ZoneDirector failure mitigation questions & feature request

  • 1
  • Question
  • Updated 3 years ago
I'm new to the Ruckus setup and am configuring a ZD 3000 for deployment next week. I would love to take advantage of some of the fancy security and accounting features but I am also concerned about a ZD failure and losing the wireless network. For cost reasons, I want to avoid buying a second ZD 3000 for an HA setup.

It is my understanding that using the Zero-IT and AD-integration options require the ZD to be available at all times, so if the ZD went down then so do WLAN authentications. Am I correct in this assumption? Now, with the new option in 9.8 to create autonomous WLANs with basic authentication, I think it would be great to have the Zero-IT WLAN active at all times but also a "dormant" autonomous WLAN, and if an AP cannot contact the ZD it then turns on the autonomous WLAN. You have decreased security during the outage but clients can still access the network. Think of it as a "fail-open" option. I would only want the less secure autonomous WLAN to be on during the failover situation. Can this be done now, or is there another way to get the desired effect? If it can't then I think this would be a useful feature to have. It would make the autonomous WLANs much more useful and bridge the gap with controller-less WLANs
Photo of B4BTech

B4BTech

  • 7 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 1968 Posts
  • 275 Reply Likes
You have accurately described the purpose of Autonomous WLAN, to be available to provide local resource access to wireless clients when the link to ZD is down. You must use an Open Auth or WPA-PSK for this type of WLAN.
Photo of B4BTech

B4BTech

  • 7 Posts
  • 0 Reply Likes
I understand that. My point was that it would be a great feature to configure an autonomous LAN, have it inactive on APs by default and use a more secure authentication method. If the ZoneDirector failed or was unreachable then the APs would "fail-open" and activate their autonomous WLANs for use in a disaster-recovery scenario. 99% of the time you would be using very secure authentication when the ZD is available, but only 1% of the time (in an outage scenario) would you be exposing plain WPA2-PSK.