Skip to main content

Fri, Mar 16, 2018 9:00 AM

AP500 client isolation whitelist

We've got AP500 acces points. And we've enabled client isolation based on this tutorial.
(since we couldn't find it in the web interface)

https://support.ruckuswireless.com/answers/000002379

However we'd like to connect a chromecast that should not be isolated.
And i can't seem to find anything in the web interface about client isolation. Nor in the SSH terminal.

Does anyone know how we can make a chromecast work eventough client isolation is enabled?

Responses

27 Messages

 • 

470 Points

3 years ago

Just to check - you don't have a controller - these are standalone access points?

11 Messages

 • 

132 Points

3 years ago

As far as i know they are connected to a Draytek Vigor 2925.

Our system administrator recently upgraded our Wifi network. And now quit his job, and I can't find documentation

27 Messages

 • 

470 Points

3 years ago

OK - you aren't aware if there is a Ruckus controller there like a ZoneDirector, for example - it seems that all access points are configured individually? How many access points do you have in total?

11 Messages

 • 

132 Points

3 years ago

Yeah it seems like that.

As far as i know we have 3 access points total so it isn't that dramatically to maintain them.

Is there a way to see within the access point if there is a controller?

27 Messages

 • 

470 Points

3 years ago

It doesn't look like you have a controller. From CLI, you can issue a couple of commands to make sure:

get director
 - will tell you if you have a ZoneDirector controller

get scg
 - same for SmartZone

Neither seem likely here

You can also issue
fw show all
which will tell us the code on the access point

Try these and post back so we can be sure

11 Messages

 • 

132 Points

3 years ago

rkscli: get director
------ ZoneDirector Info ------
Primary Controller   : n/a
Secondary Controller : n/a
DHCP Opt43 Code      : 3
  AP is in Stand-alone mode.
OK
rkscli: get scg
------ SCG Information ------
SCG Service is enabled.
AP is not managed by SCG.
AP is not registered in SCG.
State: DISCONNECTED
SCI is disabled.
Server List:
No SSH tunnel exists
Failover List: Not found
Failover Max Retry: 2
DHCP Opt43 Code: 6
Server List from DHCP (Opt43/Opt52): Not found
SCG default URL: RuckusController
SCG config|heartbeat|mesh status|status intervals: 300|30|300|900
SCG gwloss|serverloss timeouts: 1800|7200
-----------------------------
OK

rkscli: fw show all

control file /writable/fw/main.cntl not in flash
-------------------------------------
current primary boot image is Image1
---------------
Magic:        RCKS
next_image:   0x130000
invalid:      0
hdr_len:      160
compression:  l7
load_address: 0x80080000
entry_point:  0x802FF060
timestamp:    Fri Aug 19 08:57:32 2016
binl7_len:    9975644
hdr_version:  4
hdr_cksum:    0x0105
version:      104.0.0.0.1347    ( 104.0.0.0.1347 )
MD5:          81E160C70589AA24D7A5BC85A27A10C5
product:      zf7752    (0)
architecture: 1
chipset:      3
board_type:   0
board_class:  3
customer:
Image Sign Type: Intermediate Signed Image(ISI).
Tail start:   0x982f60
---------------
Magic:        RCKS
next_image:   0x130000
invalid:      0
hdr_len:      160
compression:  l7
load_address: 0x80080000
entry_point:  0x802FF060
timestamp:    Fri Aug 19 08:57:32 2016
binl7_len:    9975644
hdr_version:  4
hdr_cksum:    0x0105
version:      104.0.0.0.1347    ( 104.0.0.0.1347 )
MD5:          81E160C70589AA24D7A5BC85A27A10C5
product:      zf7752    (0)
architecture: 1
chipset:      3
board_type:   0
board_class:  3
customer:
Image Sign Type: Intermediate Signed Image(ISI).
Tail start:   0x982f60
OK

27 Messages

 • 

470 Points

3 years ago

OK, that confirms it.

When you enable client isolation, you prevent clients connected to the same access point from being able to see each other. The technote you refer to either enables or disables this, on a global setting - ie for all or for none.

Can you explain what you're hoping to do with the chromebook?

11 Messages

 • 

132 Points

3 years ago

What we're hoping to achieve is having client isolation enabled for all clients.

But that all clients CAN see the ChromeCast that's connected to the television.

27 Messages

 • 

470 Points

3 years ago

Let's see if I understand this:

1) You configure the Chromecast to connect to the WLAN that currently has Client Isolation enabled
2) You want devices on the same WLAN to be able to connect to the Chromecast
3) You need a whitelist entry for the Chromecast in order to make it visible

I'm afraid I don't know if that's possible for stand-alone access points from the CLI.

There are a couple of ways forward from here - 

1) Hopefully someone else may able to advise as to whether it's possible or not from the current set up - at least the answers you have given so far should help them to understand the problem.

2) If you have controller based AP's then it's clearly possible. Ruckus unleashed code is designed for small networks, and the Access Points themselves act in the role of the controller - you configure only one access point and the rest copy the config. What you're trying to achieve is possible with unleashed code:

https://docs.ruckuswireless.com/unleashed/200.2/t-ConfigClientIsolationWhitelist.html

I'm sorry I can't help further at this point - there are some excellent staff members, Ruckus partners and Ruckus customers who contribute to the forums, so I'm sure it won't be long before we have a definitive answer for you.

Neil

11 Messages

 • 

132 Points

3 years ago

If i'd get a ruckus zoneflex unleashed. Could it manage the other three AP's? or do I need to get a really expensive controller / replace all AP's with unleashed's

27 Messages

 • 

470 Points

3 years ago

The unleashed AP's have the controller built in, and was designed for precisely your sort of network where the cost of a controller is not justified. You configure a single AP and the rest adopt the config from the first.

There are some great videos on the Ruckus Education Youtube channel that can help you understand it better:

https://www.youtube.com/watch?v=N7WJQD3eR0Q&list=PLySwoo7u9-KIeSds4dBO6l0WyBPvEQVPP

 Where are you based? You should ideally speak with your local Ruckus Partner/reseller who will be able to offer guidance. If your AP's are still covered by warranty or are under support contract, you may have additional options.

Neil

11 Messages

 • 

132 Points

3 years ago

Thank you very much!

27 Messages

 • 

470 Points

3 years ago

You're welcome! Keep us posted on how things develop.

11 Messages

 • 

132 Points

3 years ago

Ok i just found out they are all "Ruckus ZoneFlex R500 Unleashed".

But i can't find the menu item of this manual
https://docs.ruckuswireless.com/unleashed/200.2/t-ConfigClientIsolationWhitelist.html

I'll do a firmware upgrade first. ;)

11 Messages

 • 

132 Points

3 years ago

After installing the upgrade it's telling me to go to: https://unleashed.ruckuswireless.com/ to manage it. But that domain no longer exists :(