What device to split the VLAN traffic from Ruckus?

  • 1
  • Question
  • Updated 1 week ago
  • Answered
I have a ZD1100 that I need to convert to using VLANs. That's easy enough to tag each ssid to the correct VLAN. All the traffic comes out of the ZD1100 on one connection so I need a way to split that traffic by VLAN onto two different network connections. What is the preferred way to do this? Will a simple VLAN aware switch like a Neatgear GS105E work? I've found lot's of descriptions on how to segment to VLAN inside of Ruckus but nothing on how to separate it onto separation connections.
Photo of Bernard Hunt

Bernard Hunt

  • 3 Posts
  • 0 Reply Likes
  • happy, learning new things.

Posted 1 week ago

  • 1
Photo of Albert Pierson

Albert Pierson, Employee

  • 84 Posts
  • 78 Reply Likes
Hello Bernard,

Are you tunneling the traffic to the Zone Director?
This is a option per SSID/WLAN configuration.

If not -then the traffic will exit the AP tagged per configured VLAN for each SSID/WLAN  and the AP needs to be connected to a VLAN aware/configurable switch.  The native/default VLAN should be used for AP to ZD management and any VLAN's tagged in the WLAN configuration must be configured to handle these as tagged VLANs.

It is best not to tunnel traffic to the Zone Director unless you are solving a particular problem with VoIP networks where VLAN's are not configurable across a large network or you need all traffic sent to some remote NOC.  Tunneling traffic to the Zone Director will strain the ZD Ethernet capabilities.

But - if you do have WLAN's tunnel to Zone Director with VLAN's, then the setup on the ZD port is similar to un-tunnel configuration at the AP's - a VLAN aware switch is needed that leaves the ZD to AP VLAN as native/untagged/default and then any VLAN's tagged per WLAN must be carried as tagged.

Also, if you use VLAN's you must configure routed interfaces in your router for each VLAN and include DHCP services for each VLAN in that router  or using DHCP relay to a central DHCP server.

There are many articles on the Support Site Knowledge base that may be helpful, here is a preliminary one:

VLAN Configuration for ZD, AP and for wireless clients 

Placing ZD and APs in VLAN Environment
https://support.ruckuswireless.com/articles/000001571


I hope this information is helpful

Thanks for selecting Ruckus Networks - a Commscope company.





Photo of Bernard Hunt

Bernard Hunt

  • 3 Posts
  • 0 Reply Likes

No I am not tunneling. It's a simple application with two SSIDs offered. One with a VLAN of 1 and the other with a VLAN of 2.


I'm unable to review the documents you recommended. Your website says "We're sorry, but something went wrong.

We've been notified about this issue and we'll take a look at it shortly."

I will try again later.

The main question was looking to see what are others using to sort the traffic into separate wires once it exits the Ruckus system.

Bernie

Photo of Albert Pierson

Albert Pierson, Employee

  • 84 Posts
  • 78 Reply Likes
Hi Bernard,

You cannot use VLAN1 as a "tagged" vlan in the AP - if you select or leave VLAN1 in the WLAN configuration you will send traffic out the AP untagged, so it will be in the same VLAN as the AP to ZD management.  VLAN 1 is the internal untaggged or native VLAN in the Access Points.

The easiest solution is to use a different VLAN for that WLAN if you wish to isolate client traffic from AP to ZD management.

You can modify the AP internal VLAN from 1 to another if your network requires using VLAN1 as tagged out of the AP. This is done on the per AP model configuration in the port settings.



Besides configuring the WLAN with the specific VLAN you wish to carry across the network the rest of the configuration is done in the switch.  You need to configure the ports the AP connects to as a trunk port and enable the VLAN's needed.  You also need to configure your router to provide IP's via DHCP for all service client VLAN's tagged in the WLAN's.   How to configure a particular Switch for VLAN tagging depends on switch manufacturer, so check with their documentation.

I hope this helps

Albert


Photo of Bernard Hunt

Bernard Hunt

  • 3 Posts
  • 0 Reply Likes
Albert,
I'm not sure why we are talking about AP programming. All my programming is done through the ZD. Also I don't want an AP dedicated to a specific VLAN. I need all APs using all SSIDs and the SSIDs dedicated to specific VLANS. Also I wasn't asking how to configure a switch, I'm able to read their manual. I was only asking if one was needed.

The Ruckus system is currently configured but the new VLAN is not passing DHCP trough to the VLAN2 clients. The DHCP is working correctly because I connected a computer to a connector on the switch that was set to VLAN2 and got an IP and DNS.

I will go to work switching the other SSIDs from VLAN 1 to another VLAN before I pursue the DHCP not working.

Bernie

Photo of Albert Pierson

Albert Pierson, Employee

  • 84 Posts
  • 78 Reply Likes
Hi Bernard
I was just providing you how to configure the ZD to configure the AP to allow using VLAN1 tagged - but it is better that you leave it default and use a different tag on the WLAN

But the switch ports that need to have VLAN2 configured as trunk with this VLAN 2 as  tagged are the ports the A's are connecting to as all traffic is locally bridged at AP and not tunneled.  The AP tags traffic incoming on the WLAN/SSID which are then bridged out the AP WAN port as tagged.

A way to test that this port and the AP are configured correctly is to configure the second port of the AP (not the WAN port used to connect to network) to be an access port in VLAN 2 using the configuration page above.  If the AP switch port is configured to carry VLAN 2 as truncked and DHCP services are available on that VLAN then plugging a PC into this second port on the AP should put the PC into VLAN 2 and it should get an IP.  The second port on the AP configured as access in VLAN 2 will take the untagged packets from the PC and then tag them into the configured VLAN on that AP port.  These tagged packets from the PC will egress the AP WAN port as tagged in VLAN 2 allowing DHCP process to operate.

I hope this is clear and I apologize for any previous misunderstanding.

Thanks

Albert