• PoE Operating Mode: Select the PoE Operating Mode (for specific AP models only) from the drop-down list. By default, Auto is selected. The other options are 802.3af, 802.3at, or 802.3bt/Class 5.
• Enable PoE Out: By default, the Enable PoE Out option is disabled. You can enable this option by toggling the Enable PoE Out option to ON. This option is available for specific AP models only.
• Ethernet Port Profile: Manages the configuration settings for Ethernet ports on networking devices. Select an Ethernet port profile from the drop-down list or click Add Profile to create a new Ethernet port profile. Refer to Adding an Ethernet Port Profile for more information.
  Note: For AP firmware 7.0.0.200.6290 and later versions, any changes to the trunk port VLAN untag ID will take effect. However, for APs with firmware versions earlier than 7.0.0.200.6290, the trunk port VLAN untag ID will remain at the default value of 1, even if the configuration has been changed.
• Enable SoftGRE Tunnel: Tunnels the traffic to a SoftGRE gateway. Toggle the Enable SoftGRE Tunnel switch to ON. Select a SoftGRE profile from the SoftGRE Profile drop-down list or click Add Profile to create a new SoftGRE profile. Refer to Creating a SoftGRE Profile for more information.
  Note: The uplink port does not support SoftGRE tunneling, which will cause the AP(s) to disconnect.
  Note: SoftGRE tunnel is not supported if you select an Ethernet port profile with 802.1X Role as Supplicant. If SoftGRE tunnel is already enabled and you switch to a profile with the 802.1X Supplicant role, then SoftGRE tunnel will be automatically disabled.
  Note: There is no alternative keep-alive detection mechanism between the AP and the SoftGRE server other than ping. As a result, if the primary SoftGRE service goes down but the ping to its IP address still succeeds, then the AP will not fail over to the backup gateway.
• Enable IPsec: Encapsulates data packets within GRE packets and secures them using IPsec. Toggle the Enable IPsec option to enable this feature. Select an IPsec profile from the IPsec Profile drop-down list or click Add Profile to create a new IPsec profile. Refer to Creating a IPsec Profile for more information.
  Note: A venue supports up to three SoftGRE-activated profiles without IPsec or one SoftGRE profile with IPsec. If a LAN port already has SoftGRE enabled, click the toggle to disable SoftGRE tunneling before enabling SoftGRE with IPsec. Similarly, if SoftGRE with IPsec is enabled, click the toggle to disable SoftGRE with IPsec before enabling SoftGRE tunneling.
  Note: When an Ethernet LAN port for an AP is enabled and configured with both SoftGRE and IPsec, all the wired clients connected to the customized AP LAN port are directed to the SoftGRE tunnel, protected by IPsec.
• Client Isolation: Enabling client isolation enhances network security by preventing devices on the same Wi-Fi network from communicating directly with each other. To apply client isolation, a manual device reboot is necessary. You can choose the specific AP devices from the AP list and click Reboot to restart them.
  Note: Enabling client isolation on the uplink will disconnect the AP.
• Isolate Packets: You can isolate data packets within the network to enhance network security and performance by controlling how data is transmitted and received within the network. Select unicast, multicast, and broadcast packets from the drop-down menu. Isolating unicast packets prevents direct communication between individual devices on the same network. Isolating multicast packets prevents specific devices from receiving data from the same device unless explicitly allowed. Isolating broadcast packets prevents all devices from receiving data from one device.
• Automatic support for VRRP/HSRP: Enabling Automatic support for VRRP and HSRP ensures seamless failover and increased network reliability by dynamically managing router failover without manual intervention. This maintains high availability and reliability in critical network environments.
• Client Isolation Allowlist: Enabling Client Isolation on a specific port for an AP model at a particular venue prevents devices on the same network from communicating with each other. However, the Client Isolation Allowlist permits certain devices to bypass this restriction and communicate with isolated clients. You can select an allowlist from the drop down menu or click Add Policy to create one. These policies allow specific devices, to communicate with isolated clients despite the isolation settings.

  To create a policy, provide the Policy Name, Description and add clients to the policy from the Select from Connected Clients. You can also add clients by clicking Add New Client. Click Policy Details to view information about the policy.

• (Optional) If you want to revert to the default port settings, click Reset to default. A confirmation message is displayed, click Continue. Modifications to the LAN port settings at the venue level are specific to each AP model, meaning any change or reset will only affect the selected AP model. Depending on the AP model, the following configurations will be reset to their default settings: PoE Operating Mode, Enable Port, Ethernet Port Profile, Enable SoftGRE Tunnel, and Client Isolation.

Mesh networking adds resiliency to your venue network by ensuring that wired APs in your venue maintain a connection to the network if they lose their wired connection and allows APs to be added to a network even if it is physically prohibitive to cable them to the network.

• Mesh Network Name: Auto-generated by RUCKUS One
• Mesh PSK: Auto-generated by RUCKUS One
• Mesh Radio: Defaults to 5 & 6 GHz

Directed Multicast converts multicast traffic to unicast packets, thereby cutting down on multicast flooding and enhancing the performance in wireless networks.

Enabled by default, the Directed Multicast feature can be disabled or re-enabled separately for Wired Client, Wireless Client, and Network traffic by toggling the switch OFF or ON, respectively.

• Wired Client: This option controls multicast-to-unicast conversion from wired clients on a non-trunk interface.
• Wireless Client: This option controls multicast-to-unicast conversion from wireless clients.
• Network: This option controls multicast-to-unicast conversion from wired clients on a trunk interface.

When Directed Multicast is enabled, the AP inspects multicast traffic and monitors client IGMP/MLD subscriptions to determine packet handling. For multicast data that the wireless clients of the AP are subscribed to, the AP will convert packets to unicast. When no client is subscribed, the AP will drop the packets. Some well-known traffic types (Bonjour, uPnP, and so on) will bypass this logic altogether, and the multicast-to-unicast conversion will be determined by Directed Threshold in the WLAN advanced settings.

Configure the following settings (fields are identical for both the 1 Primary SIM and 2 Secondary SIM sections).

• APN: Enter the APN name.
• 3G/4G (LTE) Selection: By default, Auto is configured. You can select either 4G (LTE) only, or 3G only, or Auto.
• Data Roaming: By default, data roaming is set to ON. To disable data roaming, toggle the Data Roaming option to OFF.
• LTE Band Lock: Select the bands for 3G and 4G for your current country. Click Show band for other countries to view the available bands for other Domain 1 and Domain 2 countries, and Japan.
• Select the WAN Connection.
  • Ethernet (Primary) with cellular failover
  • Cellular (Primary) with Ethernet failover
  • Ethernet Only
  • Cellular Only
• Set the Primary WAN Recovery Timer. The default value is 60 seconds. The valid value is from 10 through 300 seconds.

• NAS ID: Defines the ID sent to the RADIUS server, which will identify the AP. Select the appropriate option from the menu; options include WLAN BSSID (default selection), Venue Name, AP MAC, and User-defined. Note that selecting User-defined prompts you to define a Custom NAS ID.
• MAC Delimiter: Select either Dash or Colon for the MAC Delimiter. This option appears for the NAS ID types WLAN BSSID and AP MAC.
• NAS Request Timeout: Indicates the duration after which an expected RADIUS Response message is considered to have failed. Valid values are 2 through 20 seconds, default is 2 seconds.
• NAS Max Retries: Indicates the maximum number of failed connection attempts after which the controller will failover to the backup RADIUS server. Valid values are 2 through 10 retries, default is 2 retries.
• NAS Reconnect Primary: Indicates the time interval after which the controller will recheck if the primary RADIUS server is available when the controller has failed over to the backup RADIUS server. Valid values are 1 through 300 minutes, default is 5 minutes.
• Called Station ID: Indicates the format for the called station ID, which is sent to the RADIUS server as an attribute, and can be used in policy decisions. Select the appropriate option from the menu; options include WLAN BSSID (default selection), AP MAC, AP Group, and None.
• Single Session ID Accounting: Enable this feature to allow the APs to maintain one accounting session (including statistics) for a user roaming between APs. Disabled by default. Toggle the switch to ON to enable the feature.