12-16-2021 01:24 PM
Greetings!
Lately I have taken over an old WiFi-project which was once installed by someone in a restaurant/cafe.
Sadly enough it is a mess. The Ruckus APs are simply just connected to the router he placed, changed the SSID and called it a day. Litteraly everything is on 1 network. Guests, employees and even the checkouts! That is something we really do NOT want.
Currently there are 4 Ruckus R320 Unleashed APs hanging in the building. The idea now is to create different SSID's and VLANS so that everything is going to be seperated.
For example:
(VLANS are done in a DrayTek 2865Va, AP's connect to a P2540x)
SSID 1 = Employees = VLAN60
SSID 2 = Guests = VLAN90
SSID 3 = Checkout devices and such = VLAN 30
But as I understood it is not possible to create seperated SSIDs and point them to different VLANS with those APs.
As far as I've read and understand, I need the ZoneDirector 1200 and then upgrade the firmware of the Unleashed AP's, to ZoneFlex firmwares so that they will be stand-alone AP's, add them to ZoneDirector and then be able to point different SSIDs to different VLANS.
My question is, is this true and am I right on track? And if it is, can I then accomplish what I want? Also what firmware should be put onto them? Or is there another way/device to accomplish what i want which is cheaper? The ZoneDirector is pretty expensive, so I want to be sure 😄
Thanks!
12-16-2021 01:33 PM
I definitely have 2 SSIDs with 2 VLANs..... Go into Edit WLAN (for the SSID) > Advanced Options > WLAN Priority > Access VLAN and put in the number of your VLAN.
12-16-2021 10:34 PM
You don't need Zd for VLAN setup. Unleashed supports VLANs, it's a basic functionality.
What you need to do is ocnfigure all ports, to which APs are connected as trunks,, with native (untagged) VLAN used for APmanagement, and all others tagged. You need managed switch for that. Check if your router supports multiple internal VLANs and multiple DHCP -- most home routers don't support it, than you need to use L3 switch to route between networks and provide ACLs. Better is to use some firewall or at least reasonable router, supporting multiple networks and firewalling between them. Any firewall, such Watchguard or similar, will do, as well as you can use Mikrotik routers (they are very cheap, have a lot of pro features but are not intuitive in configuration - so there is a lot of info on google, how to do it).
12-17-2021 05:54 AM
@BCMascha As indicated by the other posters, Unleashed is certainly able to provide the VLAN functionality you require and has been able to do so for some time.
To apply a specific VLAN to an SSID (WLAN in Ruckus terminology) this setting is configured in the WLAN 'advanced options' setup section. Details here: https://docs.commscope.com/bundle/unleashed-200.9-onlinehelp/page/GUID-13F1D151-3C8F-418E-AE52-08592...
Another question we often encounter is regarding the management VLAN on Unleashed. I'm delighted to confirm this feature has now been added in version 200.10: https://docs.commscope.com/bundle/unleashed-200.10-troublshootingref/page/GUID-06BD65BC-B300-4F74-82...
Very importantly; as advised by eizens; you must ensure that your entire LAN supports the VLANs you configure in the Unleashed interface, in order for data traffic to flow.
Regarding your firmware version; R320 are supported on the latest version of Unleashed; 200.11.
I hope the above helps,
Darrel.
12-18-2021 02:53 AM
Thanks guys for the explanations! I found the stuff that I need and it works perfectly atm. Also I will be definitely looking into firewalls!
EDIT: What I only don't know/understand is how to force the AP to get another native VLAN. It is now going to VLAN1 by default, but what if I want it to be VLAN60 including the WLAN from the employees, since WLAN only accepts tagged VLANS?
I gave the AP ports untagged 60, tagged 90 and 30. The AP is now reachable from VLAN60, but the SSID won't work as it is not tagged and won't give out IP's. In VLAN1 (Or whatever VLAN I'm going to give the default one) are all the 'managed' devices (Router, switches, etc) so I want the AP to stay away from that VLAN, or is it save enough to leave them there?
What I do see happening, is that when I give the SSID an Access VLAN of 1, it will give an IP from VLAN60 though, but I'm not sure if this is the right way to do it :'D It does work as I want though...