To configure a Zone Director 1200 should I attach it to a Trunk Port on my core switch so that i can broadcast different VLANs on WIfi

  • 1
  • Question
  • Updated 3 months ago
  • Answered
To configure a Zone Director 1200 should I attach it to a Trunk Port on my core switch so that I can broadcast different VLANs  on Wifi

More so are the access points supposed to be attached on a trunk port or access port to broadcast different SSIDs with different VLANs

I have R500 and T300 and R700  with version Version 200.3.9.13.228 can they be managed by a ZD with 10.1.1.0 build 42

and how do I get the build number of the access points  and is version different from the Bundled Firmware
Photo of George Muddu

George Muddu

  • 2 Posts
  • 0 Reply Likes

Posted 3 months ago

  • 1
Photo of Albert Pierson

Albert Pierson, Employee

  • 59 Posts
  • 48 Reply Likes
Hi George,

You only need to connect the Zone Director to a Trunk port carrying WLAN service VLAN's if you plan to tunnel traffic from the AP's to the ZD.  In general tunnel is only useful to solve some specific Layer 3 issues or if you require all data be sent to the data center.

Normally WLAN's/SSID's are configure for local breakout so that traffic from clients connected to those WLAN's exit the AP directly into the local network. In this case if you plan to segregate client traffic into different VLANs then the AP's must be connected to Trunk ports that carry these VLAN's as tagged.  When you configure a WLAN/SSID with a VLAN client traffic sent to the AP will be tagged on egress into the AP and will be forwarded out the WAN port (normally the Ethernet port except with mesh which is always a trunk connection) tagged as configured.

For simplified installation it is best to leave the AP management as untagged.  This will put AP management traffic, including ZD control, into the switch port on the native VLAN.  This can be tagged in the switch if needed by network design, but requiring AP's to tag management traffic makes installing AP's and dealing with factory defaulted AP's more complicated as by default AP management traffic is untagged.

Those AP models are supported on ZD version 10.1.1.0.
Which AP's are supported on a given version of ZD code can be determined by reading the Release notes for each ZD version.  Release notes are available on the support site.

Code 200.3 is unleashed code.  As far as I know you must first upgrade these AP's to standalone code (version 100.x)  to connect to a ZD. Please check this article:
Converting Ruckus Unleashed AP to Standalone AP 

https://support.ruckuswireless.com/articles/000005193


Once AP's Discover the ZD (by being in same IP subnet/vlan, using DHCP option43 or using manual command set director ip <zd_ip> they will automatically be upgraded to the same version of code running on the ZD.  Usually the bundled AP version is the same as the ZD version but it can be different. This can be checked on ZD from the Administer::Upgrade page using the "click here" link in the text

Your current software version is 10.0.1.0 build 35. To see the access points that can be managed, click here

Current Software


I hope this answers your questions.

Thanks for choosing Ruckus Networks, an Arris company.







Photo of George Muddu

George Muddu

  • 2 Posts
  • 0 Reply Likes
Thanks for such a detailed approach, though am trying to upgrade R500 to stand alone firmware using the zipped file from RUckus Portal of Release_100.1.0.0.194_All_AP_Images.zip but am getting an error Upgrade/Downgrade from FSI to UI is not allowed.
Photo of Albert Pierson

Albert Pierson, Employee

  • 59 Posts
  • 48 Reply Likes
Hi George,

To improve security Ruckus introduced certificate sighed firmware image to prevent introducing a hacked version of code into the AP.

There are 3 types of firmware versions:
UI -Unsigned Image - original type without certificate signed
ISI - Intermediate signed certificate - a bridge between UI and FSI allowing upgrade or downgrade to either.
FSI - Fully Signed Certificate

The rules are you can only upgrade or downgrade from FSI to ISI or from UI to ISI

AP standalone code 100.x is UI code so you cannot download an FSI image.

Starting in version 104.x AP images are ISI.

So try using a newer version of AP code (104 or above)

To verify which type of AP firmware you have you can use the: fw show all command from the AP CLI

ZD AP code 9.13. and Unleashed 200.2 introduced as ISI, either of these version can be used as bridges to newer FSI version of firmware or to go back to older UI versions of code.

This data should be available in the Release notes for each version

https://support.ruckuswireless.com/documents/1134-access-point-104-0-0-0-1347-release-notes

 Page 8



• AP Image Signing

Improves security by requiring verification of AP firmware images to ensure the

file has not been modified and that the source code executed by the system is

authentic code provided by Ruckus Wireless.


I hope this helps you solve your problems.

Thanks





Photo of Tim Brumbaugh

Tim Brumbaugh

  • 11 Posts
  • 8 Reply Likes
The main reason people tunnel traffic back to the ZD is for Guest traffic so that across an L3 network guest traffic is in a tunnel and then dumped out of the ZD onto a vlan that is then untagged onto a port on the firewall as a DMZ so that it cannot touch the corporate network. So unless you are tunneling traffic back to the ZD then normally the port connected to the ZD is an access port or untagged on the vlan you want it to be on for management and the same one the AP's are untagged on (normally).