I am a (prospective) Ruckus newbie interested in the following setup with a couple of R650’s: the R650's would be connected over 2.5Gb Ethernet to a Mikrotik router 10.1.0.1 offering dhcp within 10.1.0.0/16; 10.1.0.1 is a NAT-gateway towards the Internet.
I would then like to span 3 SSIDs (each 5 and 2.4 GHz) over the R650’s:
SSID1 should simply bridge to 10.1.0.0/16.
SSID2 and SSID3 should be different subnets, say 10.2.0.0/16 and 10.3.0.0/16, and route (no NAT) via 10.1.0.1 towards the Internet. Access to 10.1.0.0/16 should be restriced, access from 10.1.0.0/16 to 10.2 and 10.3 should be allowed.
Can this be set up with Unleashed? What would be the preferred way: VLANs for 10.2.0.0/24 and 10.3.0.0/24 with dhcp, frewalling, etc. handled by 10.1.0.1; or SSID1 and SSID2 configured on the master R650 e.g. as Guest WLANs with local dhcp-servers and routing?
Thanks a bunch to anyone who cares to read & answer!
I would suggest letting the router do all the work. Make 3 VLANs and have each SSID be associated with one VLAN so the Ruckus does nothing but move packets between SSID and the VLAN. Have the router perform routing and enforce inter-VLAN firewall policies.
It is impossible to route 10.x.x.x networks to Internet, as these are the private (which means "unroutable") networks, so you must use NAT to connect them to Internet. You can route between private networks, but the connection to Internet must be NATed.
And you want all routing and NATing done on router, so APs just bridge SSIDs to proper VLANs, and that's it (no routing or DHCP on Ruckus gear, etc). Mikrotik have reach routing functionality, and Ruckus has brilliantly performing WiFi, so use best from each and be happy.
@raymond_lau_7402727 Thanks a bunch. Would the other scenario also be possible? I am still struggling to find extensive documentation on configuration options: Is there a way to assign subnets and dhcp-servers to SSIDs on the master router?