Ruckus Wireless as an Unifi alternative?

mattlach

Active Member
Aug 1, 2014
184
26
28
Yes, but I'm biased because I have an R510 and R610 at home.

Our household doesn't need the newest tech and WiFi 5 does the job. If I invest in WiFi 6 I would need to add a multi-gig capable switch in production for full benefit. Why does it feel wrong to spend money on older technology? These WiFi 5 Wave 2 APs are "older" but not obsolete. They're still getting updates. Even Ruckus's WiFi 5 Wave 1 APs (Xn00s) got an update for FragAttacks. If it weren't for security vulnerabilities, I'd say even 802.11n is fine. Just look at the huge Brocade thread. The ICX 6000s are still great even though software development ceased Nov. 2019. You pay a premium for buying the newest, and I'll gladly have others do that to make sure the product is robust before I jump in.

RE: max SSIDs, I posted it elsewhere at STH: https://forums.servethehome.com/ind...dio-802-11ac-wave-2-99-each.30866/post-285819. It's 16. But that answer was based on a post answered 5 years ago and the KB is not accessible from a free account so I'm not sure if their new WiFI 6 APs have the same limitation.

Not sure what you mean by trunked multi-VLAN upload, but they do support different tagged VLANs per SSID going through a trunk port. You can also configure it through its webUI. There has been one STH member that was confused about native VLAN limitations but it can be any VLAN ID, not limited to VLAN 1.

I'm not a wifi expert but I've read the client is probably the limiting factor rather than the station and it's logical people currently have more devices that won't support the full capabilities of WiFi 6 than those that do.


https://www.reddit.com/r/networking/comments/jd23nw

Maybe let me rephrase a bit.

I'm still trying to decide what to do. As much as I have come to dislike Ubiquiti Networks, the Unifi AP's are still manageable. Since I am not using their cloud services, their shitty behavior regarding that, doesn't affect me, and I have not been forced onto the cloud, yet...

The thought was to ditch the Unifi ac's while upgrading to ax from a different vendor, but I am not sure I want to spend money and get a side-grade.

Maybe I'll wait until Ubiquiti forces me to take action, or when an ax upgrade is cheaper, maybe I'll spend stupid money on latest gen Ruckus or Fortinet gear or maybe side grade. I just haven't decided yet.
 

sth

Active Member
Oct 29, 2015
336
71
28
I'm trying to figure out if it is really worth it to invest in older R710 ac units at this point, or if I should just keep using the Unifi units until more ugly Ubiquiti behavior forces me off them. (the hack bothers me, but doesn't affect me directly, as I don't use their cloud services, but if they force me to, I'll shut off my AP's the same day, and keep them off until replaced with something that doesn't)

Any thoughts here? Are older R710 ac units a bad buy today? It really feels wrong to spend money on previous gen tech, but maybe it doesn't matter, especially since our Wifi use is limited (most work done on desktops, everything that isn't a laptop oe a phone is hardwired, very little "smart" devices)

Can anyone tell me how many SSID's these devices support? And do they support a trunked multi-VLAN upload and then assigning different VLAN's to different SSID's, like I am currently doing with my Unifi devices? Switch on the other end would be Mikrotik.

Also, what kind of PoE injectors would be recommended?
The r710s and r720 are great units and available cheaply used. The step up to newer hardware will come at quite a premium, I'm guessing in the region of $1300 per AP with the release of newer 6E hardware so that may factor into your decision to buy r720s now or wait.

Most of the Ruckus APs support 4 SSID, but some like the 8x8 R730 support up to 8 due to a higher number of antennas. They are however limited to smartzone compatible only (no unleashed) and are also not upgradable to full 802.11ax (no OFDM upload capability). The R750 is available around $750 on the grey market, but is not 6E upgradable.

Rather than look into additional SSIDs to segregate traffic you may be able to leverage Dynamic PSK's (Zero-IT and DPSK Settings)
 

Vesalius

Active Member
Nov 25, 2019
150
113
43
FYI Unleashed 200.10.10.5.229 is out. I updated my 3 r710's last night.

Only issue I had was a recurring issue I have experienced in the past that I think is related to my ICX6450 switch. Immediately after the upgrade the 2 client AP's would not join the Master over the ethernet backhaul. Rebooted all the AP's a couple time in various orders, but ultimately a reload of the ICX6450 was required. This has happened a couple times in the past. Can ping each AP from the Master CLI and GUI at all times.

Anyway this release allows us to set the Management Vlan to whatever we would like instead of being defaulted to vlan1 among other things listed below. Also made setting up LACP on my r710's easier. They mention LACP now being supported on the newer AX capable AP's but I am not sure how that will work given the different speeds of the ETH ports on several of those. If you have iOS devices and are using a mixed WPA2/WPA3 your device will not connect if you take advantage of 802.11r. Will need to go with either wpa3 or wpa2 not mixed.


New Features
  • Change in success message status from red to green - When a test is successful, the status message is displayed in green. When a test fails, the status message is displayed in red.
  • Remote Packet Capture - Captures wireless packets during normal operation and the packets are saved in local files or streamed to Wireshark.
  • Simplify the Installation - During quick installation, a new API is loaded by the UI and WLAN template data is fetched from and sent to the backend. WLAN data such as SSID is displayed in the UI and used as a default value and the data is sent to backend when creating the default WLAN.
  • WPA3 R2: 11r 11w. etc... Adds SAE FT and AKM PSK SHA256 support to “Open + WPA2/WPA3-Mixed” WLAN, and adds new WLAN type “802.1X EAP WPA2/WPA3- Mixed”.
  • Election Replay Attack - This feature aims to avoid DDOS attack as a result of not encrypting the election heartbeat or control packet. When the master AP sends election packet to a member AP, the election packet will include the member AP’s MAC address into the packet content. When the member AP receives message from master AP, the MAC address is verified with that of the member AP and if there is a match, then the member AP performs the action specified or else the member AP ignores the election packet. Following are the messages that include the member AP’s MAC address: Reboot, set factory, set debug level, set AP role, and set AP delay elect.
  • Provide option to change Master AP, based on network intelligence - This feature gives an option to change the master AP. Under Primary Preferred Master, the UI lists all the APs that accord with a master role on the network. The AP is sorted and listed by a special algorithm (master elect) where the best master is placed at the top of the list. The user can choose the best master as the Primary Preferred Master.
  • QR Code Support - Unleashed system generates standard QR code so that mobile devices can access Wi-Fi automatically, depending on mobile device version and support.
  • Web UI Enhancement - UI Generates Alarm Notification List from backend API The UI provides alarm definition list that is fetched from the backend.
  • Management VLAN -This release provides management VLAN support.
  • Management ACL- This release provides management ACL support.
  • 2.4G Mesh Support - This release provides 2.4G mesh support.
  • Save AP core dump from master web UI - This release introduces the option of saving AP core dump files from the web UI. When an AP core dump occurs, a log file is created and stored on Unleashed, and the AP Diagnostic Information section lists the AP's MAC address, IP address, device name, description, and AP model.
  • Open VPN Support - In this release, Unleashed system will provide CLI commands to bring up the openVPN daemon, maintain the openVPN tunnel, and debug the openVPN status and statistics.
  • Status/Statistic Report - Customizing different intervals of different data types, like wlan-report-interval, ap-report-interval, and client-report-interval.
  • Remove RUCKUS infomation in web UI - The Unleashed system will not provide any RUCKUS information in the web UI when no-ruckus-information is enabled in the master AP.
  • A special portal for local database user to change password - This feature allows users to modify password of their accounts without the need for an administrator. Also, syslog will have a record of the users who change their passwords. This reduces the workload of the administrator effectively.
  • Import multiple users into Local database by CSV file - This feature helps to import multiple user accounts into local database using a CSV file.
  • LACP support for 11ax and wave2 AP in CLI -This feature provides LACP support for 11ax and wave2 AP in CLI.

Known Issues
  • iOS devices that support 802.11r and WPA3 cannot associate to open-WPA2/3-mixed+802.11r WLAN.
  • Master bonjour gateway is not working if the same VLAN is enabled for management interface.
  • After prov.apk is installed, Android 10 phone is unable to connect to corresponding WLAN by way of "WiFiAutoConf" application.
  • Multiple entries are generated for the same iOS or Android device if random MAC addresses are used by the iOS device.
  • iphone with iOS 14.0.1 or later version is unable to connect to hotspot 2.0 WLAN.
  • Error 403 appears for iOS devices when it tries to connect with a guest WLAN profile using a social login.

Resolved Issues
  • Resolved an issue where Unleashed cannot add ICX switch to the dashboard sometimes.
  • Resolved an issue on AP where Mesh would not function properly when management VLAN and LACP are both enabled.
  • Resolved an issue related to vulnerabilities on Unleashed Master after disabling older TLS versions.
  • Resolved an issue where "mcast-airtime" value was not correct on Unleashed AP.
 

dragonian

Member
Jan 3, 2020
34
19
8
Currently, I have the three Unifi AP-AC-LR's and a Unifi Controller running in a dedicated LXC container on my server. The new digs are a bit smaller than the old, and from reading this thread Ruckus is much better at dealing with interference (which is amazing to me, as the reason I first went to Unifi back in ~2010 it was because they sliced through the noise like no consumer wifi solution could, like some sort of black magic) so I am thinking I can probably get away with only two Ruckus AP's, I'm guessing in an Unleashed configuration, so I don't need to pay for a controller license.
I went from a AP-PRO and a nanoHD 1 year ago to 2x R610, and couldn't be happier. I get substantially higher speeds and connection quality throughout the house.
IMHO, R610s are fine (as would R710s or likely even R510s). I don't see that the wifi6 APs are worth the cost.
I run multiple SSIDs on different VLANs.
For full capabilities, you can use any power injector that supports POE+ (802.3at) or a switch (you can even venture down the path of cheap brocade L3 switches). If you only have 802.3af, they work at reduced capabliities (no 2nd eth, etc)
 
  • Like
Reactions: mattlach

klui

Active Member
Feb 3, 2019
387
166
43
FYI Unleashed 200.10.10.5.229 is out. I updated my 3 r710's last night.
.
.
Known Issues
  • iOS devices that support 802.11r and WPA3 cannot associate to open-WPA2/3-mixed+802.11r WLAN.
  • After prov.apk is installed, Android 10 phone is unable to connect to corresponding WLAN by way of "WiFiAutoConf" application.
  • Multiple entries are generated for the same iOS or Android device if random MAC addresses are used by the iOS device.
  • iphone with iOS 14.0.1 or later version is unable to connect to hotspot 2.0 WLAN.
Sounds like some pretty significant issues with mobile devices. Anyone have experience about how limiting these issues are?
 

Vesalius

Active Member
Nov 25, 2019
150
113
43
I am all iOS here and was running a mixed WPA2/3 network. I switched to WPA3 only for my trusted wlan (non-IOT stuff) after selecting +802.11r and had to reboot (homepods & AppleTVs on wifi) or reconnect (just reselected the wlan name without needing to reenter password) iphones/ipads on all those devices as they did not have internet access otherwise.

Haven't seen anything from the last 3.
 

klui

Active Member
Feb 3, 2019
387
166
43
I am all iOS here and was running a mixed WPA2/3 network. I switched to WPA3 only for my trusted wlan (non-IOT stuff) after selecting +802.11r and had to reboot (homepods & AppleTVs on wifi) or reconnect (just reselected the wlan name without needing to reenter password) iphones/ipads on all those devices as they did not have internet access otherwise.

Haven't seen anything from the last 3.
Ours is Windows, iOS, and Android. Some devices can't use WPA3 so I've configured mixed WPA2/3. It looks like 11r is not supported in WPA3 on the older 200.9 branch. https://forums.ruckuswireless.com/c...r-ft-roaming-on-wlan/5f91c3fc135b77e24790a250.

I'll probably hold off until some of these limitations are addressed.
 

Sealside

Member
May 10, 2019
53
12
8
Stockholm/Sweden
Has anyone attempted to force flash a ruckus ap? I'm having this r710 which I got off ebay and it was not working (got my money back and bought another one which was ok).
I can't connect to it, although the island-xxx wireless network will pop up (but I'm unable to get authenticated I've tried all possible combos of passwords).
My impression is that the bios might be corrupt so I manged to connect to it using a serial port on the circuit board.
Using minicom I can't send commands, but I can at least see the boot sequence, see attached files.
It looks like it has been managed with ZD previously.

Anyone have any suggestion how I can flash another firmware or login?
In terms of ports opened it only seem to be answering to ping and have port 1883 open for mqtt.
 

Attachments

fohdeesha

Kaini Industries
Nov 20, 2016
2,267
2,326
113
30
fohdeesha.com
Has anyone attempted to force flash a ruckus ap? I'm having this r710 which I got off ebay and it was not working (got my money back and bought another one which was ok).
I can't connect to it, although the island-xxx wireless network will pop up (but I'm unable to get authenticated I've tried all possible combos of passwords).
My impression is that the bios might be corrupt so I managed to connect to it using a serial port on the circuit board.
Using minicom I can't send commands, but I can at least see the boot sequence, see attached files.
It looks like it has been managed with ZD previously.

Anyone have any suggestion how I can flash another firmware or login?
In terms of ports opened it only seem to be answering to ping and have port 1883 open for mqtt.
if you really want to, yes you can lay down new firmware in u-boot. I don't know if the u-boot build for the R710 has prebuilt routine/commands for laying down new firmware, if it doesn't you'll have to do the manual method of tftp'ing the firmware sections into memory and copy them to the right areas of flash. it could also potentially be easier to get into u-boot and temporarily tftp-boot a firmware image, once it's up and running, log in and use the firmware update page to "properly" flash new firmware

they also store two images, you could try just booting the backup partition, maybe it's in better shape. it's probably like "bootlcl rcks_wlan.bkup" in u-boot if I remember right.

if you can't send text/enter u-boot, you probably just have you serial connection wired wrong. should be this:




Also make sure your UART adapter is set to 3.3v, 115200-8-N-1
 

true

New Member
Jun 6, 2021
1
0
1







Code:
ruckus$ cat /etc/version
200.9.10.4.243 based on //depot/release/unleashed_200.9.10.4 CL 839647
ruckus$ bsp set fixed_ctry_code 0
ruckus$ bsp commit
Saving flash .....
bdSave: sizeof(bd)=0x7c, sizeof(rbd)=0xd0
  caching flash data from /dev/mtd16 [ 0x00000000 - 0x00010000 ]
  updating flash data [0x00000000 - 0x0000007c] from [0x7e9f3a6c - 0x7e9f3ae8]
  updating flash data [0x00008000 - 0x000080d0] from [0x7e9f3ae8 - 0x7e9f3bb8]
_erase_flash: offset=0x0 count=1
Erasing 64 Kibyte @ 0 -- 100 % complete
  caching flash data from /dev/mtd16 [ 0x00000000 - 0x00010000 ]
  verifying flash data [0x00000000 - 0x0000007c] from [0x7e9f3a6c - 0x7e9f3ae8]
  verifying flash data [0x00008000 - 0x000080d0] from [0x7e9f3ae8 - 0x7e9f3bb8]
... Changes saved to flash



hi! how did you manage to get root access?
 

Sealside

Member
May 10, 2019
53
12
8
Stockholm/Sweden
if you can't send text/enter u-boot, you probably just have you serial connection wired wrong. should be this:
Hat off to you @fohdeesha . Yes the cables were wrong (I tried I tried all possible combinations, but I guess I missed it).
I could actually login to the ap (super / sp-admin), as well as accessing u-boot. The backup image was also bad. I could however flash a new firmware using tftp

for reference
fw set host <TFTP server IP address>
fw set proto tftp
fw set port 69
fw set control <image file name>
fw update
reboot

Seems like the AP is working just fine now! Amazing!

Br S
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,267
2,326
113
30
fohdeesha.com
looks like unleashed 200.10 was just released and it's a big one. release notes attached. cliffnotes:

- added live packet capture directly on the AP, will even stream to wireshark
- WPA3 R2: 11r 11w. etc
- Adds SAE FT and AKM PSK SHA256 support to “Open + WPA2/WPA3-Mixed” WLAN, and adds new WLAN type “802.1X EAP WPA2/WPA3- Mixed”
- dedicated management vlan!!! can make it a tagged vlan of whatever you want and no longer have to run untagged
- something about openvpn support
- finally added LACP support to all the newer wave2/ax APs that didn't have it
 

Attachments

ronclark

New Member
Dec 6, 2019
11
6
3
I just wanted to say I am an extremely happy ruckus unleashed user as of Friday.
I picked up a R310 off eBay, setup was super easy with the app, literally 5 minutes I was up and running. The app even asked if I want to update to the latest firmware.
I live on the second-floor apartment the AP is in the back of the apartment, today I was out in the parking lot and looked at my phone about 250ft away from the ap it still had a signal. needless to say, I was surprised consumer stuff I had been using stopped working at the carport which is about 60ft away from the AP.
I have set up some uniFi AP's at an office no way as easy to set up and the coverage is crap, I mean it better than consumer APs. at this point i would find it hard to recommend uniFi AP's.
 

epicurean

Active Member
Sep 29, 2014
705
51
28
I wish to setup up LACP on a R610 AP to my ICX6450 48POE. I
Would someone be willing to guide me along,step by step? Does the 2nd port also need POE?

much thanks
 

zunder1990

Member
Nov 15, 2012
91
15
8
I have looked and cant find an answer with Smartzone 100 or virtual SZ what happens after the trail license runs out? I know if you attach an AP license it will block APs from connecting if you go over the licensed amount. This is for personal home usage.
 

TXAG26

Active Member
Aug 2, 2016
316
97
28
I have looked and cant find an answer with Smartzone 100 or virtual SZ what happens after the trail license runs out? I know if you attach an AP license it will block APs from connecting if you go over the licensed amount. This is for personal home usage.
Why not just use Unleashed if it’s for a home network? I’ve found Unleashed does everything I need.
 

zunder1990

Member
Nov 15, 2012
91
15
8
Why not just use Unleashed if it’s for a home network? I’ve found Unleashed does everything I need.
At work we use all ruckus sz both onsite and virtual sz(we have about 60k ap) and I have become very comfortable with sz. There are nerd knobs and work flows that I miss with my current unleashed deployment.