CommScope RUCKUS Community Forums

jp · ‎05-17-2021

Dear all,

I am a (prospective) Ruckus newbie interested in the following setup with a couple of R650’s: the R650's would be connected over 2.5Gb Ethernet to a Mikrotik router 10.1.0.1 offering dhcp within 10.1.0.0/16; 10.1.0.1 is a NAT-gateway towards the Internet.

I would then like to span 3 SSIDs (each 5 and 2.4 GHz) over the R650’s:

SSID1 should simply bridge to 10.1.0.0/16.
SSID2 and SSID3 should be different subnets, say 10.2.0.0/16 and 10.3.0.0/16, and route (no NAT) via 10.1.0.1 towards the Internet. Access to 10.1.0.0/16 should be restriced, access from 10.1.0.0/16 to 10.2 and 10.3 should be allowed.

Can this be set up with Unleashed? What would be the preferred way: VLANs for 10.2.0.0/24 and 10.3.0.0/24 with dhcp, frewalling, etc. handled by 10.1.0.1; or SSID1 and SSID2 configured on the master R650 e.g. as Guest WLANs with local dhcp-servers and routing?

Thanks a bunch to anyone who cares to read & answer!

Joachim.

raymond_lau_740 · ‎05-17-2021

While Unleashed has some abilities to support ACLs, isolation of client traffic and QoS (e.g. for voice), my opinion is that it is better to think of a SSID as akin to a switch with VLAN support, only over WiFi. Use those ACL/etc capabilities to manage traffic between WiFi and wired when on the same VLAN, but let your router do the heavy lifting between VLANs.

There are also some very limited NAT/router capabilities in Unleashed, but they are very limited and not as performant as having a router perform those functions. As such, I haven't invested much time in designing my networks to do more in Unleashed and less in my routers.

DarrelRhodes · ‎05-17-2021

Hi Joachim,

Ruckus Wi-Fi access points are primarily layer 2 devices (bridges). There are some L3 functions for management and Gateway mode but they aren't relevant here.

As mentioned by the other respondents; you need to use VLANs to achieve your L3 separation. Each SSID/WLAN will be tagged with VLAN X/Y/Z and each VLAN will be configured on your router with the relevant L3 subnet you require. Wi-Fi clients get their IP address from a DHCP server operating on each VLAN or are statically assigned.

Unleashed can assign a VLAN to each SSID/WLAN. This is standard practice in enterprise networks.

An example of a similar scenario: https://support.ruckuswireless.com/articles/000001547

HTH,
Darrel.

jp · ‎05-17-2021

Hi Darrel,

thanks, this is quite what I have in mind. I guess this also works with Unleashed? The option of avoiding a seperate management device or a cloud service is actually the reason I am looking into Ruckus.

I tried to click my way through the support pages, but many documents cannot be accessed without upgraded support. It's not exactly easy for prospective buyers to get an idea about the products' details.

I am still struggling to find a way to buy an R650 here in Europe, it seems they are quite rare here and hardly available.

Best,

Joachim.

DarrelRhodes · ‎05-18-2021

Hi Joachim,

Absolutely, what I described (VLAN tagging, per SSID) is definitely supported in Unleashed.

Ruckus are a partner-led vendor, so we only sell through our accredited partners. You can find your nearest (and others) here: https://extapps.commscope.com/howtobuy/RuckusChannelPartner

R650 are available in the UK (where I'm based) so should be available elsewhere in Europe.

Please let me know if you have any issues with the above and where you are located and I'll get someone local to contact you.

Best,
Darrel.

jp · ‎05-18-2021

Darrel,

it seems indeed hard to buy an R650 on the continent: I searched the usual suspects (online shops) and contacted two Ruckus distributors but no luck. I'd appreciate if someone got in touch with me, I am east of Munich, but location is insignificant for me.

Cheers, Joachim.

CommScope RUCKUS Community Forums

Q regarding IP ranges/routing and SSIDs