Two SSID, 2 different networks

  • 2
  • Question
  • Updated 3 years ago
Hello,

I have two different networks 10.10.10.0/24 and 192.168.0.0/24. The two networks doesn't have any kind of physical connectivity. I only have port access to the two switches and I do not administer both switches. Is there a way for Ruckus to create 2 SSIDs going to each network?
Photo of John Alvero

John Alvero

  • 3 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 2
Photo of Michael Brado

Michael Brado, Official Rep

  • 2167 Posts
  • 299 Reply Likes
You could do this with a standalone AP model that has 2+ Eth ports.
Define 2 Local Subnets and VLANs, and assign one to each port of
the AP, connecting into the switch with that subnet on it. You could
then define two SSIDs, one for each network too.
Photo of John Alvero

John Alvero

  • 3 Posts
  • 0 Reply Likes
Hello Michael,

Standalone is not an option since I run quite a number AP. I am then considering other options even if it requires additional switch / equipment.

Option 1. Best Cast Scenario. How do I go about doing the best case scenario. Kindly list the steps necessary for each network device. I dont need the exact commands, I just need to know what needs to be done.

Options 2. Add an extra switch with VLAN connecting Network 1 and Network 2. Also need the steps necessary for each device. Is this even possible?

Thanks in advance.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2167 Posts
  • 299 Reply Likes
Hi John,

Best practice will require VLAN aware switches, and a router. We recommend
that ZD and APs are used on their own management VLAN/subnet, and that you
tag your client WLAN traffic (Staff/Student) onto different VLAN/subnets, specifying
which VLAN under the WLAN advanced options. This provides Layer2/3 security
and control, and reduces broadcast/multicast domain traffic to/from wired/wireless.
Photo of Bill Burns

Bill Burns, AlphaDog

  • 203 Posts
  • 38 Reply Likes
John:

You have 2 sets of switches administered by different groups that do not cooperate?
Or.. is there some security requirement for physical separation of these 2 subnets?
(that opens a whole other can of worms)

You'll need a "switched infrastructure" (possibly a third set of switches?) to support your APs.

If your APs are supported by one of the 2 sets of isolated switches, you'd need/want some assistance from the adminstrators of those switches re: creating a third wifi management VLAN as Michael suggested.
At that point it should be "just as easy" to create an additional VLAN to support both of your two different subnets on 1 set of switches. (in addition to the third management VLAN)

If you can't get that level of cooperation then you'll need that 3rd set of switches.
You'll have to create a wifi management vlan, a vlan for 10.10.10.x, a vlan for 192.168.0.x, plug one port from each of your isolated subnets into an untagged/"access" port that belongs to the appropriate VLAN for that network.
Attach the ZD controllers (because you're not using "standalone" APs) to an untagged/"access" port that belongs to the wifi/management VLAN.
Plug the APs into VLAN-stacked/802.1q/"trunked" ports that have their untagged/"native" VLAN set to the management/wifi VLAN.
(the other 2 VLANs also need to be allowed/"tagged" on those AP ports)

At this point your third set of switches might be able to replace the original two sets of switches.

Then (as Michael pointed out) if you want to be able to administer your ZD controllers from one of the "two different" subnets, you'll have to have a router connected between one (or both) of those subnets and your wifi management VLAN/subnet.

If your 2 different subnets were separated for security reasons, you will need to understand the security requirements and possibly buy a firewall (in addition or instead of a router) to enforce those requirements.

I hope that helps.
Photo of John Alvero

John Alvero

  • 3 Posts
  • 0 Reply Likes
Hello Michael and Bill,

Thanks for the replies.

I haven't explored the VLAN capabilities of ZD and ZF and I myself need to understand more VLAN concepts. I am attaching a diagram for better understanding.

All of the switches are VLAN-aware but I don't have management control. In the diagram I only have control over the ZD, ZF and Juniper router. Yes the two networks don't cooperate, they are managed by two different groups.