP or set to automatic...

Страница 281: ...ant to display the option to Export to CSV appears If the search box is empty all APs will be saved to the CSV file If you enter text in the search box only the APs currently matching the search text...

Страница 282: ...t Status Using the AP Status Overview Page 282 Ruckus Wireless Inc Figure 146 Viewing AP group members Events Activities This table displays an AP related subset of the information on the Monitor All...

Страница 283: ...ress and model number Info Displays uptime clients and mesh status Actions Action icons provide tools for managing the AP see Using Action Icons to Configure and Troubleshoot APs in a Mesh On supporte...

Страница 284: ...ement interval The uplink and downlink throughput curves show the actual throughput of a particular client or the current mix of clients These curves are influenced by the user session and they vary a...

Страница 285: ...n is a measure of noise or other interference that is in fact impacting performance How do customers use this new concept to understand and manage their WiFi networks RF Pollution is an informational...

Страница 286: ...Monitoring Individual APs RF Pollution FAQ 286 Ruckus Wireless Inc Figure 147 Viewing an individual AP s information Figure 148 Monitoring an AP s performance...

Страница 287: ...signal power readings within each portion of the frequency band in a cumulative distribution format The CDF plot is color coded based upon the frequency with which each point is observed during conse...

Страница 288: ...Monitoring Individual APs Spectrum Analysis 288 Ruckus Wireless Inc Figure 149 APs that support spectrum analysis display an extra icon in the Actions table...

Страница 289: ...k performance issues Details on neighbor APs include Access Point The AP s description if configured or the MAC address if no name or description is available Channel The channel that the neighbor AP...

Страница 290: ...lable on most Ruckus Wire less outdoor APs and orientation sensors are available on the ZoneFlex 7962 indoor AP Orientation This sensor displays the mounting orientation of the AP Three orientations a...

Страница 291: ...zed APs pose problems for a wireless network in terms of airtime contention as well as security Usually a rogue AP appears in the following way an employee obtains another manufacturer s AP and connec...

Страница 292: ...yet been categorized as malicious or non malicious malicious AP SSID spoof A malicious rogue AP that uses the same SSID as ZoneDirector s AP also known as an Evil twin AP malicious AP MAC spoof A mal...

Страница 293: ...a neighboring network you can mark it as known NOTE If your office or worksite is on a single floor in a multistory building your upper and lower floor neighbors wireless access points may show up on...

Страница 294: ...Monitoring Rogue Access Points Monitoring System Ethernet Port Status To view the status of ZoneDirector s Ethernet ports go to Monitor System Info The table displays the MAC address Interface ID phy...

Страница 295: ...on ZoneDirector 9 8 User Guide 800 70599 001 Rev B 295 Figure 156 Monitoring system Ethernet port information Monitoring AAA Server Statistics To monitor AAA servers that you have configured on the Co...

Страница 296: ...or SmartPositioning location servers that you have configured on the Configure Access Points AP Groups page go to Monitor Location Services NOTE For information on configuration and administration of...

Страница 297: ...Monitoring Location Services Access Point Sensor Information ZoneDirector 9 8 User Guide 800 70599 001 Rev B 297 Figure 158 Monitoring Location Services...

Страница 298: ...Monitoring Location Services Access Point Sensor Information 298 Ruckus Wireless Inc...

Страница 299: ...ter Enabling Automatic User Activation with Zero IT Adding New User Accounts to ZoneDirector Managing Current User Accounts Creating New User Roles Managing Automatically Generated User Certificates a...

Страница 300: ...S Active Directory or LDAP server Configure Users To enable Zero IT activation do the following 1 Go to Configure WLANs 2 Click Edit on the WLAN where you want to enable Zero IT Activation 3 Enable WP...

Страница 301: ...can self provision his her wireless client to securely access your wireless LANs Clients that Support Zero IT NOTE For a detailed list of the operating systems that the Zero IT configuration supports...

Страница 302: ...s permission Additionally you must enable permission to modify WZC Windows Zero Configu ration for the users groups by creating a new security template and applying the template to the account using M...

Страница 303: ...s wireless settings for access to the secure internal WLAN 5 If you are not running a supported operating system you can manually configure wireless settings by clicking the link at the bottom of the...

Страница 304: ...sers are connecting with clients running earlier versions of Windows Linux or other operating systems that do not support Zero IT provisioning users must manually configure wireless settings A manual...

Страница 305: ...to 64 characters including special characters and spaces Password Enter a unique password for this user 4 32 characters in length using a combination of letters numbers and special characters includi...

Страница 306: ...ting user accounts as needed Changing an Existing User Account 1 Go to Configure Users 2 When the Users features appear locate the specific user account in the Internal User Database panel and then cl...

Страница 307: ...users to limit their access to certain WLANs to allow them to log in with non standard client devices or to grant permission to generate guest passes You can then edit the default role to disable the...

Страница 308: ...ption NOTE When creating a guest pass generator Role you must ensure that this Role is given access to the Guest WLAN If you create a Role and allow guest pass generation but do not allow the Role acc...

Страница 309: ...AN for both students and staff members Then when either connects to the network they would be given access rights based on their roles at the school Users created on an AAA server can be mapped to rol...

Страница 310: ...es and Keys With Ruckus Zero IT wireless activation a unique key or certificate is automatically generated for a user during the activation process More precisely for a WLAN configured with WPA or WPA...

Страница 311: ...w key or a new certificate Using an External Server for User Authentication Once your wireless network is set up you can instruct ZoneDirector to authenticate wireless users using your existing Authen...

Страница 312: ...erver type for more information 5 Click OK to save this server entry The page refreshes and the AAA server that you added appears in the list of authentication and accounting servers Note that input f...

Страница 313: ...users to a login web page the first time they connect to this WLAN and requires them to log in before granting access to use the WLAN After you activate web authentication on your WLAN you must then...

Страница 314: ...on option See Figure 167 4 Click the check box to Enable captive portal Web authentication 5 Select the preferred authentication server from the Authentication Server drop down menu 6 Click OK to save...

Страница 315: ...8 User Guide 800 70599 001 Rev B 315 8 Managing Guest Access In this chapter Configuring Guest Access Creating a Guest Access Service Creating a Guest WLAN Using the BYOD Onboarding Portal Working wit...

Страница 316: ...Service 1 Go to Configure Guest Access 2 Click Create New to configure a guest access service 3 In Onboarding Portal choose which options to display in the BYOD Onboarding Portal See Using the BYOD O...

Страница 317: ...ion settings Web Portal Logo Upload a logo to replace the Ruckus logo Guest Access Customization Enter text to display on the welcome page Restricted Subnet Access See Configuring Guest Subnet Access...

Страница 318: ...under the table columns in which you can enter parameters that define the access rule 5 Under Description type a name or description for the access rule that you are creating 6 Under Type select Deny...

Страница 319: ...o the secure internal WLANs To create a Guest WLAN 1 Go to Configure WLANs 2 Under WLANs click Create New The Create New WLAN form appears 3 Enter a Name SSID for this WLAN that will be easy for your...

Страница 320: ...to allow disconnected users a grace period after disconnection during which users will not need to re authenticate 10 Click OK to save your changes Figure 170 Create a Guest Access WLAN Using the BYO...

Страница 321: ...arding Portal Guest Pass Device Registration Show both buttons Device Registration Show Zero IT Device Registration button only 5 If Guest Pass is enabled configure Guest Pass options as described in...

Страница 322: ...WLAN and all settings on the Guest Access configuration page will be put into effect Figure 173 Guest Access welcome and terms of use screens If the user clicks the Register Device button the web pag...

Страница 323: ...ith the settings to automatically connect to the secure internal corporate WLAN NOTE You may need to manually switch from the guest WLAN to the secure WLAN after activation on some mobile devices NOTE...

Страница 324: ...email with guest credentials NOTE To enable guest pass delivery via email or SMS you must first configure an email server or an SMS delivery account Twilio or Clickatell from the Configure System page...

Страница 325: ...uest pass is valid from the time it is first created to the specified expiration time even if it is not being used by any end user Effective from first use This type of guest pass is valid from the ti...

Страница 326: ...sting roles including Default 2 Click Edit in the Default role row 3 In the Policies options clear the Allow Guest Pass Generation check box 4 Click OK to save your settings Users with default roles n...

Страница 327: ...1 allow all users with this role to connect to all WLANs or 2 limit this role s users to specific WLANs and then pick the WLANs they can connect to NOTE When creating a guest pass generator Role you m...

Страница 328: ...er account 1 Go to Configure Users 2 At the bottom of the Internal User Database click Create New 3 When the Create New form appears fill in the text fields with the appropriate entries 4 Open the Rol...

Страница 329: ...delivering a guest pass For instructions on how to generate multiple guest passes see Generating and Printing Multiple Guest Passes at Once NOTE If printing the guest pass make sure that your computer...

Страница 330: ...er for whom you are generating the guest pass Valid for Specify the time period when the guest pass will be valid Do this by typing a number in the blank box and then selecting a time unit Minutes Hou...

Страница 331: ...s 7 Click Next The Wireless Access Portal page appears 8 Choose whether to activate this guest pass for either yourself or a guest and click Next 9 The Request a Guest Pass page appears 10 Enter the g...

Страница 332: ...Working with Guest Passes Generating and Delivering a Single Guest Pass 332 Ruckus Wireless Inc Figure 178 The Guest Pass Generated page Figure 179 Sample guest pass printout...

Страница 333: ...ector hostname or ipaddress guestpass 3 In User Name type your user name 4 In Password type your password 5 Click Log In The Guest Information page appears On this page you need to provide information...

Страница 334: ...expires Figure 180 Generating multiple guest passes at once NOTE If you want to be able to identify the guest pass users by their names for monitoring or auditing purposes in a hotel setting for exam...

Страница 335: ...uctions 2 In Creation Type click Multiple 3 Click the click here link in To download a profile sample click here 4 Save the sample guest pass profile in CSV format to your computer 5 Using a spreadshe...

Страница 336: ...F or PNG Make sure that the logo file does not exceed the following Length Two inches on any side File size 20kB To customize the guest login page 1 Go to Configure Guest Access Edit or create a new G...

Страница 337: ...fault As administrator you can create custom guest pass printouts For example if your organization receives visitors who speak different languages you can create guest pass printouts in other language...

Страница 338: ...ck Browse select the HTML file that you customized earlier and then click Open ZoneDirector copies the HTML file to its database 9 Click Import to save the HTML file to the ZoneDirector database You h...

Страница 339: ...ustomize the message in the text box and click Apply to save your changes GP_ELSEIF_EFFECTIVE_FROM_FIRST _USE If you set the validity period of guest passes to Effective from first use in the Guest Pa...

Страница 340: ...Configure System page are first configured to allow ZoneDirector to use the configured Twilio or Clickatell account to deliver guest passes To customize the content of the SMS message used to deliver...

Страница 341: ...Working with Guest Passes Delivering Guest Passes via SMS ZoneDirector 9 8 User Guide 800 70599 001 Rev B 341 Figure 184 Customize the SMS content...

Страница 342: ...Working with Guest Passes Delivering Guest Passes via SMS 342 Ruckus Wireless Inc...

Страница 343: ...sh Networking Terms Supported Mesh Topologies Deploying a Wireless Mesh via ZoneDirector Understanding Mesh related AP Statuses Using the ZoneFlex LEDs to Determine the Mesh Status Using Action Icons...

Страница 344: ...ing When a new node appears it becomes assimilated into the mesh network In the Ruckus Wireless Smart Mesh network all traffic going through the mesh links is encrypted A passphrase is shared between...

Страница 345: ...gh its wireless interface Ethernet Linked Mesh AP eMAP An eMAP is a mesh node that is connected to its uplink AP through a wired Ethernet cable rather than wirelessly eMAP nodes are used to bridge wir...

Страница 346: ...ou can set up a mesh network using the wireless bridge topology In this topology ZoneDirector and the upstream router are on the primary wired LAN segment and another isolated wired segment exists tha...

Страница 347: ...n eMAP is a special kind of Mesh AP that uses a wired Ethernet link as its uplink rather than wireless An eMAP is not considered a Root AP despite the fact that it discovers ZoneDirector through its E...

Страница 348: ...mesh network from the Monitor Access Points page or from the Mesh Topology widget on the Dashboard Deploying a Wireless Mesh via ZoneDirector Deploying a wireless mesh via ZoneDirector involves the fo...

Страница 349: ...each Root AP and Mesh AP Remember that Root APs need to be connected to ZoneDirector via their Ethernet ports Make sure that the Root AP locations can be wired easily if cabling is not yet available...

Страница 350: ...to prevent isolating nodes If you want to disable Smart Mesh once it has been enabled you will have to factory reset ZoneDirector or disable mesh for each AP as described in Managing Access Points Ind...

Страница 351: ...request from a known host the AP converts the broadcast request packet into a unicast request by replacing the broadcast address with the MAC address If the AP receives a request from an unknown host...

Страница 352: ...pable Mesh AP as its downlink you will need to set the channel for the Root AP to one of the non DFS channels Specifically choose one of the following channels 36 40 44 48 149 153 157 161 165 This is...

Страница 353: ...possible for a node to be associated to a different ZoneDirector than its parent or children Figure 189 Dotted lines indicate that these APs are part of the wireless mesh network The symbols next to t...

Страница 354: ...d Action Connected AP is connected to ZoneDirector but mesh is disabled If mesh is enabled on the AP you may need to reboot it to activate the mesh Connected Root AP AP is connected to ZoneDirector vi...

Страница 355: ...LED Indicates downlink status and client association status AIR Signal Air Quality LED Indicates uplink status and the quality of the wireless signal to the uplink AP WLAN LED When Smart Mesh is enabl...

Страница 356: ...w for more information LED Color Behavior Root AP eMAP Mesh AP Solid green N A Connected to a Root AP or another Mesh AP Signal quality is good Fast blinking green N A Connected to a Root AP or anothe...

Страница 357: ...havior Root AP eMAP Mesh AP Fast blinking green No Mesh AP is connected Disconnected from the Root AP Solid green At least one Mesh AP is connected Signal quality is good Connected to a Root AP Signal...

Страница 358: ...d to disable Smart Uplink Selection and manually set the mesh nodes to which an AP can connect Note that in most situations Ruckus Wireless recommends against manually changing the roles of APs in a m...

Страница 359: ...or an AP manually 1 On the ZoneDirector web interface click the Configure tab 2 On the menu click Access Points 3 In the Access Points table find the AP you want to restrict and click Edit under the A...

Страница 360: ...e Isolated Mesh AP statuses that may appear on the Monitor Access Points page and provides possible reasons for the isolation and the recommended steps for resolving the issue Status Possible Reason N...

Страница 361: ...such as Notepad Step 1 Obtain the Mesh SSID and Passphrase 1 On the ZoneDirector web interface click the Configure tab and then click Mesh on the menu Config error The AP attempted to establish the m...

Страница 362: ...reless connection list locate the Mesh recovery SSID The SSID will be named island xxxxxx where xxxxxx is the last 6 digits of the AP s MAC address 2 Connect to this WLAN using WPA and the passphrase...

Страница 363: ...uto 6 If there are multiple ZoneDirectors on the network you may need to specify which ZoneDirector the AP should connect to using the command set director ip ZoneDirector s IP address 7 If a manageme...

Страница 364: ...Best Practices and Recommendations Recovering an Isolated Mesh AP 364 Ruckus Wireless Inc...

Страница 365: ...oneDirector Administrator User Name and Password Changing the Web Interface Display Language Upgrading ZoneDirector and ZoneFlex APs Working with Backup Files Restoring ZoneDirector to Default Factory...

Страница 366: ...save your changes To edit or replace the current name or password 1 Go to Administer Preferences 2 When the Preferences page appears you have the following options under Administrator Name Password Au...

Страница 367: ...tes 24 hours To change the admin idle timeout period enter a new value in Administer Preferences Timeout interval and click Apply Changing the Web Interface Display Language Depending on your preferen...

Страница 368: ...from the network To minimize network disruption Ruckus Wireless recommends performing the upgrade procedure at an off peak time NOTE If ZoneDirector is running a software version or earlier than versi...

Страница 369: ...ge Performing an Upgrade with Smart Redundancy If you have two ZoneDirectors in a Smart Redundancy configuration the procedure is similar Note however that the active and standby ZoneDirectors will re...

Страница 370: ...with Backup Files After you have set up and configured your Ruckus wireless network you may want to back up the full configuration The resulting archive can be used to restore your ZoneDirector and ne...

Страница 371: ...r Restore Configuration click Browse 3 Locate a previously saved backup file select the file and then click Open 4 Three restore options appear Restore everything Select this option if you want the de...

Страница 372: ...N settings 3 Smart Redundancy settings 4 DHCP server settings 5 Session timeout 6 Limited ZD Discovery and Management VLAN settings in Access Point Policies Restore only WLAN settings access control l...

Страница 373: ...n near the line that begins If you need to import the APs configuration 3 Browse to a previously saved backup file select the file and click Open The page refreshes and the name of the backup file you...

Страница 374: ...s accounts and preference configurations would need to be manually reconfigured CAUTION Resetting ZoneDirector to factory default settings will erase all configuration changes that you made except for...

Страница 375: ...Backup 2 When the Backup Restore page appears look for Restore Factory Settings and click the button 3 Owing to the drastic effect of this operation one or more confirmation dialog boxes will appear C...

Страница 376: ...nd therefore not trusted by any web browser This is the reason why the SSL security warnings appear when establishing an HTTPS connection to the ZoneDirector To eliminate the security warnings adminis...

Страница 377: ...r will be accessed in your browser e g by device name such as ZoneDirector NOTE Ruckus Wireless recommends using the FQDN as the Common Name if possible If your network does not have a DNS server you...

Страница 378: ...ountry or region from the pull down menu 3 Click Apply A dialog box appears and prompts you to save the CSR file myreq csr that you have just created 4 Save the file to your computer Figure 198 Genera...

Страница 379: ...RA MR dDI1dTPtSUG7 zWjXO5jC 0pykSldW q8hgO8kq30S8JzCwkqrXJfQ050N4TJtgb YC4gwH3BuB9wqpRjUahTiK1V1 ju9bHB bFkMWIIMIXc1Js62JClWzwFgaGUS2DLE8xICQ3wU1ez8RUPGn wSxAYtZ2N7zDxYDP2tEiO5j2cXY7O8mR3ni0C30 END CE...

Страница 380: ...the end certificate click on the intermediate certificate import option Click on the Import button to reveal the Import Intermediate Certificates form Click on Browse button and select the file conta...

Страница 381: ...ther ZoneDirector If your ZoneDirector is replaced due to an RMA you will need to restore the private key if you have installed a public certificate Ensure that the private key is kept secure because...

Страница 382: ...certificate When you try to import a wildcard certificate the ZoneDirector will notify you that it does not have the matching private key At this point click on the click here link to import the priva...

Страница 383: ...figuration with the Hotspot captive portal when it is being used for Zero IT activation through the ZoneDirector because the FQDN for the activate URL is identical on both ZoneDirectors To achieve thi...

Страница 384: ...to belong Remember the group names that you set you will enter this information when you create administrator roles in ZoneDirector see Step 3 TACACS See TACACS for more information 2 Set up ZoneDire...

Страница 385: ...t details that you will see Admin user_name login authenticated by Authentication Server with Role Upgrading the License Depending on the number of Ruckus Wireless APs you need to manage with your Zon...

Страница 386: ...se 2 Repeat for the standby ZoneDirector 3 After both have been upgraded and the license levels match the Smart Redundancy indicator displays Active Connected or Standby Connected Support Entitlement...

Страница 387: ...pport Service section click Choose File to import a new support upgrade file 3 Once the new support entitlement is applied click Check Entitlement to display the entitlement status service purchased s...

Страница 388: ...Support Entitlement Upgrading the License with Smart Redundancy 388 Ruckus Wireless Inc...

Страница 389: ...Connections Measuring Wireless Network Throughput with SpeedFlex Diagnosing Poor Network Performance Starting a Radio Frequency Scan Using the Ping and Traceroute Tools Viewing Current System and AP L...

Страница 390: ...g another OS or running a version of Windows pre XP SP2 This includes XP SP1 Your users client devices are using wireless network adapters without a WPA implementation The following list of options ma...

Страница 391: ...ious problems will hopefully be resolved To fix the connection of an active client 1 Go to Monitor Wireless Clients 2 In the Clients table locate the problematic client and click the Delete button on...

Страница 392: ...with instructions on how to re configure their client and log into the WLAN again At the end of this process the user should be reconnected If problems persist they may originate in Windows or in the...

Страница 393: ...click Monitor Access Points If you want to test client throughput click Monitor Wireless Clients 5 In the list of APs or clients look for the MAC address of the AP or wireless client that you want to...

Страница 394: ...re Their Own Wireless Throughput After SpeedFlex is installed and running on the client click Start again to continue with the wireless performance test A progress bar appears below the speedometer as...

Страница 395: ...Flex If WLAN Connection Problems Persist ZoneDirector 9 8 User Guide 800 70599 001 Rev B 395 Figure 206 Click the download link for the target client s operating system Figure 207 A progress bar appea...

Страница 396: ...ns throughput results for each hop as well as the aggregate throughput from ZoneDirector to the final AP in the tree To measure throughput across multiple hops in a Smart Mesh tree 1 Go to Monitor Mes...

Страница 397: ...Throughput with SpeedFlex Using SpeedFlex in a Multi Hop Smart Mesh Network ZoneDirector 9 8 User Guide 800 70599 001 Rev B 397 Figure 209 Running Multi Hop SpeedFlex in a mesh tree Figure 210 Multi...

Страница 398: ...nected only to the wireless network If your wireless device is also connected to the wired network unplug the network cable 2 Start your web browser and then enter the following in the address or loca...

Страница 399: ...work administrator for assistance Diagnosing Poor Network Performance You can try the following diagnostic and troubleshooting techniques to resolve poor network performance 1 Go to Monitor Map View 2...

Страница 400: ...ection and an updated coverage evaluation Figure 211 The Diagnostics page Using the Ping and Traceroute Tools The ZoneDirector web interface provides two commonly used tools that allow you to diagnose...

Страница 401: ...The Network Connectivity window opens Click Ping to ping the IP address or Trace Route to diagnose the number of hops to the IP address Figure 213 Network Connectivity dialog You can also access the...

Страница 402: ...Info section click Save Debug Info 6 When the File Download dialog box appears select Save File and click OK 7 When the Save As dialog box appears pick a convenient destination folder type a name for...

Страница 403: ...hroughput ZoneDirector 9 8 User Guide 800 70599 001 Rev B 403 1 Go to Administer Diagnostics and locate the AP Logs section 2 Click the Click Here link next to To show current AP logs The log data is...

Страница 404: ...apture Streaming Mode NOTE Performing packet capture on the 5 GHz radio of a Mesh AP MAP can result in connectivity issues due to the AP s use of the 5 GHz radio for Mesh communications Therefore Ruck...

Страница 405: ...which applies it before streaming Both modes allow compound filter expressions conforming to the pcap filter syntax which is described at http www manpagez com man 7 pcap filter Local Capture To capt...

Страница 406: ...GHz radio or select wlan101 if streaming on the 5 GHz radio 9 Click Start Wireshark displays the packet stream in a new window Figure 216 Add APs from Currently Managed APs list to Capture APs list F...

Страница 407: ...its convey additional TX and RX descriptor indicators described in the table below Table 33 Ruckus defined indicators conveyed in MAC Flags Limitation The AP can report RX EVM values or the RX LDPC in...

Страница 408: ...g purposes Do not enable this feature unless instructed to do so by Ruckus support Figure 218 The Upload Scripts and Remote Troubleshooting features are used by Ruckus Support in diagnosing customer n...

Страница 409: ...figuration changes Ruckus Wireless recommends shutting down ZoneDirector to ensure that all configuration changes are saved and remain after reboot Performing a Restart may cause ZoneDirector to lose...

Страница 410: ...Restarting ZoneDirector Streaming Mode 410 Ruckus Wireless Inc...

Страница 411: ...rt Mesh Networking Best Practices In this chapter Choosing the Right AP Model for Your Mesh Network Calculating the Number of APs Required Placement and Layout Considerations Signal Quality Verificati...

Страница 412: ...802 11n AP Calculating the Number of APs Required This is an important step in planning your mesh network You will need calculate the number of total APs Root APs and Mesh APs that are needed to prov...

Страница 413: ...o have 2 or more RAPs so that there are alternate paths back to the wired network More roots are better The more Root APs in the design the higher the performance Therefore as far as possible try to w...

Страница 414: ...locations temporarily using a tripod stand or other means and actually checking the Signal Quality throughout the mesh network In addition once the mesh is deployed the Signal Quality should be period...

Страница 415: ...may use 35 as your Signal benchmark Ensure Minimum 2 Uplink options for every MAP In addition under Neighbor APs it is best practice that there exists an alternate path for this mesh uplink This alte...

Страница 416: ...entation and placement is that during the planning phase it is advisable to use the Signal Quality as your benchmark as explained in the Signal Quality Verification section Ensure that the Signal is b...

Страница 417: ...tation A less typical vertical orientation may be used in certain cases where it is not possible for mechanical or aesthetic reasons to use the typical horizontal orientation In such cases indoor APs...

Страница 418: ...attention to the elevation of an AP for reliable mesh operation More specifically large differences in elevation should be avoided So whether you are deploying an indoor mesh an outdoor mesh or a mixe...

Страница 419: ...r all single band or all dual band APs 2 Avoid an excessive number of hops Ideally keep hop count to 3 or less 3 Having more RAPs is better for performance 4 Ensure that there are RAPs near the middle...

Страница 420: ...Best Practice Checklist Elevation of RAPs and MAPs 420 Ruckus Wireless Inc...

Страница 421: ...t 118 AES option values 183 airtime 283 Alarms activating email notification 83 Algorithm New WLAN creation 183 All Events Activities Logs 77 AP Activities 47 AP Groups 231 AP markers overview 267 App...

Страница 422: ...26 Country Code 74 Create New options Authentication Servers 311 Create New User internal database 305 create user 304 Creating a Guest Pass Generation User role 326 Creating a new WLAN Access VLAN 18...

Страница 423: ...t state restoring ZoneDirector 374 Fail Over 64 Failed user connections 390 Failover force 68 Fast BSS Transition 182 Firewall open ports 39 Firewall Integration 79 Firmware upgrade 368 FlexMaster ena...

Страница 424: ...nt ACL 71 Management VLAN 249 Managing current user accounts 306 Map View adding a floorplan 258 adjusting AP positions and settings 259 importing a floorplan 263 placing AP markers on a floorplan 264...

Страница 425: ...ting key expiration 221 PSK lifetime settings 221 R Radar Avoidance Pre Scanning 117 Radio Band ZoneFlex 7321 236 255 Radio frequency scans starting a scan 399 Radio Resource Management 190 radio stat...

Страница 426: ...ettings 173 Timeout interval 367 TKIP option values 183 Toolbox 44 50 401 Tools Map View 265 Traceroute 400 transmission statistics 283 Troubleshooting diagnosing poor network performance 399 manually...

Страница 427: ...ation 184 209 Wireless networks overview 30 176 Wireless performance test tool 392 WLAN creation 178 optimizing coverage 268 recent events reviewing 269 WLAN Group 196 232 254 WLAN network security cu...

Страница 428: ...428 Ruckus Wireless Inc band selection 236 255 ZoneFlex APs upgrading software 368...

Страница 429: ...ZoneDirector 9 8 User Guide 800 70599 001 Rev B 429...

Страница 430: ...Copyright 2006 2014 Ruckus Wireless Inc 350 West Java Dr Sunnyvale CA 94089 USA www ruckuswireless com...

Отзывы:

Нет отзывов