2. Computers & electronics
  3. Software
  4. Ruckus Wireless
  5. ZoneDirector 3000
ZoneDirector 3000

Ruckus Wireless ZoneDirector 3000, ZoneDirector 1200, ZoneDirector 5000 User manual

  • Hello! I am an AI chatbot trained to assist you with the Ruckus Wireless ZoneDirector 3000 User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Ruckus Wireless
ZoneDirector
Release 9.12.1 User Guide
Part Number 800-71016-001 Rev A
Published September 2015
www.ruckuswireless.com
ZoneDirector 9.12.1 User Guide, 800-71016-001 Rev A 3
Copyright Notice and Proprietary
Information
Copyright 2015. Ruckus Wireless, Inc. All rights reserved.
No part of this documentation may be used, reproduced, transmitted, or translated, in any form or by any means,
electronic, mechanical, manual, optical, or otherwise, without prior written permission of Ruckus Wireless, Inc.
(“Ruckus”), or as expressly provided by under license from Ruckus.
Destination Control Statement
Technical data contained in this publication may be subject to the export control laws of the United States of America.
Disclosure to nationals of other countries contrary to United States law is prohibited. It is the reader’s responsibility to
determine the applicable regulations and to comply with them.
Disclaimer
THIS DOCUMENTATION AND ALL INFORMATION CONTAINED HEREIN (“MATERIAL”) IS PROVIDED FOR GENERAL
INFORMATION PURPOSES ONLY. RUCKUS AND ITS LICENSORS MAKE NO WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, WITH REGARD TO THE MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR THAT THE
MATERIAL IS ERROR-FREE, ACCURATE OR RELIABLE. RUCKUS RESERVES THE RIGHT TO MAKE CHANGES OR
UPDATES TO THE MATERIAL AT ANY TIME.
Limitation of Liability
IN NO EVENT SHALL RUCKUS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUEN-
TIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY YOU OR ANY
THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE
OF, THE MATERIAL.
Trademarks
Ruckus Wireless, Ruckus, the bark logo, ZoneFlex, FlexMaster, ZoneDirector, SmartMesh, Channelfly, Smartcell,
Dynamic PSK, and Simply Better Wireless are trademarks of Ruckus Wireless, Inc. in the United States and other
countries. All other product or company names may be trademarks of their respective owners.
4 Ruckus Wireless, Inc.
ZoneDirector 9.12.1 User Guide, 800-71016-001 Rev A 5
Contents
Copyright Notice and Proprietary Information
About This Guide
Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Documentation Feedback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Online Training Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1 Introducing Ruckus Wireless ZoneDirector
Overview of ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
ZoneDirector Physical Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
ZoneDirector 1200. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
ZoneDirector 3000. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
ZoneDirector 5000. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Introduction to the Ruckus Wireless Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Ensuring That APs Can Communicate with ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . 32
How APs Discover ZoneDirector on the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
How to Ensure that APs Can Discover ZoneDirector on the Network . . . . . . . . . . . . . . 34
Firewall Ports that Must be Open for ZoneDirector Communications . . . . . . . . . . . . . . 41
Installing ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Accessing ZoneDirector’s Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Using the ZoneDirector Web Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Navigating the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Using Indicator Widgets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Real Time Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Stopping and Starting Auto Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Registering Your Product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
2 Configuring System Settings
System Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Changing the System Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Changing the Network Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
IPv6 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6 Ruckus Wireless, Inc.
Enabling an Additional Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Creating Static Route Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Static Route Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Enabling Smart Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Configuring ZoneDirector for Smart Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Forcing Failover to the Backup ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Managing Smart Redundancy AP License Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Configuring the Built-in DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Enabling the Built-in DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Viewing DHCP Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Controlling ZoneDirector Management Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Setting the System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Setting the Country Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Channel Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Channel Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Changing the System Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Reviewing the Current Log Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Customizing the Current Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Setting Up Email Alarm Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Customizing Email Alarms that ZoneDirector Sends . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Configuring SMS Settings for Guest Pass Delivery via SMS . . . . . . . . . . . . . . . . . . . . . . 89
Enabling Login Warning Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Enabling Network Management Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Enabling Management via FlexMaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Enabling Northbound Portal Interface Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Configuring SNMP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Enabling Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Configuring DHCP Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Enabling Bonjour Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Creating a Bonjour Gateway Rule - ZD Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Creating a Bonjour Gateway Rule - AP Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Applying a Bonjour Policy to an AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Example Network Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Configuring SPoT Location Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
3 Configuring Security and Other Services
Configuring Self Healing Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Automatically Adjust AP Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Automatic Channel Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
ZoneDirector 9.12.1 User Guide, 800-71016-001 Rev A 7
Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Band Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Radar Avoidance Pre-Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
AeroScout RFID Tag Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Ekahau Tag Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Active Client Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Packet Inspection Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Ethernet Port Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Configuring Wireless Intrusion Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
DoS Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Intrusion Detection and Prevention. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Rogue Access Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Rogue DHCP Server Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Controlling Network Access Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Creating Layer 2/MAC Address Access Control Lists. . . . . . . . . . . . . . . . . . . . . . . . . 139
Creating Layer 3/Layer 4/IP Address Access Control Lists . . . . . . . . . . . . . . . . . . . . . 140
Configuring Device Access Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Configuring Precedence Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Blocking Client Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Configuring Client Isolation White Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Application Recognition and Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Using an External AAA Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
RADIUS / RADIUS Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
4 Managing a Wireless Local Area Network
Overview of Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
About Ruckus Wireless WLAN Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Creating a WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
General Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
WLAN Usage Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Authentication Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Fast BSS Transition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Encryption Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Creating a Copy of an Existing WLAN for Workgroup Use. . . . . . . . . . . . . . . . . . . . . . . 204
Customizing WLAN Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
8 Ruckus Wireless, Inc.
Reviewing the Initial Security Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Fine-Tuning the Current Security Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Switching to a Different Security Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Using the Built-in EAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Authenticating with an External RADIUS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
If You Change the Internal WLAN to WEP or 802.1X . . . . . . . . . . . . . . . . . . . . . . . . . 208
Working with WLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Creating a WLAN Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Assigning a WLAN Group to an AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Viewing a List of APs That Belong to a WLAN Group . . . . . . . . . . . . . . . . . . . . . . . . . 212
Deploying ZoneDirector WLANs in a VLAN Environment . . . . . . . . . . . . . . . . . . . . . . . . 213
Tagging Management Traffic to a VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
How Dynamic VLAN Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Working with VLAN Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Working with Hotspot Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Creating a Hotspot Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Assigning a WLAN to Provide Hotspot Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Common WISPr Attribute Abbreviations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Creating a Hotspot 2.0 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Create a Service Provider Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Working with Dynamic Pre-Shared Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Enabling Dynamic Pre-Shared Keys on a WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Setting Dynamic Pre-Shared Key Expiration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Generating Multiple Dynamic PSKs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Creating a Batch Dynamic PSK Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Bypass Apple CNA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
5 Managing Access Points
Adding New Access Points to the Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Connecting the APs to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Verifying/Approving New APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Working with Access Point Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Modifying the System Default AP Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Creating a New Access Point Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Modifying Access Point Group Membership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Modifying Model Specific Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Configuring AP Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Viewing AP Ethernet Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Reviewing Current Access Point Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
ZoneDirector 9.12.1 User Guide, 800-71016-001 Rev A 9
Using Limited ZD Discovery for N+1 Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Importing a USB Software Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Managing Access Points Individually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Configuring Hotspot 2.0 Venue Settings for an AP . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Optimizing Access Point Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Assessing Current Performance Using the Map View . . . . . . . . . . . . . . . . . . . . . . . . . 277
Improving AP RF Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Assessing Current Performance Using the Access Point Table. . . . . . . . . . . . . . . . . . 278
Adjusting AP Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Prioritizing WLAN Traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
6 Monitoring Your Wireless Network
Reviewing the ZoneDirector Monitoring Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Importing a Map View Floorplan Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Importing the Floorplan Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Placing the Access Point Markers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Using the Map View Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
AP Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Evaluating and Optimizing Network Coverage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Moving the APs into More Efficient Positions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Reviewing Current Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Reviewing Recent Network Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Clearing Recent Events/Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Moniting WLAN Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Reviewing Current User Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Viewing Application Usage Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Active Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Inactive Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Events/Activities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Monitoring Individual Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Monitoring Client Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Monitoring Wired Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Monitoring Access Point Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Using the AP Status Overview Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Monitoring Individual APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
RF Pollution FAQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Spectrum Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Neighbor APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
10 Ruckus Wireless, Inc.
Access Point Sensor Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Monitoring Mesh Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Detecting Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Monitoring System Ethernet Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Monitoring AAA Server Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Monitoring Location Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
7 Managing User Access
Enabling Automatic User Activation with Zero-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Clients that Support Zero-IT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Self-Provisioning Clients with Zero-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Self-Provisioning Clients without Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Provisioning Clients that Do Not Support Zero-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Adding New User Accounts to ZoneDirector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Internal User Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Managing Current User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Changing an Existing User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Deleting a User Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Creating New User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Role Based Access Control Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Managing Automatically Generated User Certificates and Keys. . . . . . . . . . . . . . . . . . . 332
Using an External Server for User Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Activating Web Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Captive Portal Redirect on Initial Browser HTTPS Request. . . . . . . . . . . . . . . . . . . . . 336
8 Managing Guest Access
Configuring Guest Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Creating a Guest Access Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Using Guest Pass Self-Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Configuring Guest Subnet Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Creating a Guest WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Using the BYOD Onboarding Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Working with Guest Passes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Configuring Guest Pass Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Generating and Delivering a Single Guest Pass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Generating and Printing Multiple Guest Passes at Once. . . . . . . . . . . . . . . . . . . . . . . 367
Monitoring Generated Guest Passes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Customizing the Guest Login Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Creating a Custom Guest Pass Printout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
ZoneDirector 9.12.1 User Guide, 800-71016-001 Rev A 11
Delivering Guest Passes via Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Delivering Guest Passes via SMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
9 Deploying a Smart Mesh Network
Overview of Smart Mesh Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Smart Mesh Networking Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Supported Mesh Topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Standard Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Wireless Bridge Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Hybrid Mesh Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Deploying a Wireless Mesh via ZoneDirector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Step 1: Prepare for Wireless Mesh Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Step 2: Enable Mesh Capability on ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Step 3: Provision and Deploy Mesh Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Step 4: Verify That the Wireless Mesh Network Is Up . . . . . . . . . . . . . . . . . . . . . . . . . 386
Understanding Mesh-related AP Statuses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Using the ZoneFlex LEDs to Determine the Mesh Status. . . . . . . . . . . . . . . . . . . . . . . . 389
On Single-band ZoneFlex APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
On Dual-band ZoneFlex APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Using Action Icons to Configure and Troubleshoot APs in a Mesh . . . . . . . . . . . . . . . . 391
Setting Mesh Uplinks Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Troubleshooting Isolated Mesh APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Understanding Isolated Mesh AP Statuses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Recovering an Isolated Mesh AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Best Practices and Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
10 Setting Administrator Preferences
Changing the ZoneDirector Administrator User Name and Password . . . . . . . . . . . . . . 400
Setting Administrator Login Session Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Changing the Web Interface Display Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Upgrading ZoneDirector and ZoneFlex APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Performing an Upgrade with Smart Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Working with Backup Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Backing Up a Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Restoring Archived Settings to ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Restoring ZoneDirector to Default Factory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Alternate Factory Default Reset Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Working with SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Basic Certificate Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
12 Ruckus Wireless, Inc.
Generating a Certificate Signing Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Importing an SSL Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
SSL Certificate Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Using an External Server for Administrator Authentication . . . . . . . . . . . . . . . . . . . . . . . 418
Upgrading the License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Support Entitlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
11 Troubleshooting
Troubleshooting Failed User Logins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
Fixing User Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
If WLAN Connection Problems Persist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Measuring Wireless Network Throughput with SpeedFlex . . . . . . . . . . . . . . . . . . . . . . . 426
Using SpeedFlex in a Multi-Hop Smart Mesh Network . . . . . . . . . . . . . . . . . . . . . . . . 430
Allowing Users to Measure Their Own Wireless Throughput. . . . . . . . . . . . . . . . . . . . 432
Diagnosing Poor Network Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Starting a Radio Frequency Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Using the Ping and Traceroute Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Generating a Debug File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Viewing Current System and AP Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Packet Capture and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Local Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Streaming Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Importing a Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Enabling Remote Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Restarting an Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Restarting ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
12 Smart Mesh Networking Best Practices
Choosing the Right AP Model for Your Mesh Network . . . . . . . . . . . . . . . . . . . . . . . . . 446
Calculating the Number of APs Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Placement and Layout Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
Signal Quality Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
Mounting and Orientation of APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Indoor APs - Typical Case: Horizontal Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Indoor APs - Vertical Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
Outdoor APs - Typical Horizontal Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Elevation of RAPs and MAPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Best Practice Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
ZoneDirector 9.12.1 User Guide, 800-71016-001 Rev A 13
Appendix: Zone 2 APs
Index
14 Ruckus Wireless, Inc.
ZoneDirector 9.12.1 User Guide, 800-71016-001 Rev A 15
About This Guide
This User Guide describes how to install, configure and manage the Ruckus
Wireless™ ZoneDirector™ version 9.12.1.
This guide is intended for use by those responsible for managing Ruckus Wireless
network equipment. Consequently, it assumes a basic working knowledge of local
area networking, wireless networking and wireless devices.
NOTE: If release notes are shipped with your product and the information there
differs from the information in this guide, follow the instructions in the release notes.
Most user guides and release notes are available in Adobe Acrobat Reader Portable
Document Format (PDF) or HTML on the Ruckus Wireless Support website at
https://support.ruckuswireless.com/documents.
NOTE: By downloading this software and subsequently upgrading the
ZoneDirector to version 9.12.1, please be advised that the ZoneDirector will
periodically connect to Ruckus and Ruckus will collect the ZoneDirector serial
number, software version and build number. Ruckus will transmit a file back to the
ZoneDirector and this will be used to display the current status of the ZoneDirector
Support Contract. Please also be advised that this information may be transferred
and stored outside of your country of residence where data protection standards
may be different.
Document Conventions
16 Ruckus Wireless, Inc.
Document Conventions
Tab l e 1 and Table 2 list the text and notice conventions that are used throughout
this guide.
Table 1. Text conventions
Convention Description Example
monospace
Represents information as it
appears on screen
[Device name]>
monospace bold
Represents information that
you enter
[Device name]> set
ipaddr 10.0.0.12
default font bold Keyboard keys, software
buttons, and field names
On the Start menu, click All
Programs.
italics Screen or page names Click Advanced Settings.
The Advanced Settings page
appears.
Table 2. Notice conventions
Notice Type Description
Note
Information that describes important features or
instructions
Caution
Information that alerts you to potential loss of data or
potential damage to an application, system, or device
Warning
Information that alerts you to potential personal injury
Related Documentation
ZoneDirector 9.12.1 User Guide, 800-71016-001 Rev A 17
Related Documentation
In addition to this User Guide, each ZoneDirector documentation set includes the
following:
Online Help: Provides instructions for performing tasks using the web interface.
The online help is accessible from the web interface and is searchable.
Release Notes: Provide information about the current software release, including
new features, enhancements, and known issues.
Documentation Feedback
Ruckus Wireless is interested in improving its documentation and welcomes your
comments and suggestions. You can email your comments to Ruckus Wireless at:
[email protected]
When contacting us, please include the following information:
Document title
Document part number (on the cover page)
Page number (if appropriate)
For example:
ZoneDirector 9.12.1 User Guide
Part number: 800-71016-001 Revision A
Page 88
Online Training Resources
To access a variety of online Ruckus Wireless training modules, including free
introductory courses to wireless networking essentials, site surveys, and Ruckus
Wireless products, visit the Ruckus Wireless Training Portal at:
https://training.ruckuswireless.com
Online Training Resources
18 Ruckus Wireless, Inc.
ZoneDirector 9.12.1 User Guide, 800-71016-001 Rev A 19
1
Introducing Ruckus Wireless
ZoneDirector
In this chapter:
Overview of ZoneDirector
ZoneDirector Physical Features
Introduction to the Ruckus Wireless Network
Ensuring That APs Can Communicate with ZoneDirector
Installing ZoneDirector
Accessing ZoneDirector’s Command Line Interface
Using the ZoneDirector Web Interface
Registering Your Product
Overview of ZoneDirector
20 Ruckus Wireless, Inc.
Overview of ZoneDirector
Ruckus Wireless ZoneDirector serves as a central control system for Ruckus
ZoneFlex Access Points (APs). ZoneDirector provides simplified configuration and
updates, wireless LAN security control, RF management, and automatic coordina-
tion of Ethernet-connected and mesh-connected APs.
Using ZoneDirector in combination with Ruckus Wireless ZoneFlex APs allows
deployment of a Smart Mesh network, to extend wireless coverage throughout a
location without having to physically connect each AP to Ethernet. In a Smart Mesh
network, the APs form a wireless mesh topology to route client traffic between any
member of the mesh and the wired network. Meshing significantly reduces the cost
and time requirements of deploying an enterprise-class WLAN, in addition to
providing much greater flexibility in AP placement.
ZoneDirector also integrates network monitoring, sophisticated user access
controls, integrated Wi-Fi client performance tools, highly configurable guest access
features and advanced security features within a single system.
User authentication can be accomplished using an internal user database, or
forwarded to an external Authentication, Authorization and Accounting (AAA) server
such as RADIUS or Active Directory. Once users are authenticated, client traffic is
not required to pass through ZoneDirector, thereby eliminating bottlenecks when
higher speed Wi-Fi technologies, such as 802.11ac, are used.
This user guide provides complete instructions for using the Ruckus Wireless web
interface, the wireless network management interface for ZoneDirector. With the
web interface, you can customize and manage all aspects of ZoneDirector and your
ZoneFlex network.
/