Ruckus setup with VLANs ZD1200

  • 1
  • Question
  • Updated 4 months ago
  • Acknowledged
I just got a new Ruckus ZD1200 and some r610 APs. 

I am trying to set it up like this

port 1 has ip 192.168.10.254 that is for management only

port 2 is trunk for guest vlan and corp vlan

I don't see anyway to do this. Is this not possible? I don't want the ZD to have an IP on the guest or corp vlan.

Thank you
Photo of John Kay

John Kay

  • 4 Posts
  • 0 Reply Likes

Posted 4 months ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2570 Posts
  • 351 Reply Likes
Hi John,

    The two Eth ports on your ZD1200 are one logical interface to the controller,
so you can't "define" one on VLAN A with IP-subnet1 address, and one on VLAN
B with IP-subnet2 address.  If you do not want the ZD/APs to be easily accessable
to either SSID clients, define a "Management" VLAN 0 for the ZD/APs, and use
unique VLANs for both of your SSIDs.  You simply need to trunk the two VLANs
in addition to your management VLAN to the ZD/APs.  Client dhcp requests will
go to the server on the specific VLAN.  Does that make sense?  You use ACLs
(on your switch/router) to limit access of the VLAN subnets to whatever targets
you want to permit/deny.
(Edited)
Photo of Diego Garcia del Rio

Diego Garcia del Rio

  • 27 Posts
  • 6 Reply Likes
In addition to the above, you can define a management vlan For the ZD itself.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2570 Posts
  • 351 Reply Likes
Yes, the management VLAN for ZD/APs can be tagged, doesn't have to be 0.
Photo of John Kay

John Kay

  • 4 Posts
  • 0 Reply Likes
Thank you all for the replies.

so let me see if I have this right.

I could just use one of the ports on the ZD

Then on my switch

Untagged(access) vlan 10 for management
tag vlan 2,3,5 for Wireless networks and that's all? Will the ZD see the tagged vlans and I won't have to do anything other than assign the access vlan to each SSID?
Photo of Diego Garcia del Rio

Diego Garcia del Rio

  • 27 Posts
  • 6 Reply Likes
exactly. There is no other specific configuration needed for the user traffic to be tagged. Also, by default, the zone director is NOT tunneling traffic from the AP to the controller, so unless you specifically enable tunneling, the traffic is actually "locally broken out"  at the AP level, so you need to have the APs on "untagged vlan 10 / tagged vlan 2,3,5" 

If you enable tunneling, then the vlan breakout will be done at the ZD level as you describe, but no additional configuration on the ZD is needed other than enabling tunneling.
Photo of John Kay

John Kay

  • 4 Posts
  • 0 Reply Likes
Where can I find some configuration examples? I'm having a lot of issues getting stuff to work. When I have the ports for the ZD1200 and my AP on the Cisco switch set to Trunk vlan 2,3,5,10 and native vlan 10. The ZD and the AP are accessable when the configuration on both are set to Access VLAN1 on the ruckus but if I  change those to 10 it no longer can connect.

I also have the ZD set to auto allow new AP's and it sees the new AP but won't let me edit it and says "This Access Point is not yet approved and connected. Click "Allow" action (if present) and wait for the AP to complete connection."

I get this in the errors "2018/07/05  15:16:43MediumModel[r610] is not supported; connection request from AP[xx:xx:xx:xx:xx:xx] refused
So I'm a little lost.

Thank you all for the help
(Edited)
Photo of Kurt Cedric Salvador

Kurt Cedric Salvador

  • 5 Posts
  • 2 Reply Likes
I guess, they have answered this already, but I am sending you a visualization of the physical setup. Hope it helps :-)

Also, the IP Addresses of the ZD and the APs could either be assigned statically, or dynamically based on your preference.
(Edited)