I am trying to configure our Ruckus Wifi with the following configuration and seem to get lost at the point of creating vlans on the switches and getting everything to talk, this is the setup we have:
SSID 1 - VLAN1 - Main network, clients obtain IP addresses from the Windows DHCP server
SSID 2 - VLAN100 - Staff wireless, clients obtain IP address from smoothwall DHCP with VLAN interface configured
SSID 3 - VLAN 101 - Student wireless, clients obtain IP address from smoothwall DHCP with VLAN interface configured
SSID 4 - VLAN 102 - Guest wireless, clients obtain IP address from smoothwall DHCP with VLAN interface configured
SSID 5 - VLAN 103 - 6th Form wireless, clients obtain IP address from smoothwall DHCP with VLAN interface configured
I have set the WLAN VLANIDs to be the same as what smoothwall is tagging them at and have verified that both ruckus configuration and smoothwall configuration is correct. The problem is If I try and connect my phone to SSID 2 I should receive an IP address from smoothwall however I don't get one because I have not configured any vlans. If I connect to SSID 1 which is the main network I do get an IP from our Windows server which is exactly right.
My issue is with the VLAN configurations required on the switches to make this work, I'm not entirely sure on how to set these up. None of our switches are setup with VLANs at the moment they are all just on default vlan hence why I am getting nothing at the minute.
I'm just not sure of:
1) Where do I setup the VLANs (which switches)
2) How does this information get to each switch (if it needs to)
I have seen a few guides on this but they all seem to relate to BYOD and devices being physically plugged in in order to tag x amount of ports. We are using this separation for wireless clients only.
You will need all the switches with APs connected to be aware of the VLANs and any uplink (trunks) between these switches.
There are typically two types of VLAN mode (terminology varies between vendor), Trunk mode and Access mode.
Access Mode - Native VLAN and carrying no other VLANs - The VLAN is Untagged on the port and any client that plugs in, lives in this VLAN.
Trunk Mode (What you need for the AP ports on the switches) - Native VLAN and carrying other VLANs. The Native VLAN would be the Untagged VLAN. You would then Tag any other VLANs you need the AP to be aware of.
For a basic example..
Our Wireless Mgmt VLAN is 80 and we have two WLANs, Net-Ctrl (VLAN 90) and Net-Ctrl Guest (VLAN 91)
Our trunk/uplink ports from edge switches to core are in Trunk mode with these VLANs tagged. (carrying the VLANs)
Our AP switch ports are also set as Trunk mode with Untagged 80 (the default native VLAN i want the AP to live) and Tagged on 90 and 91.
In the ZD you DO NOT need to tag VLAN 80 for AP management because you have the port setup with Untagged (native) VLAN80on the switch...no need to be putting a VLAN tag flag in the frame.... it is the native VLAN so leave that as 1.
Under the WLANs advanced options you tag VLAN 90 or 91.
**** If you want you can also tag 80 aswell 90 and 91 on the switch port instead of UT80, T90/91.... If this was the case you WOULD need to "Tag" VLAN 80 for the AP management port in the ZD.
Last edited by White_Fi; 30th July 2014 at 05:01 PM.
On our Netgear Switches we have the following configured using your examples above. We've just installed a Ruckus network so we have gone though this although we don't have Smoothwall. Test each step at a time to make sure it's working correctly (especially for Smoothwall as I would assume you want it available on vLan 1 as well as the rest)
Switch Port with AP connected (say Port 1)
SSID 1 Port Untagged
SSID 3 Port Tagged
SSID 4 Port Tagged
Switch Port with uplink to core network (Port 25)
vLan 1 Untagged (You can tag it if your switch will let you)
vLan 101 Tagged
vLan 102 Tagged
Port connecting to Downstream Switch, configure as above.
Port connecting to your Smoothwall, make sure vLan 101 and 102 are Tagged
Thanks for your help, up to now we have only plugged in one AP for testing. The AP port is untagged on VLAN 1 and tagged on VLANS 100-103. I have not configured any other switches. I setup a trunk on the switch too and made the port that the AP is plugged into a member of that trunk (not sure if that is right) when I do this I am then unable to connect to the AP at all, if I remove the trunk I can connect to it.
The switch that this particular AP is on has to travel through 3 more switches before it reaches ZD and 4 before it reaches smoothwall, how should I configure those other switches?
Do the switches need to be layer 3 or can this be done at layer 2? I just cannot connect back to smoothwall vlan port no matter what I try. If I configure a laptop on a range set on one of my vlans plug it into the switch port in place of the AP I still cannot ping. I don't have any firewalls on site either just smoothwall.
The switches do not need to be layer 3 unless you need to do routing on the switch. I set up an old HP switch with no ip routing with Ruckus and a SonicWall giving out DHCP addresses for everything but the main production LAN which was being done by the Domain Controller.
What happens if you give a static IP address to a client and see if you can ping the gateway?
It is getting very odd now and making me think it might be smoothwall. I have VLAN 100 setup, I untagged a port on the switch which smoothwall is directly plugged into for this VLAN. I connected a laptop to this port and it does not receive a lease. I configured a static IP address on the laptop and tried to ping the virtual interface on smoothwall and it could not find it. I have no idea what is going on!
VLAN100 - BYOD STAFF
VLAN101 - BYOD STUDENTS
VLAN102 - BYOD GUEST
VLAN103 - BYOD 6TH FORM
These are all setup on the relevant Ruckus WLANs and they are setup as sub interfaces on smoothwall with the correct vlan numbers tagged, I have then configured the dhcp element of smoothwall to dish out ip addresses from a certain range dependant on which vlan they are intended for. All uplink/trunk ports between switches and ap's are set to be untagged on vlan1 (default) and tagged on the vlan's shown above. I have verified this config throughout and there is still no change, wireless devices do not receive an ip address from smoothwall and if I plug a laptop in to the switch smoothwall is plugged into and setup a port as untagged on vlan 100 I still don't get an ip nor can I ping the interface if I setup with a static ip.