Ruckus Wireless Wireless ZoneDirector User Manual
User Guide
Ruckus Wireless ZoneDirector
Release 3.0
Legal Information
Copyright © 2007 Ruckus Wireless, Inc. All rights reserved.
Trademarks
Ruckus Wireless ZoneDirector, ZoneFlex, 2825, BeamFlex, MediaFlex, MediaFlex 2900 Multimedia Access Point, MediaFlex 2501
Multimedia Wireless Adapter, 2825 Wireless Multimedia Router,
2111 Wireless Multimedia Adapter, and 2211 Metro Broadband
Gateway are trademarks of Ruckus Wireless Web Interface
All other brands and product names are registered trademarks of
their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function,
and/or reliability, Ruckus Wireless, Inc. reserves the right to make
changes to the products described in this document without
notice.
Ruckus Wireless, Inc. does not assume any liability that may
occur due to the use or application of the product(s) or circuit layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice:
Radio Frequency Notice
The device has met the FCC 15.247 requirement. In order to comply with the FCC RF exposure requirement, the user must keep
20cm away from the antenna.
This device has been tested and found to comply with the limits
for a Class B digital device, pursuant to part 15 of the FCC Rules.
These limits are designed to provide reasonable protection
against harmful interference in a residential installation. This
device generates, uses, and can radiate radio frequency energy
and, if not installed and used in accordance with the instructions,
may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this device does cause harmful interference
to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from
that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Changes or modifications not expressly approved by the party
responsible for compliance could void the user’s authority to operate the equipment.
Information to the User
The user’s manual or instruction manual for an intentional or unintentional radiator shall caution the user that changes or modifications not expressly approved by the party responsible for
compliance could void the user’s authority to operate the equipment. In cases where the manual is provided only in a form other
than paper, such as on a computer disk or over the Internet, the
information required by this section may be included in the manual
in that alternative form, provided the user can reasonably be
expected to have the capability to access information in that form.
Part number: RKS1-ZDUG-12202007-001
EDITION: December 20, 2007 -- vABC
Contact Information
Ruckus Wireless
880 West Maude Ave, Suite 101
Sunnyvale, CA 94085
USA
Support
http://support.ruckuswireless.com
Web
http://www.ruckuswireless.com
ii
Contents
Introducing ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
ZoneDirector Device Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Overview of a Ruckus Wireless Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Using the WebUI Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
About Ruckus WLAN Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Controlling Device Permissions: Blocking and ACLs . . . . . . . . . . . . . . . . . . . 7
System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Changing the Network Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Changing the System Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Updating the Internal Clock. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Changing the System Log Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Setting up Email Alarm Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Customizing the Guest “Login” Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Upgrading ZoneDirector and ZoneFlex APs . . . . . . . . . . . . . . . . . . . . . . . . 15
Working with Backup Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Restoring the ZoneDirector to the Factory Default State. . . . . . . . . . . . . . . 17
Managing a Wireless Local Area Network . . . . . . . . . . . . . . . . . . . . . . . . 19
An Overview of Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Customizing Ruckus WLAN Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Setting Dynamic Pre-Shared Key Expiration . . . . . . . . . . . . . . . . . . . . . . . 24
Configuring Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Creating a New WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Creating a New WLAN for Workgroup Use . . . . . . . . . . . . . . . . . . . . . . . . . 30
Adding New Access Points to the WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Reviewing the Current Access Point Policies . . . . . . . . . . . . . . . . . . . . . . . 33
Editing Access Point Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Deploying ZoneDirector WLANs in a VLAN Environment . . . . . . . . . . . . . . . 34
Blocking Client Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Optimizing Access Point Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Managing User and Guest Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Using an External Authentication Server . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Adding New User Accounts to ZoneDirector. . . . . . . . . . . . . . . . . . . . . . . . 42
Managing Current User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Creating New User Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
iii
Configuring System-Wide Guest Access Policy . . . . . . . . . . . . . . . . . . . . . . 45
Managing Guest Pass Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Activating Web Authentication of Users . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Managing Automatically Generated User Certificates and Keys . . . . . . . . . . 50
Monitoring Your Wireless Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Reviewing the ZoneDirector Monitoring Options. . . . . . . . . . . . . . . . . . . . . 52
Importing a Map View Floorplan Image. . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Using the Map View Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Reviewing Current Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Reviewing Recent Network Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Clearing Recent Events/Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Reviewing Current User Activity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Monitoring Access Point Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Detecting Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Evaluating and Optimizing Network Coverage . . . . . . . . . . . . . . . . . . . . . . 59
Customizing Background Radio Frequency Scans . . . . . . . . . . . . . . . . . . . . 60
Setting Administrator Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Changing the ZoneDirector Administrator User Name and/or Password . . . . 63
Changing the Language Used in WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Upgrading the License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Troubleshooting Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Troubleshooting Failed User Logins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Fixing User Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Diagnosing Poor Network Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Starting a Radio Frequency Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Reviewing Self Healing and Intrusion Prevention Options . . . . . . . . . . . . . . 70
Generating a Debug File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Restarting an Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Restarting the Ruckus ZoneDirector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
iv
CHAPTER 1
Introducing ZoneDirector
The Ruckus ZoneDirector serves as a central control system for Ruckus ZoneFlex access
points (also refered to as APs). The ZoneDirector provides simplified configuration and
updates, WLAN security control, RF management and automatic coordination of Ethernetconnected APs.
The ZoneDirector also integrates network, RF and location management within a single system. User authentication is accomplished with an integrated captive portal and internal
database, or forwarded to existing AAA servers such as RADIUS or ActiveDirectory. Once
users are authenticated, client traffic is not required to pass through the ZoneDirector
thereby eliminating potential bottlenecks as higher speed Wi-Fi technologies, such as
802.11n, emerge.
In addition, the ZoneDirector supports rogue AP detection and the ability to blacklist client
devices from the network—all of which are easily configured and enabled system-wide.
When multiple APs are in close proximity, the Ruckus ZoneDirector automatically controls
the power and the channel settings on each AP to provide the best possible total coverage
and resiliency.
This user guide provides complete instructions for use of the Ruckus Wireless WebUI, the
wireless network management toolbox for ZoneDirector. With WebUI, you can customize and
manage all aspects of ZoneDirector and the network. You’ll find all management tasks have
been organized as categories and topics in the Contents page.
1
Ruckus Wireless ZoneDirector User Guide | Introducing ZoneDirector
ZoneDirector Device Features
The ZoneDirector device features the following:
• Power: Press button to turn on/off device.
• Status
• Two 10/100/1000 Ethernet Ports
• Console: DB-9 port
• Reset: Use to reset the ZoneDirector. This is a normal reset and does not set AP back to
factory defaults.
• (Not pictured) Power connection in rear
FIGURE 1-1
10/100/1000 LED Status
• If off
• If steady amber
• If flashing amber
• If steady green
• If flashing green
• Port is not connected.
• Ethernet port is connected to 10Mbs Layer 2 device.
• Ethernet port is passing traffic to a 10Mbs Layer 2 device.
• Ethernet port is connected to 100Mbs Layer 2 device.
• Ethernet port is passing traffic to a 100Mbs Layer 2 device.
2
Ruckus Wireless ZoneDirector User Guide | Introducing ZoneDirector
Overview of a Ruckus Wireless Network
Your new Ruckus wireless network starts when you disperse a number of Ruckus Access
Points (APs) to efficiently cover your worksite. After connecting the APs to your Ruckus
ZoneDirector (through network hubs or switches), and completing the “zero IT” setup, you
have a secure wireless network for both registered users and guest users.
NOTE
After using WebUI to set up user accounts for staff and other authorized users, your WLAN
can be put to full use, enabling users to share files, print, check email, and more. And as a
bonus, guest workers, contractors and visitors can be granted controlled access to your
Ruckus WLAN with a minimum of setup.
You can now fine-tune and monitor your network through the WebUI, which assists you to
customize additional WLANs for authorized users, manage your users, monitor the network's
safety and performance, and even expand your radio coverage, if needed.
“Zero IT” refers to the ZoneDirector’s simple setup and ease-of-use features allowing end
users to configure wireless settings from a Windows XP/Vista client without aid of IT staff.
Using the WebUI Features
The ZoneDirector administrative application is divided into four components that you can
use to manage and monitor your Ruckus WLAN (including the ZoneDirector and all APs).
When you first log into your ZoneDirector with WebUI, the Dashboard appears, displaying a
number of widgets containing indicators and tables that summarize the network and its current status. Each indicator, gauge or table provides links to more focused, detailed views on
Dashboard
elements of the network.
Widgets
Tab s
Buttons
Workspace
[* = Except for the Dashboard.]
TIP: You can minimize (hide) any of the tables or indicators in the Dashboard, then reopen
them by means of the Widget options in the lower left corner.
Widgets are Dashboard components, each containing a separate indicator or table as part
of the active dashboard. Each widget can be added or removed to enhance your ZoneDirector Dashboard summary needs.
Click any of the four tabs (Dashboard, Configure, Monitor, and Admin) to take advantage of
related collections of features and options. When you click a tab, ZoneDirector displays a
collection of tab-specific buttons*. Each tab's buttons are a starting point for Ruckus Wireless network setup, management, and monitoring. Note: if you click any of the three tabs,
the Dashboard becomes available as a fourth tab.
The left-side column of buttons varies according to which tab has been clicked. The buttons
provide features that assist you in managing and monitoring your network. Click a button to
see related options in the workspace to the right.
The large area to the right of the buttons will display specific sets of features and options,
depending on which tab is open and which button was clicked.
3
Ruckus Wireless ZoneDirector User Guide | Introducing ZoneDirector
Navigating the Dashboard
The Dashboard offers a number of self-contained indicators and tables that summarize the
network and its current status. Some indicators have values that link to more focused,
detailed views on elements of the network.
FIGURE 1-2
The following indicators are provided:
NOTE
• System Overview: ZoneDirector system information
• Devices Overview: Devices managed by the ZoneDirector, as well as clients connected to
those managed devices
• Usage Summary: Details on connected clients and transmission information
• Most Active Client Devices: Identification of most active clients by MAC address, IP
address, and user names. The usage is the total Rx and Tx byte counts by a user since first
connection.
• Most Recent User Activities: Audit log of activities performed by users on client
machines
• Most Recent System Activities: System activities related to ZoneDirector operation
• Most Frequently Used Access Points: Access points serving the most client requests
Some indicators may not be present upon initial view. The Add Widgets feature, located at
the bottom left of the screen, enables you to show or hide indicators. See “Using Indicator
Widgets” on page 5.
4
Ruckus Wireless ZoneDirector User Guide | Introducing ZoneDirector
• Currently Active WLANs: Details of currently active ZoneDirector WLANs
• Currently Managed APs: Details of the access points currently managed by the ZoneDirector
• Support: Ruckus support information
Using Indicator Widgets
Dashboard widgets represent the indicators displayed as part of the active dashboard. Indicator widgets can be added or removed to enhance your ZoneDirector summary needs.
Adding a Widget
To add widgets, do the following:
1 Go to the Dashboard.
2 Click Add Widgets from the bottom left of the Dashboard page.
FIGURE 1-3
The Widgets pane opens to the left of the Dashboard.
3 Select any Widget icon and drag and drop it onto the Dashboard to add the widget. If
you have closed a widget, it appears in this pane.
5
Ruckus Wireless ZoneDirector User Guide | Introducing ZoneDirector
4 Click Finish in the Widgets pane to close it.
FIGURE 1-4
Removing a Widget
To remove an indicator widget, click the red x icon for any of the indicator widgets presently open on the Dashboard.
About Ruckus WLAN Security
After your initial setup, your Ruckus wireless network connects all authorized users by
default to your internal WLAN. This WPA-based WLAN is configured to provide secure coverage for all authorized users. (A companion “guest” WLAN provides clear-text but controlled
access for guest users.) But Ruckus offers other security options that can be applied to the
internal WLAN through ZoneDirector. These options range from a less-secure WEP key-based
configuration, through the default WPA passphrase-based configuration to a higher-security,
certificate-based 802.1x EAP configuration. Your choice mostly depends on what kinds of client authentication your users' client devices support.
For example, some of your WLAN users may be limited to a WEP-based security system by
their client devices (computer or wireless network adapter). With WebUI, you do have
options: You can regress the existing internal configuration from WPA to the less-secure WEP,
or add a custom WLAN with WEP options for those users who require WEP, while retaining
the original, more secure internal WPA configuration for the rest of your users. Or, you can
replace the default WPA setup with a secure authentication/encryption methodology, 802.1x
EAP.
One drawback to 802.1x is the more labor-intensive setup, requiring (among other tasks) the
transfer of root certificate copies to your users, who must then import the certificates into
their client devices. This will prove disruptive if you have a large user audience already
using your network.
6
Ruckus Wireless ZoneDirector User Guide | Introducing ZoneDirector
The ZoneDirector supports one or more WLANs, and if you need to add a WEP WLAN for
those users, in addition to your WPA internal WLAN, you can easily do so. User could utilize
the Zero-IT Activation to obtain the WEP key automatically or could manually enter the WEP
key in their client device wireless configuration.
If you like the security of the default configuration, you can take advantage of customizable
options that have no disruptive effect on your current users' connections.
All three basic options (WEP, WPA and 802.1x) are detailed in “Creating a New WLAN” on
page 26, and you can learn how to apply them to your Ruckus WLAN in the same section.
Controlling Device Permissions: Blocking and ACLs
The ZoneDirector features a block list as well as access control list (ACL) functionality to
control network permissions.
• Block List: When users log into a ZoneDirector network, their client devices (for example,
laptop computers and PCs) are recorded and tracked. If, for any reason, you need to
block a client device from network use, you can do via the ZoneDirector WebUI. For more
on configuring the block list, see “Blocking Client Devices” on page 36.
• ACLs: Access control lists establish which devices based on their MAC addresses are
allowed to associate to a ZoneDirector-managed AP. By using the Configuration > Access
Control options, you define Layer 2 ACLs, also known as MAC address ACLs, which can
then be applied to one or more ZoneDirector WLANs. ACLs are either allow-only or denyonly; that is, an ACL can be set up to allow only specified clients or to deny only specified
clients. For more on configuring ACLs, see “Configuring Access Control Lists” on page 24.
Note the following ZoneDirector rules:
• The block list is system-wide, and is applied to all WLAN’s in addition to the per-WLAN
ACL. If a MAC address is listed in the system-wide block list, it will be blocked even if it is
an allowed entry in an ACL. Thus, the block list take precedence over an ACL.
• MAC addresses that are in the deny list are blocked at the AP, not at the ZoneDirector.
7
System Configuration
Chapter Contents
• “Changing the Network Addressing” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
• “Changing the System Name” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
• “Updating the Internal Clock” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
• “Changing the System Log Settings” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
• “Setting up Email Alarm Notification” . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
• “Customizing the Guest “Login” Page” . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
• “Upgrading ZoneDirector and ZoneFlex APs” . . . . . . . . . . . . . . . . . . . . . . . 15
CHAPTER 2
• “Working with Backup Files” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
• “Restoring the ZoneDirector to the Factory Default State” . . . . . . . . . . . . . 17
8
Ruckus Wireless ZoneDirector User Guide | System Configuration
Changing the Network Addressing
If you need to replace or update the network settings for your Ruckus ZoneDirector, follow
these steps.
ALERT!
1 Go to Configure > System.
2 Review the Management IP options.
As soon as the IP address has been changed (applied), you will be disconnected from your
WebUI connection to the ZoneDirector. You can log in again with WebUI by using the new IP
address in your web browser.
FIGURE 2-1
3 Select one of the following:
• Manual: If you select Manual, enter the correct information in the now-active
fields (IP Address, Netmask, and Gateway are required).
• DHCP. If you select DHCP, no further information is required.
4 Click Apply to save your settings.
You will lose connection to the ZoneDirector.
5 To log back in to the WebUI, use the newly assigned IP address in your web browser or
use the UPnP application to re-discover the ZoneDirector.
9
Ruckus Wireless ZoneDirector User Guide | System Configuration
Changing the System Name
When you first worked through the Setup Wizard, you were prompted for a network-recognizable system name for the Ruckus ZoneDirector. If needed, you can change that name by
following these steps:
1 Go to Configure > System.
2 In the Identity options, delete the text in the System Name field and type a new
name.
The name should be between 6 and 32 characters in length, using letters, numbers,
underscores (_) and hyphens (-). Do not use spaces or other special characters.
FIGURE 2-2
3 Click Apply to save your settings. The change goes into effect immediately.
Updating the Internal Clock
The internal clock in your Ruckus ZoneDirector is automatically synchronized with the clock
on your administration PC during the initial setup. You can use the WebUI to check the current time on the internal clock, which shows up as a static notation in the Configure tab
workspace. If this notation is incorrect, you can re-synchronize the internal clock to your PC
clock immediately.
Another option is to link your ZoneDirector to an NTP server (as detailed below), which provides continual updating with the latest time.
1 Go to Configure > System.
2 In the System Time features you have the following options:
• Refresh—Click this to update the ZoneDirector display (a static snapshot) from
the internal clock.
• Synch Time with your PC Now—If needed, click this to update the internal
clock with the current time settings from your administration PC.
• Use NTP... [Active by default]—Click this checkbox to deactivate this option.
10
Ruckus Wireless ZoneDirector User Guide | System Configuration
3 Click Apply to save the results of any resynchronizations or NTP links.
Changing the System Log Settings
The Ruckus ZoneDirector maintains an internal log of current events and alarms. This file
has a fixed capacity; at a certain level, the ZoneDirector will start deleting the oldest
entries to make room for the newest. This log is volatile, and the contents will be deleted if
the ZoneDirector is powered down. If you want a permanent record of all logging activities,
you can set up your syslog server to receive log contents from the ZoneDirector, then use
the WebUI to direct all logging to the syslog server—as detailed in this topic.
FIGURE 2-3
Reviewing the current log contents
1 Go to Monitor > All Events/Activities.
2 Review the events and alarms listed here. See “FIGURE 2-4” on page 12.
NOTE The entries are in reverse chronological order—latest at the top.
3 Click a column header to sort the contents by that category.
4 Click any column twice to switch chronological or alphanumeric sorting modes.
11
Ruckus Wireless ZoneDirector User Guide | System Configuration
FIGURE 2-4
Checking the current log settings
You can review and customize the log settings by following these steps:
1 Go to Configure > System.
2 Scroll down to Log Settings.
3 Make your selections from these syslog server options:
Event Log Level Select one of the three logging levels— “Show more”, “Warning
and Critical Events”, or “Critical Events Only”.
Remote Syslog Click the checkbox by Enable reporting to remote syslogd at to
enable syslog logging.
Click in the text field and enter the IP address of the syslog
server.
FIGURE 2-5
4 Click Apply to save your settings. The changes go into effect immediately.
12
Ruckus Wireless ZoneDirector User Guide | System Configuration
Setting up Email Alarm Notification
If an alarm condition is detected, the Ruckus ZoneDirector will record it in the event log. If
you prefer, an email notification can be sent to a configured email address of your choosing.
To activate this option, follow these steps:
1 Go to Configure > Alarm Settings.
When the Alarm Settings page appears, the Email Notifications features appear.
FIGURE 2-6
2 Click the Send an email message checkbox to activate this option.
3 Type the email address in the Email Address text field.
4 Enter the IP address of your mail server at Mail Server IP Address.
5 Click Apply. The email notification feature becomes active immediately.
13
Ruckus Wireless ZoneDirector User Guide | System Configuration
Customizing the Guest “Login” Page
You can customize the guest user login page, to display your corporate logo and to note
helpful instructions, along with a “Welcome” title. If you want to include a logo, you'll need
to prepare a web-ready graphic file, in one of three acceptable formats (.JPG, .GIF or
.PNG). Make sure the logo is no bigger than two inches long on any side, or larger than
200kB.
1 Go to Configure > Guest Access.
2 Locate the Web Portal Logo features.
FIGURE 2-7
3 If your logo is ready for use, click Browse to open a dialog box that you can use to
import the logo file. (ZoneDirector will notify you if the file is too large—height or
width).
4 Locate the Guest Access Customization features.
FIGURE 2-8
5 (Optional) Delete the text in the Title field and type a short descriptive title or “wel-
come” message.
6 Click Apply to save your settings. A “Setting applied!” confirmation message briefly
appears.
14
Ruckus Wireless ZoneDirector User Guide | System Configuration
Upgrading ZoneDirector and ZoneFlex APs
Check the Ruckus Wireless Support web site on a regular basis, for updates and upgrades
that can be applied to your Ruckus network devices—to ZoneDirector and all your Ruckus
ZoneFlex APs. After downloading any upgrade package to a convenient folder on your
administrative PC, you can complete the network upgrade (of both ZoneDirector and APs) by
following the steps detailed below.
NOTE
1 Go to Admin > Upgrade.
2 When the Software Upgrade features appear, click Browse.
3 When the Browse dialog box appears, use it to locate and open the upgrade package.
4 When the upgrade file name appears in the text field, the “Browse” button is trans-
formed into the “Upgrade” button.
Start this procedure at an off-peak time, to lessen the impact of network connection disruption.
FIGURE 2-9
5 Click Upgrade.
The ZoneDirector will automatically log you out of the WebUI, run the upgrade, then
restart itself.
6 When the Status LED on the device is steadily lit, you can log back in as Administrator
to the WebUI.
NOTE
The full network upgrade is successive in sequence. After the ZoneDirector is upgraded, it
will contact each active AP, upgrade it, then restore it to service.
15
Ruckus Wireless ZoneDirector User Guide | System Configuration
Working with Backup Files
After you have set up and configured your Ruckus wireless network, you may want to back
up the full configuration. The resulting archive can be used to restore your ZoneDirector and
network. And, whenever you make additions or changes to the setup, you can create new
backup files at that time, too.
Backing up a network configuration
1 Go to Admin > Backup.
FIGURE 2-10
2 In the Backup Configurations workspace, click Backup.
3 When the File Download dialog box appears, click Save.
4 When the Save As dialog box appears, enter a name for this archive file, pick a desti-
nation folder, then click Save.
5 Make sure the filename ends in a “.TGZ” extension.
6 When the Download Complete dialog box appears, click Close.
Restoring archived settings to the ZoneDirector
1 Go to Admin > Backup.
2 Review the Restore Configurations instructions, then click Browse. See “FIGURE 2-10”
on page 16.
3 Use the Browse dialog box to locate and open the appropriate backup archive file.
4 Click the Restore button.
While restoration is in progress, you will be logged out of the ZoneDirector.
When restoration to the archived configuration is complete, the ZoneDirector will be
automatically restarted and your network will be ready for use.
16
Ruckus Wireless ZoneDirector User Guide | System Configuration
Restoring the ZoneDirector to the Factory Default State
In certain extreme conditions, you may want to reinitialize the Ruckus ZoneDirector, and
reset it to the "factory default" state. In such a state, the network is almost ready for use,
but all your user/guest/log and other records, accounts and configurations would all need to
be manually re-configured.
ALERT!
To reset your ZoneDirector to factory default settings, follow these steps:
1 Go to Admin > Backup.
When this procedure is complete, you will need to redo a complete setup. If the ZoneDirector
is on the live network, a new IP address may be assigned to the system. In this case, the
system can be discovered by an UPnP client application, such as Windows My Network
Places. If there is no DHCP server on the connected network, the system's default IP
address is “192.168.0.2” with subnet mask “255.255.255.0”. A complete set of instructions is
available in the Quick Start Guide (QSG). Before starting this “factory default settings” restoration, you should open and print out the QSG pages. You can follow those instructions to
set up the ZoneDirector after a factory-default state has been restored.
FIGURE 2-11
2 When the Backup/Restore page appears, look for Restore Factory Default System
Settings, and click the button.
3 Owing to the drastic effect of this operation, one or more confirmation dialog boxes
will appear. Click OK to confirm this operation.
When this process begins, you will be logged out of the WebUI.
When the reset is complete, the Status LED is a blinking red, then a blinking green,
indicating that the system is in the “factory default” state. After you complete the
Setup Wizard, the Status LED will be steady green.
17
Ruckus Wireless ZoneDirector User Guide | System Configuration
Alternate factory default reset method
If you are unable to complete a software-based resetting of the Ruckus ZoneDirector, you
can do the following “hard” restoration:
NOTE Do not disconnect the ZoneDirector from any power source until this procedure is complete.
1 Look for a pinhole on the right side of the front panel of the ZoneDirector.
2 Insert a straightened paper clip in the hole and press for at least 5 seconds.
After the reset is complete, the Status LED is a blinking red, then a blinking green,
indicating that the system is in a “factory default” state.
After you complete the Setup Wizard, the Status LED will be steady green.
18
Managing a Wireless
LocalAreaNetwork
Chapter Contents
• “An Overview of Wireless Networks” . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
• “Customizing Ruckus WLAN Security” . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
• “Setting Dynamic Pre-Shared Key Expiration” . . . . . . . . . . . . . . . . . . . . . . 24
• “Configuring Access Control Lists” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
• “Creating a New WLAN” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
CHAPTER 3
• “Creating a New WLAN for Workgroup Use” . . . . . . . . . . . . . . . . . . . . . . . . 30
• “Adding New Access Points to the WLAN” . . . . . . . . . . . . . . . . . . . . . . . . . 31
• “Reviewing the Current Access Point Policies” . . . . . . . . . . . . . . . . . . . . . . 33
• “Reviewing the Current Access Point Policies” . . . . . . . . . . . . . . . . . . . . . . 33
• “Blocking Client Devices” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
• “Optimizing Access Point Performance” . . . . . . . . . . . . . . . . . . . . . . . . . . 37
19
Ruckus Wireless ZoneDirector User Guide | Managing a Wireless Local Area Network
An Overview of Wireless Networks
When your Ruckus ZoneDirector setup is complete, you have a fully functional wireless network, based on two secure WLANs (“internal” and “guest”) with access for authorized users
and guests. The internal WLAN provides “zero IT” connectivity for “standard” client
devices, those computers running Windows XP/SP2 and utilizing WPA-ready NICs.
There are two scenarios in which you create additional WLANs, in addition to the internal
WLAN: (1) To limit certain WLANs to groups of qualified users, to enhance security and efficiency. For example, an “Engineering” WLAN with a closed roster of users.) Or, (2) to configure a specific WLAN with different security settings. For example, you may need a WLAN
that utilizes WEP encryption for wireless handheld devices that only support WEP-key encrytion.
In the first scenario, specific WLANs (esp. regarding authentication and encryption algorithm) can be set up that support specific groups of users. This requires a two-step process:
(1) create the custom WLAN and link it to qualified user accounts by “roles”, and (2) assist
all qualified users to prepare their client devices for custom WLAN connection.
As a result, you will have the default internal WLAN, plus the needed WLANs that fulfill different wireless security requirements.
Customizing Ruckus WLAN Security
The default security environment for your internal WLAN incorporates a WPA-based authentication passphrase and the TKIP encryption algorithm, and utilizes a dynamic pre-shared
key. To review the default WLAN configurations and the available options, review the following procedures.
Reviewing the initial security configuration
1 Go to Monitor > WLANs.
2 When the WLANs workspace appears, a WLANs table lists the two default WLANs cre-
ated in the setup process: corporate and guest. The internal WLAN, corporate, is the
one used by your authorized users, and you can review the details of its configuration
by clicking the WLAN name. See “FIGURE 3-1” on page 21.
3 You have three options with the internal WLAN: [1] continue using the current configu-
ration, [2] fine-tune the existing WPA-based mode, or [3] replace this mode entirely
with either a WEP-based mode or an 802.1x mode. The two WLAN-editing processes
are described separately, in the following sections.
20
Loading...