AP500 client isolation whitelist

  • 1
  • Question
  • Updated 6 months ago
We've got AP500 acces points. And we've enabled client isolation based on this tutorial.
(since we couldn't find it in the web interface)

https://support.ruckuswireless.com/answers/000002379

However we'd like to connect a chromecast that should not be isolated.
And i can't seem to find anything in the web interface about client isolation. Nor in the SSH terminal.

Does anyone know how we can make a chromecast work eventough client isolation is enabled?
Photo of Samantha Adrichem

Samantha Adrichem

  • 11 Posts
  • 0 Reply Likes

Posted 7 months ago

  • 1
Photo of Neil Mac

Neil Mac, Employee

  • 26 Posts
  • 8 Reply Likes
Just to check - you don't have a controller - these are standalone access points?
Photo of Samantha Adrichem

Samantha Adrichem

  • 11 Posts
  • 0 Reply Likes
As far as i know they are connected to a Draytek Vigor 2925.

Our system administrator recently upgraded our Wifi network. And now quit his job, and I can't find documentation
(Edited)
Photo of Neil Mac

Neil Mac, Employee

  • 26 Posts
  • 8 Reply Likes
OK - you aren't aware if there is a Ruckus controller there like a ZoneDirector, for example - it seems that all access points are configured individually? How many access points do you have in total?
Photo of Samantha Adrichem

Samantha Adrichem

  • 11 Posts
  • 0 Reply Likes
Yeah it seems like that.

As far as i know we have 3 access points total so it isn't that dramatically to maintain them.

Is there a way to see within the access point if there is a controller?
(Edited)
Photo of Neil Mac

Neil Mac, Employee

  • 26 Posts
  • 8 Reply Likes
It doesn't look like you have a controller. From CLI, you can issue a couple of commands to make sure:

get director
 - will tell you if you have a ZoneDirector controller

get scg
 - same for SmartZone

Neither seem likely here

You can also issue
fw show all
which will tell us the code on the access point

Try these and post back so we can be sure
Photo of Samantha Adrichem

Samantha Adrichem

  • 11 Posts
  • 0 Reply Likes
rkscli: get director
------ ZoneDirector Info ------
Primary Controller   : n/a
Secondary Controller : n/a
DHCP Opt43 Code      : 3
  AP is in Stand-alone mode.
OK
rkscli: get scg
------ SCG Information ------
SCG Service is enabled.
AP is not managed by SCG.
AP is not registered in SCG.
State: DISCONNECTED
SCI is disabled.
Server List:
No SSH tunnel exists
Failover List: Not found
Failover Max Retry: 2
DHCP Opt43 Code: 6
Server List from DHCP (Opt43/Opt52): Not found
SCG default URL: RuckusController
SCG config|heartbeat|mesh status|status intervals: 300|30|300|900
SCG gwloss|serverloss timeouts: 1800|7200
-----------------------------
OK

rkscli: fw show all
<Control Info>
control file /writable/fw/main.cntl not in flash
-------------------------------------
current primary boot image is Image1
---------------<Image1 FW header>
Magic:        RCKS
next_image:   0x130000
invalid:      0
hdr_len:      160
compression:  l7
load_address: 0x80080000
entry_point:  0x802FF060
timestamp:    Fri Aug 19 08:57:32 2016
binl7_len:    9975644
hdr_version:  4
hdr_cksum:    0x0105
version:      104.0.0.0.1347    ( 104.0.0.0.1347 )
MD5:          81E160C70589AA24D7A5BC85A27A10C5
product:      zf7752    (0)
architecture: 1
chipset:      3
board_type:   0
board_class:  3
customer:
Image Sign Type: Intermediate Signed Image(ISI).
Tail start:   0x982f60
---------------<Image2 FW header>
Magic:        RCKS
next_image:   0x130000
invalid:      0
hdr_len:      160
compression:  l7
load_address: 0x80080000
entry_point:  0x802FF060
timestamp:    Fri Aug 19 08:57:32 2016
binl7_len:    9975644
hdr_version:  4
hdr_cksum:    0x0105
version:      104.0.0.0.1347    ( 104.0.0.0.1347 )
MD5:          81E160C70589AA24D7A5BC85A27A10C5
product:      zf7752    (0)
architecture: 1
chipset:      3
board_type:   0
board_class:  3
customer:
Image Sign Type: Intermediate Signed Image(ISI).
Tail start:   0x982f60
OK
Photo of Neil Mac

Neil Mac, Employee

  • 26 Posts
  • 8 Reply Likes
OK, that confirms it.

When you enable client isolation, you prevent clients connected to the same access point from being able to see each other. The technote you refer to either enables or disables this, on a global setting - ie for all or for none.

Can you explain what you're hoping to do with the chromebook?
Photo of Samantha Adrichem

Samantha Adrichem

  • 11 Posts
  • 0 Reply Likes
What we're hoping to achieve is having client isolation enabled for all clients.

But that all clients CAN see the ChromeCast that's connected to the television.
Photo of Neil Mac

Neil Mac, Employee

  • 26 Posts
  • 8 Reply Likes
Let's see if I understand this:

1) You configure the Chromecast to connect to the WLAN that currently has Client Isolation enabled
2) You want devices on the same WLAN to be able to connect to the Chromecast
3) You need a whitelist entry for the Chromecast in order to make it visible

I'm afraid I don't know if that's possible for stand-alone access points from the CLI.

There are a couple of ways forward from here - 

1) Hopefully someone else may able to advise as to whether it's possible or not from the current set up - at least the answers you have given so far should help them to understand the problem.

2) If you have controller based AP's then it's clearly possible. Ruckus unleashed code is designed for small networks, and the Access Points themselves act in the role of the controller - you configure only one access point and the rest copy the config. What you're trying to achieve is possible with unleashed code:

https://docs.ruckuswireless.com/unleashed/200.2/t-ConfigClientIsolationWhitelist.html

I'm sorry I can't help further at this point - there are some excellent staff members, Ruckus partners and Ruckus customers who contribute to the forums, so I'm sure it won't be long before we have a definitive answer for you.

Neil
Photo of Samantha Adrichem

Samantha Adrichem

  • 11 Posts
  • 0 Reply Likes
If i'd get a ruckus zoneflex unleashed. Could it manage the other three AP's? or do I need to get a really expensive controller / replace all AP's with unleashed's
Photo of Neil Mac

Neil Mac, Employee

  • 26 Posts
  • 8 Reply Likes
The unleashed AP's have the controller built in, and was designed for precisely your sort of network where the cost of a controller is not justified. You configure a single AP and the rest adopt the config from the first.

There are some great videos on the Ruckus Education Youtube channel that can help you understand it better:

https://www.youtube.com/watch?v=N7WJQD3eR0Q&list=PLySwoo7u9-KIeSds4dBO6l0WyBPvEQVPP

 Where are you based? You should ideally speak with your local Ruckus Partner/reseller who will be able to offer guidance. If your AP's are still covered by warranty or are under support contract, you may have additional options.

Neil
Photo of Samantha Adrichem

Samantha Adrichem

  • 11 Posts
  • 0 Reply Likes
Thank you very much!
Photo of Neil Mac

Neil Mac, Employee

  • 26 Posts
  • 8 Reply Likes
You're welcome! Keep us posted on how things develop.
Photo of Samantha Adrichem

Samantha Adrichem

  • 11 Posts
  • 0 Reply Likes
Ok i just found out they are all "Ruckus ZoneFlex R500 Unleashed".

But i can't find the menu item of this manual
https://docs.ruckuswireless.com/unleashed/200.2/t-ConfigClientIsolationWhitelist.html

I'll do a firmware upgrade first. ;)
(Edited)
Photo of Samantha Adrichem

Samantha Adrichem

  • 11 Posts
  • 0 Reply Likes
After installing the upgrade it's telling me to go to: https://unleashed.ruckuswireless.com/ to manage it. But that domain no longer exists :(
Photo of Samantha Adrichem

Samantha Adrichem

  • 11 Posts
  • 0 Reply Likes
Nvm, for that you need to be on wifi. But i can access it via IP
Photo of Neil Mac

Neil Mac, Employee

  • 26 Posts
  • 8 Reply Likes
Have a quick look at the videos, use the unleashed APP and you should be good to go.
Photo of Samantha Adrichem

Samantha Adrichem

  • 11 Posts
  • 0 Reply Likes
Everything is awesome now! Thnx!
Photo of Garyk Hansen

Garyk Hansen

  • 1 Post
  • 0 Reply Likes
Head to the system tab and you're able to set up the network which has many distinct techniques such as Dial-Up link or DSL strategy. There are lots of methods in which the server configuration that is internet can be hardened by us. There is A server part of the community. The internet server is an essential portion of a internet program as it's the entry point of each HTTP requests. My customers only cover their domain, yet they receive a fantastic deal more life insurance policy than they bargained for. It would likewise be attractive to certain clients who'd feel more in charge of the account. It's very good for the clients of the sections of the system which are down.

A VPN needs to be used for tasks. Each router includes lots of default settings. There is A router comparable to a traffic light. It's the one thing which is not difficult to do it to be fair and can stop attackers to compromise every device in your house. You have to realize that your router as the main Shield or the Wall. Many routers have a firewall which could be enabled in the settings of the router. The router is able to get signals.