Skip to main content

16 Messages

 • 

262 Points

Thu, Jul 5, 2018 4:58 PM

Ruckus setup with VLANs ZD1200

I just got a new Ruckus ZD1200 and some r610 APs. 

I am trying to set it up like this

port 1 has ip 192.168.10.254 that is for management only

port 2 is trunk for guest vlan and corp vlan

I don't see anyway to do this. Is this not possible? I don't want the ZD to have an IP on the guest or corp vlan.

Thank you

Responses

Brand User

Former Employee

 • 

2.6K Messages

 • 

44.8K Points

2 years ago

Hi John,

    The two Eth ports on your ZD1200 are one logical interface to the controller,
so you can't "define" one on VLAN A with IP-subnet1 address, and one on VLAN
B with IP-subnet2 address.  If you do not want the ZD/APs to be easily accessable
to either SSID clients, define a "Management" VLAN 0 for the ZD/APs, and use
unique VLANs for both of your SSIDs.  You simply need to trunk the two VLANs
in addition to your management VLAN to the ZD/APs.  Client dhcp requests will
go to the server on the specific VLAN.  Does that make sense?  You use ACLs
(on your switch/router) to limit access of the VLAN subnets to whatever targets
you want to permit/deny.

127 Messages

 • 

2.4K Points

2 years ago

In addition to the above, you can define a management vlan For the ZD itself.
Brand User

Former Employee

 • 

2.6K Messages

 • 

44.8K Points

2 years ago

Yes, the management VLAN for ZD/APs can be tagged, doesn't have to be 0.

16 Messages

 • 

262 Points

2 years ago

Thank you all for the replies.

so let me see if I have this right.

I could just use one of the ports on the ZD

Then on my switch

Untagged(access) vlan 10 for management
tag vlan 2,3,5 for Wireless networks and that's all? Will the ZD see the tagged vlans and I won't have to do anything other than assign the access vlan to each SSID?

127 Messages

 • 

2.4K Points

2 years ago

exactly. There is no other specific configuration needed for the user traffic to be tagged. Also, by default, the zone director is NOT tunneling traffic from the AP to the controller, so unless you specifically enable tunneling, the traffic is actually "locally broken out"  at the AP level, so you need to have the APs on "untagged vlan 10 / tagged vlan 2,3,5" 

If you enable tunneling, then the vlan breakout will be done at the ZD level as you describe, but no additional configuration on the ZD is needed other than enabling tunneling.

16 Messages

 • 

262 Points

2 years ago

Where can I find some configuration examples? I'm having a lot of issues getting stuff to work. When I have the ports for the ZD1200 and my AP on the Cisco switch set to Trunk vlan 2,3,5,10 and native vlan 10. The ZD and the AP are accessable when the configuration on both are set to Access VLAN1 on the ruckus but if I  change those to 10 it no longer can connect.

I also have the ZD set to auto allow new AP's and it sees the new AP but won't let me edit it and says "This Access Point is not yet approved and connected. Click "Allow" action (if present) and wait for the AP to complete connection."

I get this in the errors "2018/07/05  15:16:43MediumModel[r610] is not supported; connection request from AP[xx:xx:xx:xx:xx:xx] refused
So I'm a little lost.

Thank you all for the help

5 Messages

 • 

160 Points

2 years ago

I guess, they have answered this already, but I am sending you a visualization of the physical setup. Hope it helps :-)

Also, the IP Addresses of the ZD and the APs could either be assigned statically, or dynamically based on your preference.