Skip to main content

3 Messages

 • 

100 Points

Thu, Sep 25, 2014 10:56 AM

Two SSID, 2 different networks

Hello,

I have two different networks 10.10.10.0/24 and 192.168.0.0/24. The two networks doesn't have any kind of physical connectivity. I only have port access to the two switches and I do not administer both switches. Is there a way for Ruckus to create 2 SSIDs going to each network?

Responses

Brand User

2.6K Messages

 • 

44.8K Points

6 years ago

You could do this with a standalone AP model that has 2+ Eth ports.
Define 2 Local Subnets and VLANs, and assign one to each port of
the AP, connecting into the switch with that subnet on it. You could
then define two SSIDs, one for each network too.

3 Messages

 • 

100 Points

6 years ago

Hello Michael,

Standalone is not an option since I run quite a number AP. I am then considering other options even if it requires additional switch / equipment.

Option 1. Best Cast Scenario. How do I go about doing the best case scenario. Kindly list the steps necessary for each network device. I dont need the exact commands, I just need to know what needs to be done.

Options 2. Add an extra switch with VLAN connecting Network 1 and Network 2. Also need the steps necessary for each device. Is this even possible?

Thanks in advance.
Brand User

2.6K Messages

 • 

44.8K Points

6 years ago

Hi John,

Best practice will require VLAN aware switches, and a router. We recommend
that ZD and APs are used on their own management VLAN/subnet, and that you
tag your client WLAN traffic (Staff/Student) onto different VLAN/subnets, specifying
which VLAN under the WLAN advanced options. This provides Layer2/3 security
and control, and reduces broadcast/multicast domain traffic to/from wired/wireless.

202 Messages

 • 

3K Points

6 years ago

John:

You have 2 sets of switches administered by different groups that do not cooperate?
Or.. is there some security requirement for physical separation of these 2 subnets?
(that opens a whole other can of worms)

You'll need a "switched infrastructure" (possibly a third set of switches?) to support your APs.

If your APs are supported by one of the 2 sets of isolated switches, you'd need/want some assistance from the adminstrators of those switches re: creating a third wifi management VLAN as Michael suggested.
At that point it should be "just as easy" to create an additional VLAN to support both of your two different subnets on 1 set of switches. (in addition to the third management VLAN)

If you can't get that level of cooperation then you'll need that 3rd set of switches.
You'll have to create a wifi management vlan, a vlan for 10.10.10.x, a vlan for 192.168.0.x, plug one port from each of your isolated subnets into an untagged/"access" port that belongs to the appropriate VLAN for that network.
Attach the ZD controllers (because you're not using "standalone" APs) to an untagged/"access" port that belongs to the wifi/management VLAN.
Plug the APs into VLAN-stacked/802.1q/"trunked" ports that have their untagged/"native" VLAN set to the management/wifi VLAN.
(the other 2 VLANs also need to be allowed/"tagged" on those AP ports)

At this point your third set of switches might be able to replace the original two sets of switches.

Then (as Michael pointed out) if you want to be able to administer your ZD controllers from one of the "two different" subnets, you'll have to have a router connected between one (or both) of those subnets and your wifi management VLAN/subnet.

If your 2 different subnets were separated for security reasons, you will need to understand the security requirements and possibly buy a firewall (in addition or instead of a router) to enforce those requirements.

I hope that helps.

3 Messages

 • 

100 Points

6 years ago

Hello Michael and Bill,

Thanks for the replies.

I haven't explored the VLAN capabilities of ZD and ZF and I myself need to understand more VLAN concepts. I am attaching a diagram for better understanding.

All of the switches are VLAN-aware but I don't have management control. In the diagram I only have control over the ZD, ZF and Juniper router. Yes the two networks don't cooperate, they are managed by two different groups.