This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ruckus Network Design for Guest Network between two Sites

marco_eichstet1
Contributor III

‎06-27-2014 12:20 PM

Hi,

i need some help for a Ruckus Network Design please.

Following Environment:
- 1 Company
- 1 Active Directory Domain
- 2 Company Sites (Munich and Berlin) connected together over a Layer 3 VPN Tunnel.
- Each Site have a seperate Internet Router just for the Ruckus Guests/Employees.

Goal:
Employees (no matter if there are working in Munich or Berlin) should be able to get Internet Access for there private Smartphones through the Internet Router. They should be able to Login on both Sites with the same User (one User Database). It should be easy as possible. Additionally it should be possible still to connect to the Wireless LAN if the VPN Tunnel goes down.

My main Questions are:
- How can i achive this goal?
- Is there (in case of an existing AD Domain) a better Solution than create Guest Tickets for each Employee? Maybe Authentication with an existing Windows User Account?
- Where should i add a ZoneDirector? One on each Site? If yes, can i connect them together for redundancy if one fails or the VPN Tunnel goes down?

Are there other things i should look for?
Many Thanks for any help/idea.

Best Regards
Marco
15 REPLIES 15

marco_eichstet1
Contributor III

‎06-28-2014 11:02 PM

Hello,

Thanks again.
ok. I think its clear.

I asked for addind just the RUCKUS Hardware in its own VLAN because in one of my first RUCKUS Installations i had some Trouble with that Type of Config:
I added my ZD and my APs in VLAN 6 untagged. The wired Productive Network was VLAN 1. I tried to create a SSID for the wireless Productive Clients on my ZD and leave the VLAN Tagging on the default Value 1. The Problem was, my Wireless Clients received an IP from the DHCP Server in VLAN 6 where my APs was untagged in - not from VLAN 1.

Where was my mistake?

Thanks!
Marco

PS: Maybe you have a answer to this Topic i created with a different User, too:
https://forums.ruckuswireless.com/ruc...
0 Kudos

Anonymous
Not applicable
In response to marco_eichstet1

‎08-04-2014 08:10 AM

Hi Marco,

Did you have the port facing AP as untagged vlan6? If so, AP's vlan 1 would have been vlan1.

You might want to take a look at changing the AP's management vlan at:
configure -> Access Points -> Access Point Policies -> Management VLAN

or separating data traffic and management vlan for Wired and Wireless away from vlan1.
0 Kudos

marco_eichstet1
Contributor III
In response to marco_eichstet1

‎08-04-2014 10:15 AM

Hi yy,

yes. I set VLAN 6 as untagged at the Switch Port where the AP was connected.

But one Basic Question:
Is it recommended or more secure to add all my Ruckus Hardware (ZD + APs) to its own VLAN as untagged/native? Or whould you add your Hardware in a existing VLAN e. g. VLAN 1 where all my Servers, Clients and Printers are?

Thanks!
Regards
Marco
0 Kudos

marco_eichstet1
Contributor III
In response to marco_eichstet1

‎08-04-2014 10:19 AM

Here i found an answer:
https://forums.ruckuswireless.com/ruc...
0 Kudos

marco_eichstet1
Contributor III

‎06-28-2014 11:47 PM

Hello,

the AD is redundant. I have two Domain Controller at each Site. Thats no Problem.
I whould plan to Authenticate my Guests with their Active Director User instead the internal ZoneDirector Guest Ticket. This should be possible, or?

Regards
Marco
0 Kudos
Copyright © 2025 Khoros, LLC