+ Post New Thread
Page 1 of 4 1234 LastLast
Results 1 to 15 of 46
Wireless Networks Thread, Ruckus & VLANs in Technical; Hi, I am trying to configure our Ruckus Wifi with the following configuration and seem to get lost at the ...
  1. #1

    Join Date
    Apr 2012
    Location
    Cheshire
    Posts
    126
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Ruckus & VLANs

    Hi,

    I am trying to configure our Ruckus Wifi with the following configuration and seem to get lost at the point of creating vlans on the switches and getting everything to talk, this is the setup we have:

    SSID 1 - VLAN1 - Main network, clients obtain IP addresses from the Windows DHCP server
    SSID 2 - VLAN100 - Staff wireless, clients obtain IP address from smoothwall DHCP with VLAN interface configured
    SSID 3 - VLAN 101 - Student wireless, clients obtain IP address from smoothwall DHCP with VLAN interface configured
    SSID 4 - VLAN 102 - Guest wireless, clients obtain IP address from smoothwall DHCP with VLAN interface configured
    SSID 5 - VLAN 103 - 6th Form wireless, clients obtain IP address from smoothwall DHCP with VLAN interface configured

    I have set the WLAN VLANIDs to be the same as what smoothwall is tagging them at and have verified that both ruckus configuration and smoothwall configuration is correct. The problem is If I try and connect my phone to SSID 2 I should receive an IP address from smoothwall however I don't get one because I have not configured any vlans. If I connect to SSID 1 which is the main network I do get an IP from our Windows server which is exactly right.

    My issue is with the VLAN configurations required on the switches to make this work, I'm not entirely sure on how to set these up. None of our switches are setup with VLANs at the moment they are all just on default vlan hence why I am getting nothing at the minute.

    I'm just not sure of:

    1) Where do I setup the VLANs (which switches)
    2) How does this information get to each switch (if it needs to)

    I have seen a few guides on this but they all seem to relate to BYOD and devices being physically plugged in in order to tag x amount of ports. We are using this separation for wireless clients only.

  2. #2
    White_Fi's Avatar
    Join Date
    Sep 2008
    Location
    Ipswich
    Posts
    185
    Thank Post
    7
    Thanked 34 Times in 32 Posts
    Rep Power
    33
    Hi,

    You will need all the switches with APs connected to be aware of the VLANs and any uplink (trunks) between these switches.

    There are typically two types of VLAN mode (terminology varies between vendor), Trunk mode and Access mode.

    Access Mode - Native VLAN and carrying no other VLANs - The VLAN is Untagged on the port and any client that plugs in, lives in this VLAN.

    Trunk Mode (What you need for the AP ports on the switches) - Native VLAN and carrying other VLANs. The Native VLAN would be the Untagged VLAN. You would then Tag any other VLANs you need the AP to be aware of.

    For a basic example..

    Our Wireless Mgmt VLAN is 80 and we have two WLANs, Net-Ctrl (VLAN 90) and Net-Ctrl Guest (VLAN 91)

    Our trunk/uplink ports from edge switches to core are in Trunk mode with these VLANs tagged. (carrying the VLANs)
    Our AP switch ports are also set as Trunk mode with Untagged 80 (the default native VLAN i want the AP to live) and Tagged on 90 and 91.

    In the ZD you DO NOT need to tag VLAN 80 for AP management because you have the port setup with Untagged (native) VLAN80on the switch...no need to be putting a VLAN tag flag in the frame.... it is the native VLAN so leave that as 1.
    Under the WLANs advanced options you tag VLAN 90 or 91.

    **** If you want you can also tag 80 aswell 90 and 91 on the switch port instead of UT80, T90/91.... If this was the case you WOULD need to "Tag" VLAN 80 for the AP management port in the ZD.
    Last edited by White_Fi; 30th July 2014 at 05:01 PM.

  3. #3
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    600
    Thank Post
    4
    Thanked 133 Times in 124 Posts
    Rep Power
    50
    On our Netgear Switches we have the following configured using your examples above. We've just installed a Ruckus network so we have gone though this although we don't have Smoothwall. Test each step at a time to make sure it's working correctly (especially for Smoothwall as I would assume you want it available on vLan 1 as well as the rest)

    Switch Port with AP connected (say Port 1)
    SSID 1 Port Untagged
    SSID 3 Port Tagged
    SSID 4 Port Tagged

    Switch Port with uplink to core network (Port 25)
    vLan 1 Untagged (You can tag it if your switch will let you)
    vLan 101 Tagged
    vLan 102 Tagged

    Core Switch
    Port connecting to Downstream Switch, configure as above.
    Port connecting to your Smoothwall, make sure vLan 101 and 102 are Tagged

  4. #4

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    797
    Thank Post
    180
    Thanked 61 Times in 58 Posts
    Rep Power
    35
    Probably a good idea to do this with not many people around just in case something goes wrong.

    If you let us know what make/model switches you have may be easier, may be able to help you with some example config

    Basically

    Create the different vlans

    Create the different vlans on each edge switch where you need them. Setup each port where a Access point plugs into to be tagged for the SSIDs that you need on the access points.

    The vLANS need to be able to go from edge switch to your core/central switch.

    The vLANS also need to be on the switch that your Smoothwall plugs into, with SonicWall you can setup sub interfaces for each vlan and enable DHCP on each sub interface only.

  5. #5
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    343
    Thank Post
    5
    Thanked 38 Times in 35 Posts
    Rep Power
    27
    Then once you have done all that you will need to setup access to servers on your smoothwall for which wifi networks need access like VLE, mail etc...

  6. #6

    Join Date
    Apr 2012
    Location
    Cheshire
    Posts
    126
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thanks for your help, up to now we have only plugged in one AP for testing. The AP port is untagged on VLAN 1 and tagged on VLANS 100-103. I have not configured any other switches. I setup a trunk on the switch too and made the port that the AP is plugged into a member of that trunk (not sure if that is right) when I do this I am then unable to connect to the AP at all, if I remove the trunk I can connect to it.

    The switch that this particular AP is on has to travel through 3 more switches before it reaches ZD and 4 before it reaches smoothwall, how should I configure those other switches?

  7. #7
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    343
    Thank Post
    5
    Thanked 38 Times in 35 Posts
    Rep Power
    27
    All switches that the AP has to travel through have to have their uplink ports TAGGED with the all VLANS associated with your wifi including the ZD VLAN.

  8. #8

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    797
    Thank Post
    180
    Thanked 61 Times in 58 Posts
    Rep Power
    35
    I can't remember trunking, I think I just tagged.

    What Make/Model switches are you using??????

  9. #9

    Join Date
    Apr 2012
    Location
    Cheshire
    Posts
    126
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0
    We are using HP V1810 and V1910 switches.

  10. #10

    Join Date
    Apr 2012
    Location
    Cheshire
    Posts
    126
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I have tagged all of the switch ports that our AP needs to take to find its way back to smoothwall and it is still not working just sits there saying obtaining IP address.

  11. #11

    Join Date
    Apr 2012
    Location
    Cheshire
    Posts
    126
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Do the switches need to be layer 3 or can this be done at layer 2? I just cannot connect back to smoothwall vlan port no matter what I try. If I configure a laptop on a range set on one of my vlans plug it into the switch port in place of the AP I still cannot ping. I don't have any firewalls on site either just smoothwall.

  12. #12

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    797
    Thank Post
    180
    Thanked 61 Times in 58 Posts
    Rep Power
    35
    The switches do not need to be layer 3 unless you need to do routing on the switch. I set up an old HP switch with no ip routing with Ruckus and a SonicWall giving out DHCP addresses for everything but the main production LAN which was being done by the Domain Controller.

    What happens if you give a static IP address to a client and see if you can ping the gateway?

  13. #13

    Join Date
    Apr 2012
    Location
    Cheshire
    Posts
    126
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0
    It is getting very odd now and making me think it might be smoothwall. I have VLAN 100 setup, I untagged a port on the switch which smoothwall is directly plugged into for this VLAN. I connected a laptop to this port and it does not receive a lease. I configured a static IP address on the laptop and tried to ping the virtual interface on smoothwall and it could not find it. I have no idea what is going on!

  14. #14

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    797
    Thank Post
    180
    Thanked 61 Times in 58 Posts
    Rep Power
    35
    With the SonicWall I created Sub interfaces for the correct vlan, and just made sure the port was tagged on the switch for that vLAN

  15. #15

    Join Date
    Apr 2012
    Location
    Cheshire
    Posts
    126
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0
    To recap this is what I have got:

    VLAN100 - BYOD STAFF
    VLAN101 - BYOD STUDENTS
    VLAN102 - BYOD GUEST
    VLAN103 - BYOD 6TH FORM

    These are all setup on the relevant Ruckus WLANs and they are setup as sub interfaces on smoothwall with the correct vlan numbers tagged, I have then configured the dhcp element of smoothwall to dish out ip addresses from a certain range dependant on which vlan they are intended for. All uplink/trunk ports between switches and ap's are set to be untagged on vlan1 (default) and tagged on the vlan's shown above. I have verified this config throughout and there is still no change, wireless devices do not receive an ip address from smoothwall and if I plug a laptop in to the switch smoothwall is plugged into and setup a port as untagged on vlan 100 I still don't get an ip nor can I ping the interface if I setup with a static ip.

    I have:

    VLAN1 1.0.0.0 255.255.0.0 (main network)
    VLAN100 192.168.12.0 255.255.255.0
    VLAN101 192.168.16.0 255.255.248.0
    VLAN102 192.168.24.0 255.255.255.0
    VLAN103 192.168.28.0 255.255.252.0

    I'm starting to think something is blocking communication on those ip ranges other than the main network but we are on layer 2 switches so it shouldn't matter should it?

SHARE:
+ Post New Thread
Page 1 of 4 1234 LastLast

Similar Threads

  1. Ruckus - different VLAN for each SSID
    By localzuk in forum Wireless Networks
    Replies: 2
    Last Post: 21st August 2013, 11:26 AM
  2. Wireless Guest SSID VLAN Ruckus
    By robbie-w in forum Wireless Networks
    Replies: 1
    Last Post: 5th March 2012, 05:27 PM
  3. Ruckus and Cisco VLan's?
    By bjohnny42 in forum Wireless Networks
    Replies: 4
    Last Post: 29th July 2011, 02:57 PM
  4. Ruckus VLANs
    By cookie_monster in forum Wireless Networks
    Replies: 7
    Last Post: 26th April 2010, 10:15 AM
  5. RUckus SSID VLANs
    By badders in forum Wireless Networks
    Replies: 4
    Last Post: 13th April 2010, 09:59 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •