ZD 1200 and ZF R500 Dual Band 802.11 AC Tagged or Untagged

  • 1
  • Question
  • Updated 8 months ago
  • Answered
Hello
New to Ruckus Wifi 
We are setting up a new network, with Wifi using Ruckus ZoneDirector 1200 latest firmware and
ZF R500 Dual Band 802.11 AC  Access points(40)   We have HP switches all layer 2 routing is through a fortinet fortigate100d
We have setup one LWAP vlan for Access Points and ZD
It looks like the ZD1200 needs to be untagged in the LWAP vlan and Tagged for all other Vlans,  Question  Can the Access  Points be untagged/access ports  Example Aruba APs by default send all client traffic back to the controller and the controller puts it on the right VLANs
Any help or pointers appreciated

Craig


Photo of Craig Niedringhaus

Craig Niedringhaus

  • 4 Posts
  • 0 Reply Likes

Posted 8 months ago

  • 1
Photo of krishan

krishan

  • 42 Posts
  • 2 Reply Likes
All port of ap should be tag if u want to pass vlan through ap make then untag
Photo of David Saez

David Saez, Employee

  • 26 Posts
  • 4 Reply Likes
Hi Craig,

You can manage APs on native VLAN 1 or in a different one.
- For managing APs on native VLAN 1, connect the ZD and all the APs in access ports with VLAN 1 (check APs are joined to the ZD and show connected under Monitor > Access Points on ZD GUI).

- To change to a different VLAN, follow the steps below:
  • Under   Configure > Access Points  go to  Access Point Policies, select Management VLAN and select VLAN ID as 20 (this is an example). When applied all the APs will get disconnected.
  • Under  Configure > System  go to Device IP Settings and change ACCESS VLAN* to 20 and Apply
  • Now connect the ZD to a trunk port with VLAN 1 untagged and 20 tagged
  • Connect APs to trunk ports in which VLAN 1 is untagged and 20, 21 , 22.. are tagged
    • Here 21, 22 .. are for configuring WLAN/SSIDs with corresponding VLANs
       
  • Now the APs will join back to ZD and will show connected.

       NOTE:  Make sure there is Inter VLAN routing Enabled between VLAN 1 and VLAN 20 , if you         want to access the ZD or the APs from VLAN 1.

Best Regards.
David.
Photo of Ankush

Ankush, Employee

  • 73 Posts
  • 43 Reply Likes
Hi Craig,

From your question: "Can the Access  Points be untagged/access ports  Example Aruba APs by default send all client traffic back to the controller and the controller puts it on the right VLANs", I understand that you would like to keep your AP's on untagged VLAN, however you would like ZD(controller) to pass Client traffic to the respective VLANs.

For this you would need to assign desired VLAN under WLAN Advance Options and enable Tunnel Mode on the WLAN.


You would further need to tag the same VLAN on the ZD uplink port and if you like to add more WLANs with different VLANs, those VLANs should be tagged on the ZD uplink port.

I hope this answers your concern.

Regards,
-Ankush




Photo of Michael Brado

Michael Brado, Official Rep

  • 3060 Posts
  • 439 Reply Likes
Ankush describes our mechanism to replicate the behaviour you describe. 

Connect APs on untagged VLAN1, and on your Controller's switch port, have a trunk with VLAN1 (untagged) and your required client VLANs (tagged).

Under your WLAN configurations, Advanced Settings, click that Tunnel Mode box and Client traffic will tunnel their traffic back to the controller, and then go out on the correct VLANs.

The alternative, called Local Break Out (LBO), will drop your client traffic at the AP switch port, and in that case, you would need trunks with the client VLANs on each of your AP switch ports.
[ This is the default behavior, if you do not choose to use Tunnel Mode. ]
(Edited)
Photo of karimovic

karimovic

  • 6 Posts
  • 0 Reply Likes
but the  problem if don't go out on the correct VLANs ?
Photo of Ankush

Ankush, Employee

  • 73 Posts
  • 43 Reply Likes
ZD does not alter the client source VLAN and should drop the traffic in the right VLAN. However, if you are seeing this otherwise, please do port-mirror of ZD and AP uplink port and open a support case with us to debug.
Photo of Craig Niedringhaus

Craig Niedringhaus

  • 4 Posts
  • 0 Reply Likes
Thanks for the help  1 issue I experienced early was changing the vlan ID from 1 to  140, our vlan for LWAP I lost connectivity and had to console in and reset to 1      It was in vlan 140 so not sure what happened.  
Photo of Ankush

Ankush, Employee

  • 73 Posts
  • 43 Reply Likes
Hi Craig,

If you change the AP Management VLAN to a Tagged VLAN(140), you would then also need to change the ZD's Management VLAN as described by David in above comment.
Photo of karimovic

karimovic

  • 6 Posts
  • 0 Reply Likes
but how you can change the ZD's Management VLAN ?
>https://tutuapp.uno/ , https://9apps.ooo/ , https://showbox.kim/
(Edited)