This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Two lans, ZF7330 and 7055 APs, 1 zone director

victor_samuel_a
New Contributor II

‎08-26-2015 07:18 AM

Hi there,
I'm new here.
I'm upgrading our access points to zf7330 and zf7055. Both have 3 and 5 Lan ports. We have a ZoneDirector 3050.
What I want to do:
  • I have two internet connections coming to site.
  • I want to use one for office LAN
  • I want to use the other for visitors, guests (on a subnet) and scheduled AP (up on Sundays and Mondays, down the rest of the week).
  • ZoneDirector to manage APs
  • I want to use two LAN ports on each AP. One for Office LAN (with POE) the other for Visitors, Guest and Schedule WLan.
I managed to setup the 7330 standalone and managed to achieve what I needed, except for the schedule AP. I did this using VLANs and connecting each AP LAN to a switch port on each VLAN (default 1, and 2).

I would like to get the same setup but using the ZoneDirector, so that I can use other features, like Radius, users, guest, schedule Wlan, etc.

Can anyone guide me in the right direction?

Thanks!
6 REPLIES 6

alan_sneath
New Contributor II

‎08-26-2015 07:42 AM

I have a very similar setup, although I use the same physical port on all APs.  The ZoneDirector then tags the guest WLAN which is sent across a completely separate network by the switches.  In theory your setup should be almost identical, although the exact config for sending guest traffic out a separate port on the APs is a question I'll leave for somebody who actually does this!

The schedule for the guest WLAN can be set in Configure -> WLANs and then by clicking 'Edit' next to the relevant WLAN.  Expand 'Advanced options' and the schedule will be at the bottom.  If you leave the office WLAN at default, it'll be on all the time.

RADIUS, guest passes, etc are all setup separately through the 'Guest Access' and 'AAA Servers' tabs.
0 Kudos

sid_sok
Contributor II

‎08-26-2015 07:47 AM

You should be able to achieve the same thing using the port setting for Specific AP model or the individual AP Port setting.

For the Group setting look in: Configure>Access Point> Access Point Group (edit or create a new one)>Model Specific Control> (select the) Override system Default, and you should be able to apply the same VLAN rule as on the Standalone AP.

Or for specific AP you can edit that one AP and enable (check) the "Override Group Config" in the "Port Setting" section of the AP's config page.

Sid
0 Kudos

victor_samuel_a
New Contributor II

‎08-26-2015 07:47 AM

Hi RBGE,

Thank you for your quick reply.

I would love to know what kind of setup you have, and the kind of equipment (switches) you are using.

Regards.
0 Kudos

alan_sneath
New Contributor II

‎08-26-2015 08:07 AM

Happy to share details.  Bear in mind that while my setup works for me, it may not be the best for anyone else reading this.  The main goal of this setup though is to keep guest traffic completely isolated from the rest of the network.  Not only for security, but we're an academic institution and aren't allowed to let Joe Public use our Janet connection (if you're not based in the UK and don't know what Janet is, details are here: https://en.wikipedia.org/wiki/JANET - this part isn't important though).  Point is we need to provide wi-fi to visitors, but not on our connection.

We have a second Internet connection dedicated solely to public access, as is fairly common nowadays, using a standard business ADSL connection.  This is connected to a separate firewall which handles DHCP, content filtering, etc...  and is isolated to the guest VLAN.  When a visitor connects to our guest network, the AP tags the traffic with the VLAN ID and the switches are configured to only allow this traffic across certain ports.  This allows it to reach the DHCP server on the firewall, which gives the client an IP address on the ADSL network and isolates it from everything else.  We use HP switches, although there's nothing HP specific here.  Anything that can handle VLAN tagging is fine.  It also makes things easier when setting up extra APs, as all that needs done is to connect a PoE cable and allow the guest VLAN on the switch port.

This has worked perfectly for quite some time, but the only issue I've had recently (see my other posts for info) is that when trying to use a separate authentication portal (PurplePortal in this case), the clients are bounced back to the ZoneDirector to complete authentication.  Unfortunately they can't see it, as they're now on an external network.  For standard guest access though, it works perfectly!

That may or may not make sense, as I probably glossed over a few details.  Happy to clarify anything if it helps though!
0 Kudos
Copyright © 2024 Khoros, LLC