cancel
Showing results for 
Search instead for 
Did you mean: 

How to create walled garden on 7055 solo ap.

wes_hall_jazva8
New Contributor II
Hi all,  Please bear with me I'm new to the Ruckus wireless line.   We've recently become owners of a small multi unit residence building using Ruckus 7055 APs.  I'm assuming there is no controller since I've found none on-site at this time.  The present setup does use a homegrown portal login based on their email addresses.  So I'm assuming these are standalone Ap's.  
I'm stuck rebuilding this from scratch since the previous management company left without passwords, documentation, or any contractual requirements.  I'd like to integrate this residence into our present Clearpass portal/802.1x system.  I've gotten most of this to work with a couple exceptions. 

1.  Is there a way to backup the config of the AP. 
--I saw a couple backup options but when I tried to restore after a factory reset the restore failed to set some values.  This would be a timesaver if I screwup the config again.
 
2.   Is a walled garden/portal setup possible with this model AP?  
--I got it close to working once then lost connection when I changed a setting.  I've never been able to get back that close.  I've tried a couple version of software but I'm not sure which is the best for hotspot.  

3.  How does whitelisting walled garden work?
-- I've whitelisted our dns,dhcp,and portal servers but this doesnt seem to allow traffic to these servers.  At least pings and dns lookups fail, packet captures show no corresponding traffic at the switchports.

3.  On the SSID screen there is an access vlan field.  Is this an actual untagged vlan on the switchport or can I just trunk all vlans to the AP? 
--I'd like to have vlan 1 as management for ap, vlan 2 for portal, vlan 3 for 802.1x, vlan 4 for mac-auth or no auth (I'll deal with this after I get above working).


I realize the 7055 is EOL but there were no funds dedicated to upgrade till next year.  The AP's will also be connected to ICX7450's, if this makes a difference int the conversation.

Thank you
gus
1 REPLY 1

roberto_flores_
RUCKUS Team Member

Hello Gus,

 

I’m in Ruckus support and will provide you with best effort as the product is EOL and there is no support entitlement.  However, you can still purchase support for the product for a full suite of support options.  See EOL doc, https://support.ruckuswireless.com/documents/1060-zoneflex-zf7055-end-of-life-eol-notification, for your purchasing support options.  The product is EOL but you can still purchase support till 2021.  I will also suggest upgrading the AP to the last stand-alone available SW = 104.0.0.0.1347 = https://support.ruckuswireless.com/software/1017-zoneflex-solo-access-point-104-0-0-0-1347-ga-softwa...

Answer to your questions:

1.  Is there a way to backup the config of the AP. 

--I saw a couple backup options but when I tried to restore after a factory reset the restore failed to set some values.  This would be a timesaver if I screwup the config again.

Answer = there is no way to do a straight backup of the APs.  You can do screen caps, of course, get the support info file (under Maintenance / Support Info) and see the configuration from the RPM keys within the support info file for future configuration reference.


2.   Is a walled garden/portal setup possible with this model AP? 

--I got it close to working once then lost connection when I changed a setting.  I've never been able to get back that close.  I've tried a couple version of software but I'm not sure which is the best for hotspot.  

Answer = you can definitely use Radius and Clearpass for the 802.1x certification.  As you know, you have to create the 802.1x WLAN and work with a Hotspot configuration.  Within the hotspot, you can definitely create a walled garden and allow your network elements for pre-authentication access.  This with accordance of having the latest SW running in the AP(s).  Also, would recommend to use Firefox or Chrome.


3.  How does whitelisting walled garden work?

-- I've whitelisted our dns,dhcp,and portal servers but this doesnt seem to allow traffic to these servers.  At least pings and dns lookups fail, packet captures show no corresponding traffic at the switchports.

Answer =  you also have to define the radius server, the clearpass cert server, gateway, etc (any elements that your AP will need to communicate to on behalf of your client for authentication).  Also, you will need to ping the gateway, clearpass server, radius server from the AP (unless you have statics routes defined within your network).


4.  On the SSID screen there is an access vlan field.  Is this an actual untagged vlan on the switchport or can I just trunk all vlans to the AP? 

--I'd like to have vlan 1 as management for ap, vlan 2 for portal, vlan 3 for 802.1x, vlan 4 for mac-auth or no auth (I'll deal with this after I get above working).

Answer = under Configure / Internet is where you find the AP management VLAN.  AP Management VLAN is for AP access.  By default, management VLAN is 1.  For client traffic VLAN assignments, you do that at the WLAN/ SSID configuration option (Configuration / Radio 2.4G, Configuration / Radio 5G), the access vlan fill in within the WLAN configuration.


Thank you,

-Roberto Flores.