Ruckus Wireless as an Unifi alternative?

[tgl]

Yes, this is quite important, and is a big reason why 'WiFi extenders' often fail to provide any value (I just helped a neighbor deal with this). The 'extender' just rebroadcasts the same SSID, but is otherwise not integrated with the existing APs, so the APs and extended cannot assist the WiFi clients in making decisions about where to associate.

The same will happen with independent APs broadcasting the same SSID; they aren't aware of each other.

When a configuration with multiple integrated APs is used (for Ruckus that's Unleashed, SmartZone, etc.) then the 'controller' will help the APs configure themselves to minimize interference, maximize coverage, and assist clients as they roam around the coverage area.

Yeah. Couple of points worth noting here:

• While AP-to-client signaling for 802.11k/v is standardized, the infrastructure underlying the APs' behavior is not, and every manufacturer seems to do that their own way. This is part of why you can't put together a random set of APs and expect to get k/v roaming support.
• A lot of manufacturers do seem to use the controller as an active part of k/v behavior. I'm currently using UniFi gear, and they don't: the controller tells the APs they are siblings and then the APs do the rest. This stems from what seems to be an ancient architectural decision on Ubiquiti's part that they would not require the controller functionality to be alive 24x7. They're in the minority on that AFAIK.

 

[delamonpansie]

802.11k/v offers a much more plausible answer,

I've tried configuring this on unleashed. More often than not, 802.11k doesn't work. First, UI is misleading, it never shows any 5GHz neighbors. Second, most of the time requesting neighbors list with wpa_cli neighbor_rep_request simply fails.

 

[gigi-biji]

I've tried configuring this on unleashed. More often than not, 802.11k doesn't work. First, UI is misleading, it never shows any 5GHz neighbors. Second, most of the time requesting neighbors list with wpa_cli neighbor_rep_request simply fails.

How do you check for neighbors? I assuming something on a client, linux/windows command?

 

[delamonpansie]

How do you check for neighbors? I assuming something on a client, linux/windows command?

Two ways:
1. You can check in the Unleashed UI: "Access Points" -> Select specfic AP -> "Show AP Info" -> "Neighbor APs". Somehow it only shows 2.4GHz neighbors.
2. If you are running Linux with wpa_supplicant, you can request a neighbor list with wpa_cli neighbor_rep_request command.

 

[weeds]

I recently purchased 3 - Ruckus a750 APs.

I was able to connect to one of the APs and get it set up as an Unleashed AP and broadcasting. However, when powering up one of the other APs and trying to connect to it, it fails.

I then tried to set up the originally configured AP as a Master, then powering up the 2nd AP and letting it pick up the config from the master, but nothing happens and the Master doesn't show another AP in it's admin screen.

Both are hardwired to the same 2-jack ethernet plate in my office, so they are on the same network. Doing a LAN scan, I can see 2 Ruckus devices and their IPs, but putting that IP into the browser doesn't connect me to the admin page

What am I missing?

 

[gigi-biji]

I recently purchased 3 - Ruckus a750 APs.

I was able to connect to one of the APs and get it set up as an Unleashed AP and broadcasting. However, when powering up one of the other APs and trying to connect to it, it fails.

I then tried to set up the originally configured AP as a Master, then powering up the 2nd AP and letting it pick up the config from the master, but nothing happens and the Master doesn't show another AP in it's admin screen.

Both are hardwired to the same 2-jack ethernet plate in my office, so they are on the same network. Doing a LAN scan, I can see 2 Ruckus devices and their IPs, but putting that IP into the browser doesn't connect me to the admin page

What am I missing?

I am no expert, but check if this setting is enabled?


My experience was like this:
With pretty much default settings of WAP1 (I did updated from 200.13 to 200.15), I plugged in second wap and came back to system 10-15 minutes later. The new wap had joined and firmware was matching the first one.

 

[kpfleming]

However, when powering up one of the other APs and trying to connect to it, it fails.

Did you purchase them as 'new' or 'new in box'? If not, you'll probably need to follow the procedure to factory-reset each of them as they will have the prior owner's configuration.

 

[weeds]

Did you purchase them as 'new' or 'new in box'? If not, you'll probably need to follow the procedure to factory-reset each of them as they will have the prior owner's configuration.

They were purchased "used", so I wouldn't consider them "new in box". However, I've reset them back to factory settings multiple times.

 

[weeds]

I am no expert, but check if this setting is enabled?
View attachment 43168

My experience was like this:
With pretty much default settings of WAP1 (I did updated from 200.13 to 200.15), I plugged in second wap and came back to system 10-15 minutes later. The new wap had joined and firmware was matching the first one.

Confirmed I have that box checked.....

 

[ms264556]

Unleashed 200.18 is out...
New modernized Web UI, T670 Support, AFC, etc.

Change Log

The What's New document calls out improved sticky client steering. Not sure if this is just the existing CLI setting surfaced onto the web UI, or if they've genuinely re-worked the implementation to make it useful now.

I'll test later in the week whether hacked R730 dedicated master still works, unless someone wants to try it and report back here.

 

[adman_c]

I'm still on 200.14 with the hacked r730. I also have some old H510s in my system. Can anyone tell me what is the most-recent Unleashed I can run if I remove the r730 (or switch it to dedicated master mode)? Thanks! Edit: 200.15--found it on @ms264556's super-useful guide. Thanks for that!

 

[adman_c]

@ms264556--I have a couple of questions for you: if I decided to run the r730 in dedicated master mode, am I limited by my oldest APs as far as what version of Unleashed I can run? I.e. if I want to run the fancy new Web UI of 200.18, would I need to upgrade to xX50 APs from my old Wave2 APs? And what happens when your dedicated master goes down if you're running in dedicated master mode? Do the APs stay up but you're unable to access the Web UI? Or can it still failover to the APs that are up? Thanks!

By the way, it's absolutely a credit to the stability of these old Ruckus APs that I haven't paid attention to this thread for months/years at a time. They just keep on trucking, providing rock-solid WiFi.

 

[ms264556]

@ms264556--I have a couple of questions for you: if I decided to run the r730 in dedicated master mode, am I limited by my oldest APs as far as what version of Unleashed I can run? I.e. if I want to run the fancy new Web UI of 200.18, would I need to upgrade to xX50 APs from my old Wave2 APs?

Yes, 200.18 is for x50/x70 APs only. You can see the supported APs for each version of Unleashed in my guide.

And what happens when your dedicated master goes down if you're running in dedicated master mode? Do the APs stay up but you're unable to access the Web UI? Or can it still failover to the APs that are up? Thanks!

Unleashed Dedicated Master is an evolution of ZoneDirector, so the controller gets involved in the association and authentication flow. If your Dedicated Master goes away, and you have't provisioned a standby Dedicated Master, then no new clients can join APs.

I wouldn't personally run Dedicated Master unless I (a) couldn't put my APs into a single subnet/VLAN, or (b) need to tunnel some client traffic back to a central point.

Since Ruckus Unleashed cloud management is so good now, I think in many situations where you have a handful of remote APs to manage then you're better off just cloud managing them.

So this just leaves tunneling. Once you have your central firewall setup, it's far easier to hand out an AP which has a centrally managed local SSID and tunneled SSID than to configure and manage a VPN endpoint at each remote location.

By the way, it's absolutely a credit to the stability of these old Ruckus APs that I haven't paid attention to this thread for months/years at a time. They just keep on trucking, providing rock-solid WiFi.

This is my view. I still run an old ZoneDirector at home, because it works flawlessly.

I think a central R730 with a handful of H510s where necessary at the edges is perfect - the R730 provides a very fast conection for most clients, and H510 signal is weak enough that mobile clients quickly migrate back to the R730 minimizing any sticky client issues.

If you want to spend all day tinkering then an R730 with Unleashed 200.14 isn't the latest, shiniest, toy.

If you wanted something to tinker with then I recommend configuring your router/firewall with VLANs so you can segregate your AP client traffic from your AP management traffic. I spent the last couple of months pulling apart AP <=> Controller protocols for my 3rd-party AP controller project, and they're not particularly secure. This shouldn't be a shock: if an AP is capable of automatically enrolling into a controller-less mesh, then malicious software can do the same thing.

 

[adman_c]

I wouldn't personally run Dedicated Master unless I (a) couldn't put my APs into a single subnet/VLAN, or (b) need to tunnel some client traffic back to a central point.

Sounds like Dedicated Master probably isn't for me. I'll probably ride it out with my AC WiFi for another year or so and then pick up an r650 and a couple of h550s. I suppose I could wait for the WiFi 7 gear to be released and come down in price, but that may be longer than I'm willing to wait.

If you wanted something to tinker with then I recommend configuring your router/firewall with VLANs so you can segregate your AP client traffic from your AP management traffic. I spent the last couple of months pulling apart AP <=> Controller protocols for my 3rd-party AP controller project, and they're not particularly secure. This shouldn't be a shock: if an AP is capable of automatically enrolling into a controller-less mesh, then malicious software can do the same thing.

Yeah, none of my WLANs are on the management VLAN, although I suppose my firewall rules do allow my "main" WLAN VLAN to access everything, including the management VLAN.