2. Computers & electronics
  3. Software
  4. Ruckus Wireless
  5. ZoneDirector 5000
ZoneDirector 5000

Ruckus Wireless ZoneDirector 5000, ZoneDirector 1100, ZoneDirector 3000 User manual

  • Hello! I am an AI chatbot trained to assist you with the Ruckus Wireless ZoneDirector 5000 User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Ruckus Wireless
ZoneDirector
Release 9.8 User Guide
Part Number 800-70599-001 Rev B
Published July 2014
www.ruckuswireless.com
ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 3
Copyright Notice and Proprietary
Information
Copyright 2014. Ruckus Wireless, Inc. All rights reserved.
No part of this documentation may be reproduced, transmitted, or translated, in any form or by any means, electronic,
mechanical, manual, optical, or otherwise, without prior written permission of Ruckus Wireless, Inc. (“Ruckus”), or as
expressly provided by under license from Ruckus.
Destination Control Statement
Technical data contained in this publication may be subject to the export control laws of the United States of America.
Disclosure to nationals of other countries contrary to United States law is prohibited. It is the reader’s responsibility to
determine the applicable regulations and to comply with them.
Disclaimer
THIS DOCUMENTATION AND ALL INFORMATION CONTAINED HEREIN (“MATERIAL”) IS PROVIDED FOR GENERAL
INFORMATION PURPOSES ONLY. RUCKUS AND ITS LICENSORS MAKE NO WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, WITH REGARD TO THE MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR THAT THE
MATERIAL IS ERROR-FREE, ACCURATE OR RELIABLE. RUCKUS RESERVES THE RIGHT TO MAKE CHANGES OR
UPDATES TO THE MATERIAL AT ANY TIME.
Limitation of Liability
IN NO EVENT SHALL RUCKUS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUEN-
TIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY YOU OR ANY
THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE
OF, THE MATERIAL.
Trademarks
Ruckus Wireless, Ruckus, the bark logo, ZoneFlex, FlexMaster, ZoneDirector, SmartMesh, Channelfly, Smartcell,
Dynamic PSK, and Simply Better Wireless are trademarks of Ruckus Wireless, Inc. in the United States and other
countries. All other product or company names may be trademarks of their respective owners.
4 Ruckus Wireless, Inc.
ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 5
Contents
Copyright Notice and Proprietary Information
About This Guide
Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Documentation Feedback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1 Introducing Ruckus Wireless ZoneDirector
Overview of ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
ZoneDirector Physical Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
ZoneDirector 1100. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
ZoneDirector 3000. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
ZoneDirector 5000. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Introduction to the Ruckus Wireless Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Ensuring That APs Can Communicate with ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . 30
How APs Discover ZoneDirector on the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
How to Ensure that APs Can Discover ZoneDirector on the Network . . . . . . . . . . . . . . 32
Firewall Ports that Must be Open for ZoneDirector Communications . . . . . . . . . . . . . . 39
Installing ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Accessing ZoneDirector’s Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Using the ZoneDirector Web Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Navigating the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Using Indicator Widgets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Real Time Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Stopping and Starting Auto Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Registering Your Product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
2 Configuring System Settings
System Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Changing the System Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Changing the Network Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
IPv6 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Enabling an Additional Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6 Ruckus Wireless, Inc.
Creating Static Route Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Static Route Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Enabling Smart Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Configuring ZoneDirector for Smart Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Forcing Failover to the Backup ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Configuring the Built-in DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Enabling the Built-in DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Viewing DHCP Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Controlling ZoneDirector Management Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Setting the System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Setting the Country Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Channel Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Channel Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Changing the System Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Reviewing the Current Log Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Customizing the Current Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Setting Up Email Alarm Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Customizing Email Alarms that ZoneDirector Sends . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Configuring SMS Settings for Guest Pass Delivery via SMS . . . . . . . . . . . . . . . . . . . . . . 86
Enabling Network Management Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Enabling Management via FlexMaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Enabling Northbound Portal Interface Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Configuring SNMP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Configuring DHCP Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Enabling Bonjour Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Creating a Bonjour Gateway Rule - ZD Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Creating a Bonjour Gateway Rule - AP Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Applying a Bonjour Policy to an AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Example Network Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
3 Configuring Security and Other Services
Configuring Self Healing Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Automatically Adjust AP Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Automatic Channel Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Band Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Radar Avoidance Pre-Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
AeroScout RFID Tag Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Ekahau Tag Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 7
Active Client Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Packet Inspection Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Configuring Wireless Intrusion Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
DoS Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Intrusion Detection and Prevention. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Rogue Access Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Rogue DHCP Server Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Controlling Network Access Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Creating Layer 2/MAC Address Access Control Lists. . . . . . . . . . . . . . . . . . . . . . . . . 130
Creating Layer 3/Layer 4/IP Address Access Control Lists . . . . . . . . . . . . . . . . . . . . . 131
Configuring Device Access Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Configuring Client Isolation White Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Configuring Application Denial Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Configuring User Defined Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Configuring Application Port Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Configuring Precedence Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Blocking Client Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Using an External AAA Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
RADIUS / RADIUS Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
4 Managing a Wireless Local Area Network
Overview of Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
About Ruckus Wireless WLAN Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Creating a WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
General Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
WLAN Usage Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Authentication Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Fast BSS Transition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Encryption Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Creating a New WLAN for Workgroup Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Customizing WLAN Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Reviewing the Initial Security Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Fine-Tuning the Current Security Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Switching to a Different Security Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Using the Built-in EAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
8 Ruckus Wireless, Inc.
Authenticating with an External RADIUS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
If You Change the Internal WLAN to WEP or 802.1X . . . . . . . . . . . . . . . . . . . . . . . . . 196
Working with WLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Creating a WLAN Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Assigning a WLAN Group to an AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Viewing a List of APs That Belong to a WLAN Group . . . . . . . . . . . . . . . . . . . . . . . . . 199
Deploying ZoneDirector WLANs in a VLAN Environment . . . . . . . . . . . . . . . . . . . . . . . . 200
Tagging Management Traffic to a VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
How Dynamic VLAN Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Working with Hotspot Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Creating a Hotspot Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Assigning a WLAN to Provide Hotspot Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Common WISPr Attribute Abbreviations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Creating a Hotspot 2.0 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Create a Service Provider Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Working with Dynamic Pre-Shared Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Enabling Dynamic Pre-Shared Keys on a WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Setting Dynamic Pre-Shared Key Expiration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Generating Multiple Dynamic PSKs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Creating a Batch Dynamic PSK Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Enabling the Bypass Apple CNA Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
5 Managing Access Points
Adding New Access Points to the Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Connecting the APs to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Verifying/Approving New APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Working with Access Point Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Modifying the System Default AP Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Creating a New Access Point Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Modifying Access Point Group Membership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Modifying Model Specific Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Viewing AP Ethernet Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Reviewing Current Access Point Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Using Limited ZD Discovery for N+1 Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Importing a USB Software Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Managing Access Points Individually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Configuring Hotspot 2.0 Venue Settings for an AP . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Optimizing Access Point Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Assessing Current Performance Using the Map View . . . . . . . . . . . . . . . . . . . . . . . . . 258
ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 9
Improving AP RF Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Assessing Current Performance Using the Access Point Table. . . . . . . . . . . . . . . . . . 259
Adjusting AP Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Prioritizing WLAN Traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
6 Monitoring Your Wireless Network
Reviewing the ZoneDirector Monitoring Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Importing a Map View Floorplan Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Importing the Floorplan Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Placing the Access Point Markers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Using the Map View Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
AP Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Evaluating and Optimizing Network Coverage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Moving the APs into More Efficient Positions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Reviewing Current Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Reviewing Recent Network Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Clearing Recent Events/Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Moniting WLAN Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Reviewing Current User Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Viewing Application Usage Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Active Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Inactive Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Events/Activities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Monitoring Individual Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Monitoring Wired Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Monitoring Access Point Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Using the AP Status Overview Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Monitoring Individual APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
RF Pollution FAQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Spectrum Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Neighbor APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Access Point Sensor Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Monitoring Mesh Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Detecting Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Monitoring System Ethernet Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Monitoring AAA Server Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Monitoring Location Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
10 Ruckus Wireless, Inc.
7 Managing User Access
Enabling Automatic User Activation with Zero-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Clients that Support Zero-IT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Self-Provisioning Clients with Zero-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Self-Provisioning Clients without Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Provisioning Clients that Do Not Support Zero-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Adding New User Accounts to ZoneDirector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Internal User Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Managing Current User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Changing an Existing User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Deleting a User Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Creating New User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Role Based Access Control Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Managing Automatically Generated User Certificates and Keys. . . . . . . . . . . . . . . . . . . 310
Using an External Server for User Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Activating Web Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
8 Managing Guest Access
Configuring Guest Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Creating a Guest Access Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Configuring Guest Subnet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Creating a Guest WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Using the BYOD Onboarding Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Working with Guest Passes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Configuring Guest Pass Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Generating and Delivering a Single Guest Pass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Generating and Printing Multiple Guest Passes at Once. . . . . . . . . . . . . . . . . . . . . . . 333
Monitoring Generated Guest Passes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Customizing the Guest Login Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Creating a Custom Guest Pass Printout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Delivering Guest Passes via Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Delivering Guest Passes via SMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
9 Deploying a Smart Mesh Network
Overview of Smart Mesh Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Smart Mesh Networking Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Supported Mesh Topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Standard Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Wireless Bridge Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 11
Hybrid Mesh Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Deploying a Wireless Mesh via ZoneDirector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Step 1: Prepare for Wireless Mesh Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Step 2: Enable Mesh Capability on ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Step 3: Provision and Deploy Mesh Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Step 4: Verify That the Wireless Mesh Network Is Up . . . . . . . . . . . . . . . . . . . . . . . . . 352
Understanding Mesh-related AP Statuses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Using the ZoneFlex LEDs to Determine the Mesh Status. . . . . . . . . . . . . . . . . . . . . . . . 355
On Single-band ZoneFlex APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
On Dual-band ZoneFlex APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Using Action Icons to Configure and Troubleshoot APs in a Mesh . . . . . . . . . . . . . . . . 357
Setting Mesh Uplinks Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Troubleshooting Isolated Mesh APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Understanding Isolated Mesh AP Statuses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Recovering an Isolated Mesh AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Best Practices and Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
10 Setting Administrator Preferences
Changing the ZoneDirector Administrator User Name and Password . . . . . . . . . . . . . . 366
Setting Administrator Login Session Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Changing the Web Interface Display Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Upgrading ZoneDirector and ZoneFlex APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Performing an Upgrade with Smart Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Working with Backup Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Backing Up a Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Restoring Archived Settings to ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Restoring ZoneDirector to Default Factory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Alternate Factory Default Reset Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Working with SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Basic Certificate Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Generating a Certificate Signing Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Importing an SSL Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
SSL Certificate Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Using an External Server for Administrator Authentication . . . . . . . . . . . . . . . . . . . . . . . 383
Upgrading the License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Upgrading the License with Smart Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Support Entitlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
12 Ruckus Wireless, Inc.
11 Troubleshooting
Troubleshooting Failed User Logins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Fixing User Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
If WLAN Connection Problems Persist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Measuring Wireless Network Throughput with SpeedFlex . . . . . . . . . . . . . . . . . . . . . . . 392
Using SpeedFlex in a Multi-Hop Smart Mesh Network . . . . . . . . . . . . . . . . . . . . . . . . 396
Allowing Users to Measure Their Own Wireless Throughput. . . . . . . . . . . . . . . . . . . . 398
Diagnosing Poor Network Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Starting a Radio Frequency Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Using the Ping and Traceroute Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
Generating a Debug File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Viewing Current System and AP Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Packet Capture and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Local Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Streaming Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Importing a Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Enabling Remote Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Restarting an Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Restarting ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
12 Smart Mesh Networking Best Practices
Choosing the Right AP Model for Your Mesh Network . . . . . . . . . . . . . . . . . . . . . . . . . 412
Calculating the Number of APs Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Placement and Layout Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Signal Quality Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Mounting and Orientation of APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Indoor APs - Typical Case: Horizontal Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Indoor APs - Vertical Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Outdoor APs - Typical Horizontal Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Elevation of RAPs and MAPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Best Practice Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Index
ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 13
About This Guide
This User Guide describes how to install, configure and manage the Ruckus
Wireless™ ZoneDirector™ version 9.8.
This guide is intended for use by those responsible for managing Ruckus Wireless
network equipment. Consequently, it assumes a basic working knowledge of local
area networking, wireless networking and wireless devices.
NOTE: If release notes are shipped with your product and the information there
differs from the information in this guide, follow the instructions in the release notes.
Most user guides and release notes are available in Adobe Acrobat Reader Portable
Document Format (PDF) or HTML on the Ruckus Wireless Support website at
https://support.ruckuswireless.com/documents.
NOTE: By downloading this software and subsequently upgrading the
ZoneDirector to version 9.8, please be advised that the ZoneDirector will periodically
connect to Ruckus and Ruckus will collect the ZoneDirector serial number, software
version and build number. Ruckus will transmit a file back to the ZoneDirector and
this will be used to display the current status of the ZoneDirector Support Contract.
Please also be advised that this information may be transferred and stored outside
of your country of residence where data protection standards may be different.
Document Conventions
14 Ruckus Wireless, Inc.
Document Conventions
Tab l e 1 and Table 2 list the text and notice conventions that are used throughout
this guide.
Table 1. Text conventions
Convention Description Example
monospace
Represents information as it
appears on screen
[Device name]>
monospace bold
Represents information that
you enter
[Device name]> set
ipaddr 10.0.0.12
default font bold Keyboard keys, software
buttons, and field names
On the Start menu, click All
Programs.
italics Screen or page names Click Advanced Settings.
The Advanced Settings page
appears.
Table 2. Notice conventions
Notice Type Description
Note
Information that describes important features or
instructions
Caution
Information that alerts you to potential loss of data or
potential damage to an application, system, or device
Warning
Information that alerts you to potential personal injury
Related Documentation
ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 15
Related Documentation
In addition to this User Guide, each ZoneDirector documentation set includes the
following:
Online Help: Provides instructions for performing tasks using the web interface.
The online help is accessible from the web interface and is searchable.
Release Notes: Provide information about the current software release, including
new features, enhancements, and known issues.
Documentation Feedback
Ruckus Wireless is interested in improving its documentation and welcomes your
comments and suggestions. You can email your comments to Ruckus Wireless at:
[email protected]
When contacting us, please include the following information:
Document title
Document part number (on the cover page)
Page number (if appropriate)
For example:
ZoneDirector 9.8 User Guide
Part number: 800-70599-001 Revision B
Page 88
Documentation Feedback
16 Ruckus Wireless, Inc.
ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 17
1
Introducing Ruckus Wireless
ZoneDirector
In this chapter:
Overview of ZoneDirector
ZoneDirector Physical Features
Introduction to the Ruckus Wireless Network
Ensuring That APs Can Communicate with ZoneDirector
Installing ZoneDirector
Accessing ZoneDirector’s Command Line Interface
Using the ZoneDirector Web Interface
Registering Your Product
Overview of ZoneDirector
18 Ruckus Wireless, Inc.
Overview of ZoneDirector
Ruckus Wireless ZoneDirector serves as a central control system for Ruckus
ZoneFlex Access Points (APs). ZoneDirector provides simplified configuration and
updates, wireless LAN security control, RF management, and automatic coordina-
tion of Ethernet-connected and mesh-connected APs.
Using ZoneDirector in combination with Ruckus Wireless ZoneFlex APs allows
deployment of a Smart Mesh network, to extend wireless coverage throughout a
location without having to physically connect each AP to Ethernet. In a Smart Mesh
network, the APs form a wireless mesh topology to route client traffic between any
member of the mesh and the wired network. Meshing significantly reduces the cost
and time requirements of deploying an enterprise-class WLAN, in addition to
providing much greater flexibility in AP placement.
ZoneDirector also integrates network monitoring, sophisticated user access
controls, integrated Wi-Fi client performance tools, highly configurable guest access
features and advanced security features within a single system.
User authentication can be accomplished using an internal user database, or
forwarded to an external Authentication, Authorization and Accounting (AAA) server
such as RADIUS or Active Directory. Once users are authenticated, client traffic is
not required to pass through ZoneDirector, thereby eliminating bottlenecks when
higher speed Wi-Fi technologies are used.
This user guide provides complete instructions for using the Ruckus Wireless web
interface, the wireless network management interface for ZoneDirector. With the
web interface, you can customize and manage all aspects of ZoneDirector and your
ZoneFlex network.
ZoneDirector Physical Features
ZoneDirector 1100
ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 19
ZoneDirector Physical Features
Three models of ZoneDirector are currently available: ZoneDirector 1100, ZoneDi-
rector 3000 and ZoneDirector 5000. This section describes the physical features of
these ZoneDirector models.
ZoneDirector 1100
This section describes the following physical features of ZoneDirector 1100:
Buttons, Ports, and Connectors
Front Panel LEDs
Figure 1. ZoneDirector 1100
Buttons, Ports, and Connectors
Tab l e 1 describes the buttons, ports and connectors on ZoneDirector 1100.
Table 1. ZoneDirector 1100 front panel elements
Label Description
Power Press this button to power on ZoneDirector.
10/100/1000 Ethernet Two auto negotiating 10/100/1000Mbps Ethernet ports. For
information on what the two Ethernet LEDs indicate, refer to
Table 2.
ZoneDirector Physical Features
ZoneDirector 1100
20 Ruckus Wireless, Inc.
Front Panel LEDs
Tab l e 2 describes the LEDs on the front panel of ZoneDirector 1100.
Table 2. ZoneDirector 1100 LED descriptions
Console DB-9 port for accessing the ZoneDirector command line
interface
Reset Use the Reset button to restart ZoneDirector or to reset it to
factory default settings.
To restart ZoneDirector, press the Reset button once for less
than two seconds.
To reset ZoneDirector to factory default settings, press and
hold the Reset button for at least five (5) seconds. For more
information, refer to Alternate Factory Default Reset Method.
WARNING: Resetting ZoneDirector to factory default settings
will erase all configuration changes that you made, except for
AP licenses and SSL certificates.
LED Label State Meaning
Power (embedded on
the Power button)
Solid Green ZoneDirector is receiving power.
Off ZoneDirector is NOT receiving power. If
the power cable or adapter is connected
to a power source, verify that the power
cable is connected properly to the
power jack on the rear panel of
ZoneDirector.
Status Solid Green Normal state.
Flashing Green ZoneDirector has not yet been
configured. Log into the web interface,
and then configure ZoneDirector using
the setup wizard.
Red ZoneDirector has shut down (but is still
connected to a power source).
Flashing Red ZoneDirector is starting up or shutting
down.
Label Description
/