Ruckus Wireless ZoneDirector 5000 User manual

Ruckus Wireless

™

ZoneDirector

™

Release 9.8 User Guide

Part Number 800-70599-001 Rev B

Published July 2014

www.ruckuswireless.com

ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 3

Copyright Notice and Proprietary

Information

No part of this documentation may be reproduced, transmitted, or translated, in any form or by any means, electronic,

mechanical, manual, optical, or otherwise, without prior written permission of Ruckus Wireless, Inc. (“Ruckus”), or as

expressly provided by under license from Ruckus.

Destination Control Statement

Technical data contained in this publication may be subject to the export control laws of the United States of America.

Disclosure to nationals of other countries contrary to United States law is prohibited. It is the reader’s responsibility to

determine the applicable regulations and to comply with them.

Disclaimer

THIS DOCUMENTATION AND ALL INFORMATION CONTAINED HEREIN (“MATERIAL”) IS PROVIDED FOR GENERAL

INFORMATION PURPOSES ONLY. RUCKUS AND ITS LICENSORS MAKE NO WARRANTY OF ANY KIND, EXPRESS

OR IMPLIED, WITH REGARD TO THE MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR THAT THE

MATERIAL IS ERROR-FREE, ACCURATE OR RELIABLE. RUCKUS RESERVES THE RIGHT TO MAKE CHANGES OR

UPDATES TO THE MATERIAL AT ANY TIME.

Limitation of Liability

IN NO EVENT SHALL RUCKUS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUEN-

TIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY YOU OR ANY

THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE

OF, THE MATERIAL.

Trademarks

Ruckus Wireless, Ruckus, the bark logo, ZoneFlex, FlexMaster, ZoneDirector, SmartMesh, Channelfly, Smartcell,

Dynamic PSK, and Simply Better Wireless are trademarks of Ruckus Wireless, Inc. in the United States and other

countries. All other product or company names may be trademarks of their respective owners.

4 Ruckus Wireless, Inc.

ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 5

Contents

Copyright Notice and Proprietary Information

About This Guide

Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Documentation Feedback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1 Introducing Ruckus Wireless ZoneDirector

Overview of ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

ZoneDirector Physical Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

ZoneDirector 1100. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

ZoneDirector 3000. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

ZoneDirector 5000. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Introduction to the Ruckus Wireless Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Ensuring That APs Can Communicate with ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . 30

How APs Discover ZoneDirector on the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

How to Ensure that APs Can Discover ZoneDirector on the Network . . . . . . . . . . . . . . 32

Firewall Ports that Must be Open for ZoneDirector Communications . . . . . . . . . . . . . . 39

Installing ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Accessing ZoneDirector’s Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Using the ZoneDirector Web Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Navigating the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Using Indicator Widgets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Real Time Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Stopping and Starting Auto Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Registering Your Product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

2 Configuring System Settings

System Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Changing the System Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Changing the Network Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

IPv6 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Enabling an Additional Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

6 Ruckus Wireless, Inc.

Creating Static Route Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Static Route Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Enabling Smart Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Configuring ZoneDirector for Smart Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Forcing Failover to the Backup ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Configuring the Built-in DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Enabling the Built-in DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Viewing DHCP Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Controlling ZoneDirector Management Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Setting the System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Setting the Country Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Channel Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Channel Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Changing the System Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Reviewing the Current Log Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Customizing the Current Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Setting Up Email Alarm Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Customizing Email Alarms that ZoneDirector Sends . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Configuring SMS Settings for Guest Pass Delivery via SMS . . . . . . . . . . . . . . . . . . . . . . 86

Enabling Network Management Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Enabling Management via FlexMaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Enabling Northbound Portal Interface Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Configuring SNMP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Configuring DHCP Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Enabling Bonjour Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Creating a Bonjour Gateway Rule - ZD Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Creating a Bonjour Gateway Rule - AP Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Applying a Bonjour Policy to an AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Example Network Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

3 Configuring Security and Other Services

Configuring Self Healing Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Automatically Adjust AP Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Automatic Channel Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Band Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Radar Avoidance Pre-Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

AeroScout RFID Tag Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Ekahau Tag Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 7

Active Client Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Packet Inspection Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Configuring Wireless Intrusion Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

DoS Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Intrusion Detection and Prevention. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Rogue Access Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Rogue DHCP Server Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Controlling Network Access Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Creating Layer 2/MAC Address Access Control Lists. . . . . . . . . . . . . . . . . . . . . . . . . 130

Creating Layer 3/Layer 4/IP Address Access Control Lists . . . . . . . . . . . . . . . . . . . . . 131

Configuring Device Access Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Configuring Client Isolation White Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Configuring Application Denial Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Configuring User Defined Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Configuring Application Port Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Configuring Precedence Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Blocking Client Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Using an External AAA Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

RADIUS / RADIUS Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

4 Managing a Wireless Local Area Network

Overview of Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

About Ruckus Wireless WLAN Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Creating a WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

General Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

WLAN Usage Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Authentication Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Fast BSS Transition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Encryption Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Creating a New WLAN for Workgroup Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Customizing WLAN Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Reviewing the Initial Security Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Fine-Tuning the Current Security Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Switching to a Different Security Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Using the Built-in EAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

8 Ruckus Wireless, Inc.

Authenticating with an External RADIUS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

If You Change the Internal WLAN to WEP or 802.1X . . . . . . . . . . . . . . . . . . . . . . . . . 196

Working with WLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Creating a WLAN Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Assigning a WLAN Group to an AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Viewing a List of APs That Belong to a WLAN Group . . . . . . . . . . . . . . . . . . . . . . . . . 199

Deploying ZoneDirector WLANs in a VLAN Environment . . . . . . . . . . . . . . . . . . . . . . . . 200

Tagging Management Traffic to a VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

How Dynamic VLAN Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Working with Hotspot Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Creating a Hotspot Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Assigning a WLAN to Provide Hotspot Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Common WISPr Attribute Abbreviations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Creating a Hotspot 2.0 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Create a Service Provider Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Working with Dynamic Pre-Shared Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Enabling Dynamic Pre-Shared Keys on a WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Setting Dynamic Pre-Shared Key Expiration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Generating Multiple Dynamic PSKs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Creating a Batch Dynamic PSK Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

Enabling the Bypass Apple CNA Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

5 Managing Access Points

Adding New Access Points to the Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Connecting the APs to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Verifying/Approving New APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Working with Access Point Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Modifying the System Default AP Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Creating a New Access Point Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Modifying Access Point Group Membership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Modifying Model Specific Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Viewing AP Ethernet Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Reviewing Current Access Point Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Using Limited ZD Discovery for N+1 Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Importing a USB Software Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Managing Access Points Individually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Configuring Hotspot 2.0 Venue Settings for an AP . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Optimizing Access Point Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Assessing Current Performance Using the Map View . . . . . . . . . . . . . . . . . . . . . . . . . 258

ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 9

Improving AP RF Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Assessing Current Performance Using the Access Point Table. . . . . . . . . . . . . . . . . . 259

Adjusting AP Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Prioritizing WLAN Traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

6 Monitoring Your Wireless Network

Reviewing the ZoneDirector Monitoring Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Importing a Map View Floorplan Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Importing the Floorplan Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Placing the Access Point Markers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Using the Map View Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

AP Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Evaluating and Optimizing Network Coverage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Moving the APs into More Efficient Positions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Reviewing Current Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Reviewing Recent Network Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Clearing Recent Events/Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

Moniting WLAN Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

Reviewing Current User Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Viewing Application Usage Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Active Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Inactive Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Events/Activities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Monitoring Individual Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Monitoring Wired Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Monitoring Access Point Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Using the AP Status Overview Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Monitoring Individual APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

RF Pollution FAQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Spectrum Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

Neighbor APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Access Point Sensor Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Monitoring Mesh Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Detecting Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Monitoring System Ethernet Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Monitoring AAA Server Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Monitoring Location Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

10 Ruckus Wireless, Inc.

7 Managing User Access

Enabling Automatic User Activation with Zero-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Clients that Support Zero-IT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Self-Provisioning Clients with Zero-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Self-Provisioning Clients without Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

Provisioning Clients that Do Not Support Zero-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

Adding New User Accounts to ZoneDirector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

Internal User Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Managing Current User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Changing an Existing User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Deleting a User Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

Creating New User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

Role Based Access Control Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Managing Automatically Generated User Certificates and Keys. . . . . . . . . . . . . . . . . . . 310

Using an External Server for User Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Activating Web Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

8 Managing Guest Access

Configuring Guest Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

Creating a Guest Access Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

Configuring Guest Subnet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

Creating a Guest WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Using the BYOD Onboarding Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

Working with Guest Passes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Configuring Guest Pass Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Generating and Delivering a Single Guest Pass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

Generating and Printing Multiple Guest Passes at Once. . . . . . . . . . . . . . . . . . . . . . . 333

Monitoring Generated Guest Passes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Customizing the Guest Login Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

Creating a Custom Guest Pass Printout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Delivering Guest Passes via Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Delivering Guest Passes via SMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

9 Deploying a Smart Mesh Network

Overview of Smart Mesh Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344

Smart Mesh Networking Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344

Supported Mesh Topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

Standard Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

Wireless Bridge Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346

ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 11

Hybrid Mesh Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

Deploying a Wireless Mesh via ZoneDirector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348

Step 1: Prepare for Wireless Mesh Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

Step 2: Enable Mesh Capability on ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

Step 3: Provision and Deploy Mesh Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Step 4: Verify That the Wireless Mesh Network Is Up . . . . . . . . . . . . . . . . . . . . . . . . . 352

Understanding Mesh-related AP Statuses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

Using the ZoneFlex LEDs to Determine the Mesh Status. . . . . . . . . . . . . . . . . . . . . . . . 355

On Single-band ZoneFlex APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

On Dual-band ZoneFlex APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Using Action Icons to Configure and Troubleshoot APs in a Mesh . . . . . . . . . . . . . . . . 357

Setting Mesh Uplinks Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Troubleshooting Isolated Mesh APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

Understanding Isolated Mesh AP Statuses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

Recovering an Isolated Mesh AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Best Practices and Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

10 Setting Administrator Preferences

Changing the ZoneDirector Administrator User Name and Password . . . . . . . . . . . . . . 366

Setting Administrator Login Session Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Changing the Web Interface Display Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Upgrading ZoneDirector and ZoneFlex APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

Performing an Upgrade with Smart Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

Working with Backup Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Backing Up a Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Restoring Archived Settings to ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Restoring ZoneDirector to Default Factory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Alternate Factory Default Reset Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

Working with SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Basic Certificate Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Generating a Certificate Signing Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Importing an SSL Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

SSL Certificate Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381

Using an External Server for Administrator Authentication . . . . . . . . . . . . . . . . . . . . . . . 383

Upgrading the License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Upgrading the License with Smart Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

Support Entitlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

12 Ruckus Wireless, Inc.

11 Troubleshooting

Troubleshooting Failed User Logins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

Fixing User Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391

If WLAN Connection Problems Persist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392

Measuring Wireless Network Throughput with SpeedFlex . . . . . . . . . . . . . . . . . . . . . . . 392

Using SpeedFlex in a Multi-Hop Smart Mesh Network . . . . . . . . . . . . . . . . . . . . . . . . 396

Allowing Users to Measure Their Own Wireless Throughput. . . . . . . . . . . . . . . . . . . . 398

Diagnosing Poor Network Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399

Starting a Radio Frequency Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399

Using the Ping and Traceroute Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400

Generating a Debug File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402

Viewing Current System and AP Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402

Packet Capture and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404

Local Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

Streaming Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

Importing a Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

Enabling Remote Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

Restarting an Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

Restarting ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

12 Smart Mesh Networking Best Practices

Choosing the Right AP Model for Your Mesh Network . . . . . . . . . . . . . . . . . . . . . . . . . 412

Calculating the Number of APs Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

Placement and Layout Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

Signal Quality Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414

Mounting and Orientation of APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

Indoor APs - Typical Case: Horizontal Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

Indoor APs - Vertical Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Outdoor APs - Typical Horizontal Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Elevation of RAPs and MAPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Best Practice Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

Index

ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 13

About This Guide

This User Guide describes how to install, configure and manage the Ruckus

Wireless™ ZoneDirector™ version 9.8.

This guide is intended for use by those responsible for managing Ruckus Wireless

network equipment. Consequently, it assumes a basic working knowledge of local

area networking, wireless networking and wireless devices.

NOTE: If release notes are shipped with your product and the information there

differs from the information in this guide, follow the instructions in the release notes.

Most user guides and release notes are available in Adobe Acrobat Reader Portable

Document Format (PDF) or HTML on the Ruckus Wireless Support website at

https://support.ruckuswireless.com/documents.

NOTE: By downloading this software and subsequently upgrading the

ZoneDirector to version 9.8, please be advised that the ZoneDirector will periodically

connect to Ruckus and Ruckus will collect the ZoneDirector serial number, software

version and build number. Ruckus will transmit a file back to the ZoneDirector and

this will be used to display the current status of the ZoneDirector Support Contract.

Please also be advised that this information may be transferred and stored outside

of your country of residence where data protection standards may be different.

Document Conventions

14 Ruckus Wireless, Inc.

Document Conventions

Tab l e 1 and Table 2 list the text and notice conventions that are used throughout

this guide.

Table 1. Text conventions

Convention Description Example

monospace

Represents information as it

appears on screen

[Device name]>

monospace bold

Represents information that

you enter

[Device name]> set

ipaddr 10.0.0.12

default font bold Keyboard keys, software

buttons, and field names

On the Start menu, click All

Programs.

italics Screen or page names Click Advanced Settings.

The Advanced Settings page

appears.

Table 2. Notice conventions

Notice Type Description

Note

Information that describes important features or

instructions

Caution

Information that alerts you to potential loss of data or

potential damage to an application, system, or device

Warning

Information that alerts you to potential personal injury

Related Documentation

In addition to this User Guide, each ZoneDirector documentation set includes the

following:

• Online Help: Provides instructions for performing tasks using the web interface.

The online help is accessible from the web interface and is searchable.

• Release Notes: Provide information about the current software release, including

new features, enhancements, and known issues.

Documentation Feedback

Ruckus Wireless is interested in improving its documentation and welcomes your

comments and suggestions. You can email your comments to Ruckus Wireless at:

[email protected]

When contacting us, please include the following information:

• Document title

• Document part number (on the cover page)

• Page number (if appropriate)

For example:

• ZoneDirector 9.8 User Guide

• Part number: 800-70599-001 Revision B

• Page 88

Documentation Feedback

16 Ruckus Wireless, Inc.

ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 17

1

Introducing Ruckus Wireless

ZoneDirector

In this chapter:

• Overview of ZoneDirector

• ZoneDirector Physical Features

• Introduction to the Ruckus Wireless Network

• Ensuring That APs Can Communicate with ZoneDirector

• Installing ZoneDirector

• Accessing ZoneDirector’s Command Line Interface

• Using the ZoneDirector Web Interface

• Registering Your Product

Overview of ZoneDirector

18 Ruckus Wireless, Inc.

Overview of ZoneDirector

Ruckus Wireless ZoneDirector serves as a central control system for Ruckus

ZoneFlex Access Points (APs). ZoneDirector provides simplified configuration and

updates, wireless LAN security control, RF management, and automatic coordina-

tion of Ethernet-connected and mesh-connected APs.

Using ZoneDirector in combination with Ruckus Wireless ZoneFlex APs allows

deployment of a Smart Mesh network, to extend wireless coverage throughout a

location without having to physically connect each AP to Ethernet. In a Smart Mesh

network, the APs form a wireless mesh topology to route client traffic between any

member of the mesh and the wired network. Meshing significantly reduces the cost

and time requirements of deploying an enterprise-class WLAN, in addition to

providing much greater flexibility in AP placement.

ZoneDirector also integrates network monitoring, sophisticated user access

controls, integrated Wi-Fi client performance tools, highly configurable guest access

features and advanced security features within a single system.

User authentication can be accomplished using an internal user database, or

forwarded to an external Authentication, Authorization and Accounting (AAA) server

such as RADIUS or Active Directory. Once users are authenticated, client traffic is

not required to pass through ZoneDirector, thereby eliminating bottlenecks when

higher speed Wi-Fi technologies are used.

This user guide provides complete instructions for using the Ruckus Wireless web

interface, the wireless network management interface for ZoneDirector. With the

web interface, you can customize and manage all aspects of ZoneDirector and your

ZoneFlex network.

ZoneDirector Physical Features

ZoneDirector 1100

ZoneDirector 9.8 User Guide, 800-70599-001 Rev B 19

ZoneDirector Physical Features

Three models of ZoneDirector are currently available: ZoneDirector 1100, ZoneDi-

rector 3000 and ZoneDirector 5000. This section describes the physical features of

these ZoneDirector models.

ZoneDirector 1100

This section describes the following physical features of ZoneDirector 1100:

• Buttons, Ports, and Connectors

• Front Panel LEDs

Figure 1. ZoneDirector 1100

Buttons, Ports, and Connectors

Tab l e 1 describes the buttons, ports and connectors on ZoneDirector 1100.

Table 1. ZoneDirector 1100 front panel elements

Label Description

Power Press this button to power on ZoneDirector.

10/100/1000 Ethernet Two auto negotiating 10/100/1000Mbps Ethernet ports. For

information on what the two Ethernet LEDs indicate, refer to

Table 2.

ZoneDirector Physical Features

ZoneDirector 1100

20 Ruckus Wireless, Inc.

Front Panel LEDs

Tab l e 2 describes the LEDs on the front panel of ZoneDirector 1100.

Table 2. ZoneDirector 1100 LED descriptions

Console DB-9 port for accessing the ZoneDirector command line

interface

Reset Use the Reset button to restart ZoneDirector or to reset it to

factory default settings.

To restart ZoneDirector, press the Reset button once for less

than two seconds.

To reset ZoneDirector to factory default settings, press and

hold the Reset button for at least five (5) seconds. For more

information, refer to Alternate Factory Default Reset Method.

WARNING: Resetting ZoneDirector to factory default settings

will erase all configuration changes that you made, except for

AP licenses and SSL certificates.

LED Label State Meaning

Power (embedded on

the Power button)

Solid Green ZoneDirector is receiving power.

Off ZoneDirector is NOT receiving power. If

the power cable or adapter is connected

to a power source, verify that the power

cable is connected properly to the

power jack on the rear panel of

ZoneDirector.

Status Solid Green Normal state.

Flashing Green ZoneDirector has not yet been

configured. Log into the web interface,

and then configure ZoneDirector using

the setup wizard.

Red ZoneDirector has shut down (but is still

connected to a power source).

Flashing Red ZoneDirector is starting up or shutting

down.

Label Description

Page is loading ...

Ruckus Wireless ZoneDirector 5000 User manual

This manual is also suitable for

Ruckus Wireless ZoneDirector 5000 User manual

Related papers

Other documents