+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Wireless Networks Thread, New wireless network due to be finalised soon - need help/a few pointers (Meru or Ruc in Technical; Hi, I will apologise for my naivety now before I start as the whole wireless thing is new to me. ...
  1. #1
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    269
    Thank Post
    5
    Thanked 26 Times in 26 Posts
    Rep Power
    24

    New wireless network due to be finalised soon - need help/a few pointers (Meru or Ruc

    Hi,

    I will apologise for my naivety now before I start as the whole wireless thing is new to me.

    We have decided to use meru or ruckus, final decision soon.

    Our network is HP 5400 core and 2920 PoE at the edge.
    Our network is currently VLAN'd into mainly buildings, and a few other certain admin stuff.
    We use smoothwall as or filter/proxy.

    I'm hoping to do the following:
    Two VLAN wireless networks (school staff-pupils, guest)
    Captive portal registration via active directory for staff pupils with limit two devices per person.
    Guest access via daily changing key
    Access to my docs
    Filtered Internet access
    Our VLE will the main tool that is accessed on a daily basis, web interface or device app.

    I have a few questions regarding the above:

    1) do I need more than two wireless VLANS?
    2) do I need a radius server anywhere in between? And what job will it do?
    3) am I missing anything crucial out of that needs further thought or implementation?


    All help/advice is welcome and would love as much info as possible regarding either Meru or Ruckus solutions....

    Thanks

  2. #2
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87
    Ruckus will let you do all that with ease. There are so many people on here who have nothing but rave reviews for ruckus and im one of them.

  3. #3
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    269
    Thank Post
    5
    Thanked 26 Times in 26 Posts
    Rep Power
    24
    Does ruckus do AD authentication without a radius or does ruckus have some sort of radius builtin?

  4. #4

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    It does AD authentication :-) our BYOD is set to an AD group if your not in it you don't get on it :-)

  5. #5
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87
    You configure ruckus to talk to your AD and then provision groups/memerships from your ad to which ssids they can access. Have s look at this..

    Edit

    http://www.demosondemand.com/clients...s/001/info.asp

    Select the left video
    Last edited by timbo343; 2nd March 2013 at 10:08 PM.

  6. #6
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    269
    Thank Post
    5
    Thanked 26 Times in 26 Posts
    Rep Power
    24
    Great I see, so why do other schools use a radius?

    We will allow all staff pupils to bring in max two devices, any two, BYOD type scenario.

    Each device will go down the first SSID, guests down the second SSID, probably thinking about it create a third SSID for VOIP, I assume ruckus can implement QoS on specific SSIDs. The third VoIP VLAN is our existing phone VLAN, thus having wired and wireless on the same VLAN, makes logical sense I suppose.

  7. #7

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    10,401
    Thank Post
    1,106
    Thanked 2,093 Times in 1,473 Posts
    Rep Power
    651
    I have Ruckus in one school and Meru in the other. Both use AD authentication and TBH from a working perspective there isn't a lot of difference. They both just work for us.
    The only thing that is different is the costing. Can't remember the details but I think it was more expensive to add more APs over a certain number with Meru rather than Ruckus.

  8. #8
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    269
    Thank Post
    5
    Thanked 26 Times in 26 Posts
    Rep Power
    24
    Is there anything you wish Meru had that ruckus does or vice versa, however small it may be?

  9. #9

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,132
    Thank Post
    100
    Thanked 217 Times in 176 Posts
    Blog Entries
    1
    Rep Power
    69
    We have Meru.

    We put staff and student devices into separate vlans/ess. There are a guest and a BYOD VLANs/ess.

    There is also a VLAN for a couple of other special cases.

    One ESS per VLAN, different client types sometimes require different settings for the ESS, specifically around authentication and encryption settings.

    There is a VLAN for the AP's and controller.

    It was set up by Meru specialists and works really well.

    You will get the best performance and capacity if you have 2x2 (or better) n devices.

  10. #10
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    269
    Thank Post
    5
    Thanked 26 Times in 26 Posts
    Rep Power
    24
    Why have separate VLAN for students and teachers?

  11. #11

    Join Date
    Dec 2009
    Posts
    913
    Thank Post
    96
    Thanked 184 Times in 159 Posts
    Rep Power
    53
    We have Ruckus, 5 wireless SSID's all VLAN'd off including Guest and BYOD.

    Very very happy with it

  12. #12


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    338
    With our Meru system we have the following:
    3 VLANS: Staff, Student, school owned equipment. But also have other SSID's on the same VLAN networks.
    We use RADIUS to automatically authenticate school owned equipment onto the network.
    You also need a firewall to keep the networks separate, VLAN doesn't do that.

    The separate staff and student network is for staff BYOD and student BYOD - keeps the kids off the staff devices and allows us to give more access to staff than students.

  13. #13

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,132
    Thank Post
    100
    Thanked 217 Times in 176 Posts
    Blog Entries
    1
    Rep Power
    69
    "Why different SSID for staff and students?"

    Projected quantities of devices, SSID security settings, firewall rules. future flexibility.


    With wireless it is important to limit the number of hosts that might be trying to do layer 2/3 broadcasts per VLAN/Channel. Configured this way, if we start to hit the limit of the number of devices in one broadcast domain, we can relatively easily dedicate one channel to staff and another to students if needs be without any reconfiguration of the clients. TBH a client re-config wouldn't be a trauma, however designing something so it scales without having to completely redesign it gives me a warm fuzzy feeling.

  14. #14
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    269
    Thank Post
    5
    Thanked 26 Times in 26 Posts
    Rep Power
    24
    So from what I've read so far, this would be my setup:

    Controller and APs (VLAN 30) 172.30.0.0/20
    Staff SSID. (VLAN 31) 172.31.0.0/20
    Pupil SSID. (VLAN 32) 172.32.0.0/20
    Apple TV SSID. (VLAN 33) 172.33.0.0/20
    Guest SSID (VLAN 34) 172.34.0.0/20
    School devices SSID (VLAN 35) 172.35.0.0/20

    Also use the Aerohive bonjour gateway to connect the iPads over multiple VLANs to the Apple TVs. Unless Meru or Ruckus does the same job.

    Do I need to think about anything else other then setting up the ACLs on or HP 5400?

    Can anyone offer advice or I'm I barking up the wrong tree?

  15. #15

    Join Date
    Dec 2009
    Posts
    913
    Thank Post
    96
    Thanked 184 Times in 159 Posts
    Rep Power
    53
    Quote Originally Posted by ass17 View Post
    Also use the Aerohive bonjour gateway to connect the iPads over multiple VLANs to the Apple TVs. Unless Meru or Ruckus does the same job.
    No idea about Meru but i believe in the latest Ruckus update there was something called Smartway which will do this.

    Introducing SmartWay: Beyond Bonjour Bridging
    Ruckus SmartWay is a new Smart Wi-Fi software technology that not only simplifies the administration and optimization of service discovery traffic, such as Apple Bonjour and UPnP protocols over Smart Wi-Fi networks, it also supports advanced facilities to restrict or "fence" these services to a given access point, group of access points or a particular geographic area.
    Ideally suited for K-12 and higher education environments, SmartWay helps organizations enable users with Apple devices to exploit other resources on their networks. For example, SmartWay makes Apple Bonjour services such as AirPrint, AirPlay, and the Apple Filing Protocol (AFP) used in wireless printers and multimedia devices usable and controllable across subnets.

    Current competitive approaches simply bridge all multicast traffic (e.g. Bonjour) between two virtual LANs (VLANs) or bridge the traffic from a single VLAN to all VLANs on a service-by-service basis. This means that a given service, such as Apple TV, becomes available everywhere - creating security concerns as resources are visible in undesired locations.

    Without SmartWay a teacher, for instance, can use AirPlay to transmit from an iPad to the Apple TV in the classroom only if both devices are on the same subnet. But now, with SmartWay support for Bonjour, the teacher can access any AppleTV as well as have any student transmit from their iPad (on the student Wi-Fi network) to the Apple TV (on a different Wi-Fi network).

    Wi-Fi deployments supporting multicast traffic such as Bonjour or UPnP can quickly get out of control if not scaled properly. Rather than flooding the network with traffic from all devices and subnets, Ruckus SmartWay selectively bridges this traffic to the subnets of choice.

    Ruckus is natively integrating SmartWay support for bridging Bonjour and other multicast traffic directly into its ZoneFlex software system. This allows service discovery traffic to be selectively bridged across subnets to enable large-scale deployments without overloading the network.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Looking for a new wireless network
    By jayemm in forum Wireless Networks
    Replies: 5
    Last Post: 12th March 2012, 08:57 AM
  2. Replies: 14
    Last Post: 29th April 2010, 10:45 PM
  3. My daughter is going to be 1 soon!
    By nephilim in forum General Chat
    Replies: 0
    Last Post: 7th April 2010, 10:26 PM
  4. Windows - Adding a new Wireless Network
    By Edu-IT in forum How do you do....it?
    Replies: 1
    Last Post: 28th December 2009, 02:56 AM
  5. Have you built your own wireless network? Care to share?
    By m0nty in forum Wireless Networks
    Replies: 12
    Last Post: 24th November 2009, 12:04 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •