i need some help for a Ruckus Network Design please.
- 1 Company
- 1 Active Directory Domain
- 2 Company Sites (Munich and Berlin) connected together over a Layer 3 VPN Tunnel.
- Each Site have a seperate Internet Router just for the Ruckus Guests/Employees.
Employees (no matter if there are working in Munich or Berlin) should be able to get Internet Access for there private Smartphones through the Internet Router. They should be able to Login on both Sites with the same User (one User Database). It should be easy as possible. Additionally it should be possible still to connect to the Wireless LAN if the VPN Tunnel goes down.
My main Questions are:
- How can i achive this goal?
- Is there (in case of an existing AD Domain) a better Solution than create Guest Tickets for each Employee? Maybe Authentication with an existing Windows User Account?
- Where should i add a ZoneDirector? One on each Site? If yes, can i connect them together for redundancy if one fails or the VPN Tunnel goes down?
Are there other things i should look for?
Many Thanks for any help/idea.
this is doable and very often implemented in a Central office and branch office scenario. I am assuming that Berlin is central office where ZD and AD will reside. In this deployment once deployed same configuration at Berlin office will reflect in Munich office and same AD credential can be used at branch office.
Make sure that latency of VPN connection is less than 100ms.
You can add the 2nd ZD at Munich office for redundancy then both Zd's can be configured in a such way that AP's in case of failure of ZD or VPN are forced to contact alternate ZD which could be on same site or remote site depending on nature of fault.
Please remember that during redundancy AP's will work only with one ZD i.e active or primary.
Also make sure that LWAPP ports are opened on remote site router & firewall, latency is less than 100 ms and keep an eye on MTU of the VPN link.
Yes, your right Berlin is the Central Office. Munich the branch office.
Latency of VPN is less than 100ms. That's no Problem.
If i understand right, i connect the 2nd ZD in Munich over the Feature "Smart Redundany" over VPN. Berlin Active. Munich Standby. Each ZD must be the same Model and have the same Number of licenced APs.
One additional Question please:
I plan to create a VLAN for my RUCKUS Hardware (ZD and APs) and a VLAN for my Guest Network and in the future a seperate VLAN for my Production Network. There will be a DHCP Server in each VLAN. I don't want to add my RUCKUS Components in the Production Network. The inter-VLAN Routing will be done by a HP Switch for each VLAN except the Guests. The Routing for my Guests will be done from a own Firewall. Is this planed Configuration Best Practice or recommended/common?