Skip to main content

16 Messages

 • 

410 Points

Tue, Oct 18, 2016 10:49 PM

Answered

Unleashed AP approval issues with 200.2.9.13.186

With previous firmware versions I could enable/disable automatic approvals.  I just updated to 200.2.9.13.186 and it seems the approval option is permanently enabled, you are not able to click the option.  Has anyone else noticed this?  It's caused some minor headaches when running multiple APs on the same network that I did not want to be connected together.

Responses

Brand User

2.6K Messages

 • 

44.8K Points

4 years ago

Unleashed is designed to run on one flat VLAN, and automatically upgrade/update new APs seen. 
You cannot run two Unleashed networks on the same VLAN.
You have a choice when to Upgrade the entire network, following a new Unleashed release.

16 Messages

 • 

410 Points

4 years ago

Thanks Michael, I could have sworn I was able to select or un-select the approval option with the previous firmware, I thought it was strange I couldn't do it with this release... but I could be wrong.  Thanks for the update.
Brand User

2.6K Messages

 • 

44.8K Points

Glad to get your feedback.  Keep testing.

4 Messages

 • 

112 Points

Hi Jeff

You are definitely not mistaken: after setup last year, we disabled the automatic approval. Since upgrading to the latest firmware on friday, the feature is enabled again, and grayed out.

From a security point of view, it's bad that someone can plug in an AP and it just joins the AP to your network without any approval requests...

Is there a workaround for this issue?

Michael Brado: I'm not sure if you're not talking about the automatic upgrade of firmwares? Unless I'm mistaken, what Jeff, Daniel (and I) mean is the automatic approval of new access points on your network.

65 Messages

 • 

1.2K Points

4 years ago

Hey Jeff.  I have the same problem and I’m running the same version.  Approval is checked and greyed out and I cannot uncheck it, which I’d like to do.  The UI even says “To enhance wireless security, deactivate this option. This means you must manually “allow” each newly discovered AP.”

Did you ever get this resolved?

65 Messages

 • 

1.2K Points

4 years ago

This problem still exists with the latest 200.3.9.13.228.

Brand User

2.6K Messages

 • 

44.8K Points

4 years ago

Hello Jeff, Daniel,

     Your first Unleashed AP on a network will have a startup wizard that asks "Would you like to join the Cloud" or
"Would you like to create an Unleashed network."  It is a design *feature* that all subsequent Unleashed APs on
this same LAN/VLAN are intended to be part of the Unleashed network that was created, so up to 24 more APs
will be automatically recognized, upgraded if necessary, and configured with WLANs to start service asap.  You
would need to convince our Product line manager that this is not a good idea...    =:^)

65 Messages

 • 

1.2K Points

While I understand the reason behind it and I’m certain it leads to fewer support calls, the last thing I need is for someone to put a rogue AP on the network that can automatically join the existing Unleashed network.  While it simplifies things to have this enabled by default, it is a security concern.  If you plan to leave this feature permanently broken, which is a shame, you should probably remove it from the product and documentation at http://docs.ruckuswireless.com/unleashed/200.3/index.html#c-Others.html.

4 Messages

 • 

112 Points

Hi Michael,

You say it's by design, but why in versions prior to 200.2 could we disable the auto join then? And as Daniel says, why would it ever be visible in the configuration (grayed out or not)?

Before version 200.2.9.13, we disabled the auto-join, because in some environments it's just ridiculously insecure to allow AP's to join wether they are plugged in by someone working at the company, or a random person with less good intentions...

Like Daniel says, if the feature won't be enabled anymore, remove it from the UI and the documentation. But also expect lots of criticism.

Champion

 • 

556 Messages

 • 

10.5K Points

FWIW, I was able to use the Unleashed CLI's faux ZoneDirector mode to disable AP auto-approval much in the same way that one uses the ZD CLI to do so....

Of course, if Ruckus's official position is that this is not a supported feature, I would not recommend doing so.

(Don't ask who may have gotten in a bit of trouble for hijacking a test rack of Ruckus AP's once because he had a controller plugged in :D)

4 Messages

 • 

112 Points

Good thinking!

And good to know that tinkering through the CLI can get you in to trouble when plugging in a controller :-P Definitely putting that in our documentation :-P

Champion

 • 

556 Messages

 • 

10.5K Points

It's more bringing in a controller with auto-approval enabled on a subnet I did not own. Little did I know, someone on the subnet was trying to set up some Ruckus AP's and his controller was losing the race to mine, so I kept accidentally stealing his AP's.

That taught a valuable lesson to turn off auto-approval unless I really know I want it on a network.

4 Messages

 • 

112 Points

4 years ago

Is it possible to remove an "Answered"-tag from a thread, or should I make a new thread for this issue?
Brand User

2.6K Messages

 • 

44.8K Points

No, but you can contact Tech Support or your SE and ask for a Field Request (FR) with your business case for PLM to consider.