Using 3rd party AP as a bridge to existing Ruckus network

  • 2
  • Question
  • Updated 4 months ago
  • Answered
Hi.

Hopefully this is an easy question for someone to field and the answer will be straight-forward.

I need to extend wi-fi coverage to an out-building at our premises. A supplier has shipped a TP-Link AP (TL-WA801ND) for this purpose. I have no spare Ruckus AP.
I've set it up in 'Repeater' mode, and authenticated it against the nearest Ruckus AP on one of our SSIDs. However, it can't then be seen over our wi-fi network, and the ZoneDirector lists it as a Rogue device.
Is there any way of making this 'trusted' and getting it working, or am I flogging a dead horse, and I should just go and get myself a further Ruckus AP?

Thanks in advance,

Dan
Photo of Dan Butler

Dan Butler

  • 2 Posts
  • 0 Reply Likes

Posted 5 months ago

  • 2
Photo of Albert Pierson

Albert Pierson, Employee

  • 121 Posts
  • 103 Reply Likes
Hi Dan,

Since this wireless client bridge is re-transmitting the same SSID as the Ruckus Network it will be detected as a malicious SSID spoofing rogue. If you have WIPS - rogue mitigation or rogue detection - turned on then the Zone Director system will try to block clients from connecting to this device.  If you wish to use a non Ruckus device that transmits the same SSID as the Zone Director system you need to turn off WIPS or rogue prevention feature on the wireless client bridge.

Wireless Client Bridges normally operate in 3 modes:

1. Router - were the device connects to the existing (Ruckus) network but usually transmits a different SSID and acts as a gateway router -providing different IP addresses via DHCP and usually acting as a NAT gateway
2 Spoofing Bridge - where the device connects to the existing (Ruckus)  network as a wireless client and then use it's own MAC address to bridge traffic to the upstream network, so all traffic from clients connected behind the bridge are seen with the same MAC address of the bridge.  This may work with Ruckus AP's but many networks will reject this traffic when traffic from multiple IP addresses are seen with the same MAC. The wired network may block this traffic.  This is not a recommended option
3. Transparent Bridge - in this mode the device connects to the existing (Ruckus) as a standard 802.11 client but then uses the WDS mode 4 frame to send each packet with the original end user MAC encapsulated with the bridge device MAC, so traffic from these devices is seen on the upstream network with the individual and original MAC and IP of the end user device.  This mode must be supported by the Access Points and Ruckus Zone Director supports this mode by default. This is the mechanism used for Ruckus MESH connectivity  The Ruckus AP's need to recognize that this mode is in operation and create a table to translate the packets from the Client Bridge to the upstream network.  This should work without additional configuration.

Of course - using another Ruckus AP controlled by the Zone Director and operating as MESH is the best solution, eliminating all the above complications and limitations and providing the Worlds Best WiFi experience.

You may find the following Knowledge Base articles helpful:

Ruckus WDS with third party wireless bridge 

Can any third party wireless bridges be used with Ruckus? Maybe, under certain conditions.
https://support.ruckuswireless.com/articles/000003332

rogue client detection 

Is Ruckus ZD able to detect ad-hoc connection or any hotspot service initiated by the wireless client?
https://support.ruckuswireless.com/articles/000001715


I hope you find this information helpful,

Thanks for choosing Ruckus Networks products - a Commscope company.




Photo of Dan Butler

Dan Butler

  • 2 Posts
  • 0 Reply Likes
Hi Albert.

Many thanks for your swift reply, and sorry for not getting back sooner.

In the end I have decided to just mesh with a spare Ruckus AP that we were able to free-up from elsewhere, as per your last suggestion.

Kind regards,

Dan