Configuring Additional Settings for a Wi-Fi Network

While creating a new network or modifying an existing network, you can configure a range of additional options that give you a high degree of control over the way the network functions.

These options include VLAN configuration, network access controls, radio throughput settings, networking configurations, and advanced quality or service settings. Note that options vary from network to network, for example, only Captive Portal networks include User Connection options.
Complete one of the following steps to configure the additional settings for a Wi-Fi network.
  1. Configure additional options while adding a new wireless network.
    1. Step through the Create New Network wizard until you reach the Settings or Onboarding page (page name is dependent on the network type).
    2. Click Show more settings to expand the list of additional settings.
  2. Edit an existing network.
    1. Navigate to Wi-Fi > Wi-Fi Networks > Wi-Fi Networks List.
    2. Click the check box for the specific Wi-Fi network that you want to configure, then click Edit. The Edit Network page is displayed.
    3. Click Next to advance through the wizard until you reach the More Settings page, or click More Settings in the wizard's navigation menu.

      The following sub-tabs are accessible. By default, the VLAN sub-tab is displayed. Each sub-tab includes additional Wi-Fi configuration options to configure the settings of your preference. Refer to the following instructions to customize each of the available settings:

      Note:

      Demonstration of Advanced Settings for a Wi-Fi Network. This video explains advanced settings for a Wi-Fi network and walks you through the process of configuring them.

      Click to play video in full screen mode.

Configuring the VLAN Settings for a Wi-Fi Network

Configure any or all of the settings in the VLAN sub-tab, as necessary, for your network needs. Note that required fields already have a default value assigned, which you may retain or modify.
You can either configure VLAN Pooling or assign a VLAN ID to this network.
  1. Click the VLAN sub-tab.
  2. Toggle the VLAN Pooling switch on to assign a VLAN pooling policy to this WLAN.
  3. Select a VLAN pool from the Select VLAN Pooling drop-down list.

    If a VLAN pool is not yet defined, you can create a new one; click Add Pool, complete the fields in the Add VLAN Pool dialog box, and click Add. You can then select the newly created VLAN pool from the Select VLAN Pooling drop-down list. Refer to Creating a VLAN Pool for more information.

    A VLAN pool policy allows a single VLAN, multiple VLANs (separated by commas), or a VLAN range (from 2 through 4094). By default, VLAN Pooling is disabled.

    VLAN Sub-Tab
  4. Enter the VLAN ID number that you want to assign to this network.

    The valid range is from 1 through 4094. The default value is 1. The VLAN ID option is not available if VLAN Pooling or Enable RUCKUS DHCP service is enabled.

  5. Enable Dynamic VLAN (enabled by default when MAC Authentication is enabled). Dynamic VLAN automatically and dynamically assigns wireless clients to different VLANs based on their MAC addresses, using either a pre‑registered MAC list or an external MAC authentication service.
    Use Dynamic VLAN only for Passphrase (PSK/SAE), DPSK, Enterprise AAA (802.1X), 3rd‑Party Captive Portal (WISPr), and Open Network types.
  6. Toggle the Proxy ARP switch to on to enable this network to respond to ARP requests. Proxy ARP is disabled by default.

Configuring the Hotspot 2.0 Settings for a Wi-Fi Network

Configure any or all of the Hotspot 2.0 settings, as necessary, for your Hotspot 2.0 network needs. Note that required fields already have a default value assigned, which you may retain or modify.
  1. Select the Hotspot 2.0 sub-tab.
  2. Set the Accounting Interim Updates interval, ranging from 0 through 1440. The default value is 5 minutes.
    Hotspot 2.0 Sub-Tab
  3. Internet Access is enabled by default, which allows devices to connect to the internet through the hotspot. If this option is disabled, any device attempting to connect to the Hotspot Wi-Fi network is able to connect to the network but is not able to access the internet.
  4. Select the Access Network Type from the drop-down list.
  5. Select the IPv4 Address for the network from the drop-down list.
  6. Select a preconfigured protocol from the Connection Capabilities table.
    If a protocol is not yet defined, you can create a new one; click Add Protocol.
    An Add Protocol sidebar is displayed. Complete the following to add a protocol:
    1. Enter a Protocol Name.
    2. Enter a Protocol Number.
    3. Enter a Port Number.
    4. Select Status.
    5. Click Save.

Configuring the User Connection Settings for a Wi-Fi Network

Configure any or all of the user connection settings, as necessary, for your Captive Portal network needs. Note that required fields have default values assigned, which you may retain or modify.
  1. Select the User Connection sub-tab.
    Configuring the User Connection Settings
  2. Max devices per user:
    • Select the Max devices per user checkbox to limit the maximum number of devices a guest can connect using a single credential.

      Enter a value ranging from 1-1000. You can enter a value directly or adjust it using the spinner. The default value is 1.

    • Clear the Max devices per user checkbox to allow unlimited devices.
    Note: This setting is supported only for the following Captive Portal guest network types: Self Sign-In, Host Approval, Active Directory LDAP Server, and SAML Identity Provider (IdP).
  3. Allow the user to stay connected for: Select Minutes, Hours, or Days from the drop-down list, and then enter the connection duration after which the client is disconnected. By default, the duration is set to 1 day. The valid range is 2 -14,400 minutes, 1-240 hours, or 1-10 days, depending on the selected time unit.
    Note: After exceeding the configured session duration, the client is disconnected from the network and prompted to re-authenticate with the portal.
  4. Do not redirect to the portal when reconnecting within:
    • Select the Do not redirect to the portal when reconnecting within checkbox to enable this setting. When enabled, select Minutes, Hours, Days, or Weeks from the drop-down list, and then enter the duration. This setting defines the wait time after which the client is redirected to the portal for re-authentication. The valid range is 1-1440 minutes, 1-24 hours, 1-30 days, or 1-7 weeks, depending on the selected time unit.
    • Clear the Do not redirect to the portal when reconnecting within checkbox to disable this setting. When disabled, clients are redirected to the portal whenever they reconnect.
  5. You can set the Grace Period, which determines the number of minutes during which previously authenticated clients can reconnect to the network without re-authentication. By default, the grace period is set to 60 minutes. However, the grace period cannot exceed the total connection time allotted to the user or 14,399 minutes (approximately 10 days).

Configuring the Network Control Settings for a Wi-Fi Network

Configure any or all of the network control settings, as necessary, for your network needs. Note that required fields already have a default value assigned, which you may retain or modify.
  1. Select the Network Control sub-tab.
    Configuring the Network Control Settings
  2. (Optional) Toggle the DNS Proxy switch on. The DNS Proxy dialog box is displayed. DNS Proxy enables this network to respond to DNS requests. DNS Proxy is disabled by default.
    DNS Proxy Dialog Box
    1. Click Add Rule to add a new DNS proxy rule. In the Add DNS Proxy Rule dialog box, configure the following settings:
      • Domain Name: Enter a domain name for the DNS proxy rule.
      • IP Addresses: Enter an IP address.
      Adding a DNS Proxy Rule
    2. Click Add to add the domain name and IP address to the table.
    3. Click Save.
    4. Click OK.
  3. (Optional) Toggle the Wi-Fi Calling switch on to allow voice calls over a Wi-Fi network instead of a cellular network. Wi-Fi Calling is disabled by default.
    Wi-Fi Calling Dialog Box
    1. Toggle the Select Profiles switch on. The Select Wi-Fi Calling Profiles dialog box is displayed.
      Selecting Wi-Fi Calling Profiles
    2. Select the profiles in the Available Profiles table and click Add to move the selected profile to the Selected Profiles table. To remove the profiles from the Selected Profiles table, select the profiles in the Selected Profiles table and click Remove.
    3. Click Save.
  4. (Optional) Toggle the Client Isolation switch on to prevent devices on the same network from communicating directly with each other, enhancing security. Client Isolation is disabled by default.
    Client Isolation Setting
    1. Isolation Packets: Select Unicast, Multicast/broadcast, or Unicast and Multicast/broadcast from the drop-down list.
    2. Automatic support for VRRP/HSRP: Set the switch on to enable automatic support for VRRP/HSRP.
    3. Client Isolation Allowlist by Venue: Set the switch on to enable the client isolation allowlist by venue.
  5. (Optional) Toggle the Anti-spoofing switch to ON to verify the authenticity of devices and prevent IP address spoofing. Anti-spoofing is disabled by default.
    Anti-Spoofing Setting
    Complete the following fields:
    • ARP request rate limit: Enter the ARP request rate limit.
    • DHCP request rate limit: Enter the DHCP request rate limit.
  6. (Optional) Toggle the Logging client data to external syslog switch on to send client activity logs to an external Syslog server for monitoring and analysis. Logging client data to external syslog is disabled by default.
  7. (Optional) Application Recognition & Control is enabled by default. This setting manages the usage and reporting of network guest application activities. You can see the application usage of device clients from the RUCKUS One dashboard. Disabling this setting stops the monitoring and reporting of these activities.

  8. (Optional) Under DHCP, configure the following settings:
    • Force DHCP: Ensures that all devices on this network obtain their IP addresses through the DHCP server. Force DHCP is disabled by default. Toggle the Force DHCP switch on to enable this setting. If you enable the Anti-spoofing setting, then Force DHCP is disabled and grayed out.
    • DHCP Option 82: DHCP Option 82 allows a DHCP relay agent to insert circuit-specific information (such as port or MAC address) into DHCP packets before forwarding them to the DHCP server. This enables the server to assign IP addresses based on client location or relay source. In RUCKUS One, this feature is supported for wireless clients and for wired clients connected via AP LAN ports. By default, this feature is disabled. Toggle the DHCP Option 82 switch on to enable this feature. After enabling DHCP Option 82, configure at least one of the following sub-options:
      • Agent Circuit ID (#1):Click the toggle to enable this option, then select how the AP interface or port is identified from the drop-down list.
      • Agent Remote ID (#2): Click the toggle to enable this option, then select the identifier for the AP forwarding the DHCP request from the drop-down list.
      • DHCPv4 Virtual Subnet Selection (#150): Click the toggle to enable or disable this setting to define whether a virtual subnet should be used for IP address assignment.
      • DHCPv4 Virtual Subnet Selection Control (#151): Click the toggle to enable this option, then select and configure how the virtual subnet is applied. Options include Area and ESSID. If you select Area, a text field appears where you can enter the area name (1 to 26 characters).
      • AP and Client MAC Format Delimiter: Choose the syntax used to format MAC addresses. Options include AA:BB:CC:DD:EE:FF (the default), AA-BB-CC-DD-EE-FF, and AABBCCDDEEFF.
  9. (Optional) Toggle on the Access Control switch to enable assignment of access control policies to the network.
    Note: If both an Authentication Service and Access Control profiles are set for the network, then the access controls configured for the Authentication Service (through User Roles mapped to the RADIUS server) take precedence.
    Access Control Setting
    1. Select a policy from the Access Control Policy drop-down list.
    2. Click Add to add an access control policy.
    3. Click Select Separate Profiles to select another access control policy. For more information, refer to Creating an Access Control Policy.
    4. Click Save as AC Policy to display the Add Access Control Policy dialog box and create a new access control policy.
    5. Enter a Policy Name.
    6. Enter a Description for the policy.
    7. Configure Layer 2, Layer 3, Device & OS, Applications, and Client Rate Limit. For more information, refer to Creating an Access Control Policy.
    8. Click Save as AC Profile to create a new Access Control policy.
    9. Cancel the Access Control Policy; click Select separate profiles to exit Select Access Control Profile.

Configuring the Wi-Fi Radio Settings for a Wi-Fi Network

Configure any or all of the radio settings, as necessary, for your network needs. Note that required fields already have a default value assigned, which you may retain or modify.
  1. Select the Radio sub-tab.
    Radio Settings
  2. Toggle the Hide SSID switch on if you want to hide the network name from being broadcast. This setting is disabled by default.
  3. Under Load Control, complete the following fields:
    • Max Rate: Choose one of the following options from the drop-down list:
      • Unlimited (default): No limits on bandwidth allocation.
      • Per AP: The maximum bandwidth allocation limit of all connections to that specific network on the AP. If selected, two other options appear (enabled by default), Upload Limit and Download Limit. If either (or both) check boxes are selected, a sliding scale appears and you can drag your cursor along the line to choose the Mbps limits for each. The upload and download limit ranges from 1 through 500 Mbps.
    • Max clients per radio: Limits the number of clients that can associate with this network per AP radio (default is 100). The value ranges from 1 through 512.
    • Enable load balancing between all radios (enabled by default): Select this check box to enable load balancing for all radios. Load balancing helps improve network performance by helping to spread the client load between the radios on the AP.
    • Enable load balancing between APs (enabled by default): Select this check box to spread the client load between nearby access points, so that one AP does not get overloaded while another AP sits idle.
  4. Under Data Rate Control (2.4 GHz & 5 GHz), configure the following settings:
    • BSS Min Rate: Select None, 1 Mbps, 2 Mbps, 5.5 Mbps, 12 Mbps, or 24 Mbps from the drop-down list. Use BSS Min Rate option to configure the minimum transmission rate that is supported by the network. If OFDM Only (Disables 802.11b) is enabled, the only valid options are 12 Mbps and 24 Mbps, with Mgmt Tx Rate fixed at 6 Mbps. This option can also be used to prevent 802.11b clients from connecting, and to allow greater client density with higher data rates.
    • Mgmt Tx Rate: Select 1, 2, 5.5, 6, 9, 11, 12, or 18 Mbps from the drop-down list. This option is only available if both Enable OFDM only and BSS Min Rate are disabled. (Otherwise, the Mgmt Tx Rate is defined by those settings.) Use the Mgmt Tx Rate setting to configure the rate at which management frames are sent. The default is 6 Mbps.
    • OFDM only (Disables 802.11b): Toggle the switch to ON to enable this option. Enabling this option disables CCK rates of 1, 2, 5.5, and 11 Mbps, so no 802.11b-only clients can connect. Beacons and probe responses will be transmitted at 6 Mbps, and data frames at 6, 9, 18, 24, 36, 48, and 54 Mbps. Enforcing higher minimum data rates increases overall network throughput capacity but reduces the distance at which clients are able to remain connected.
    Note: The OFDM Only is disabled by default. To enable it, manually toggle the switch on.

Configuring the Networking Settings for a Wi-Fi Network

Configure any or all of the networking settings, as necessary, for your network needs. Note that required fields already have a default value assigned, which you may retain or modify.
  1. Select the Networking sub-tab.
    Configuring the Networking Settings
  2. Toggle the Enable Agile Multiband (AMB) switch on to enable the feature. This setting is disabled by default.
    Enabling AMB configures the WLAN to send a Multi‑Band Operation announcement that helps guide client roaming decisions. Other roaming‑related features, including 802.11k, 802.11r, and 802.11w, must be enabled or disabled separately.
  3. Toggle the Enable 802.11k neighbor reports switch on to enable the feature. This setting provides a list of nearby APs to help clients make faster roaming decisions. This setting is enabled by default.
  4. Toggle the Enable 802.11d switch on to enable the feature. This setting adds country information to beacons and probe messages so the AP can operate correctly across different regulatory domains. This setting is enabled by default.
  5. Toggle the Enable 802.11r Fast BSS Transition switch on to enable the feature, and set a Mobility Domain ID (valid range: 1 through 65535). This setting is disabled by default.

    When enabled, 802.11r Fast BSS Transition improves the efficiency of handoff processes between access points (APs) within the same network. This feature reduces the time required for a client device to authenticate with a new AP, ensuring smoother transitions and maintaining continuous connectivity.

    Mobility Domain ID defines the network area for fast roaming in IEEE 802.11r, allowing shared master keys for seamless client transitions.

    Over-the-Distributed System (DS) support in the IEEE 802.11r Fast Basic Service Set (BSS) Transition protocol can significantly enhance the efficiency of Fast Transition (FT) support. This feature allows a client device to pre-authenticate with a target Access Point (AP) through the currently connected AP. As a result, when the client device roams, it can complete the transition with a simple re-association handshake, ensuring a smoother and quicker handover process.

  6. For Client Inactivity Timeout, set the time duration (in seconds) after which an inactive client remains connected before being disconnected. The valid range is from 60 through 86,400 seconds.
  7. For Directed MC/BC Threshold, set the threshold for converting multicast or broadcast traffic to unicast to improve network efficiency. The valid range is from 0 through 5.
  8. The Airtime Decongestion setting optimizes airtime usage by ensuring that all devices connected to the Wi-Fi network get a fair share of the available bandwidth. This setting is enabled by default.
  9. For Join RSSI Threshold, disable Airtime Decongestion to enable Join RSSI Threshold setting. Toggle the Join RSSI Threshold switch on (default is -80 dBm) and set the minimum signal strength (must be between -90 and -60 dBm) required for a client to join the network. By default, Join RSSI Threshold is disabled.
  10. Toggle the Transient Client Management switch on and configure the following parameters:

    Transient Client Management manages clients that frequently connect and disconnect to maintain network stability. This setting is disabled by default.

    • Join Wait Time: Enter a value in seconds or use the arrows. Valid values ranges from 1 through 60 seconds. The default value is -1.
    • Join Expire Time: Enter a value in seconds or use the arrows. Valid value ranges from 1 through 300 seconds. The default value is -1.
    • Join Wait Threshold: Enter a value in seconds or use the arrows. Valid value ranges from 1 through 50 seconds. The default value is 10 seconds.
  11. Toggle the Optimized Connectivity Experience (OCE) switch on and configure the following parameters:

    Optimized Connectivity Experience (OCE) enhances client connectivity and roaming performance. This setting is disabled by default.

    • Broadcast Probe Response Delay: Valid values are from 8 through 120 ms. The default value is 15 ms.
    • RSSI-Based Association Rejection Threshold: Valid values are from -90 through -60 dBm. The default value is -75 dBm.
  12. Toggle the AP Host Name Advertisement in Beacon switch on to advertise the hostname of an AP in beacon frames for easier identification. This setting is disabled by default.
  13. The GTK Rekey setting allows periodic generation of a new group key for securing multicast or broadcast traffic. This setting is enabled by default.
  14. Toggle the Multicast Filter switch on to enable this feature. By default, Multicast Filter is disabled.
    Multicast Filter filters multicast traffic to reduce unnecessary network load. When the Multicast Filter option is enabled on an AP, it drops all IPv4 and IPv6 multicast and broadcast traffic from associated wireless clients except for the following, which forms the "multicast filter bypass" list. Note that the downstream multicast is unaffected.
    • ARP request
    • DHCPv4 request
    • DHCPv6 request
    • IPv6 NS
    • IPv6 NA
    • IPv6 RS
    • IGMP
    • MLD
    • All unicast packets
  15. Multicast Rate Limiting limits the rate of multicast traffic to prevent network congestion. Multicast Filter must be enabled to configure the Multicast Rate Limiting setting.

    Multicast Filter and Multicast Rate Limiting are mutually exclusive features. From the RUCKUS One web interface, you cannot enable them at the same time. SSID rate limiting will always take precedence if Multicast rate limiting is also configured. Multicast downlink rate limiting should not be greater than 50% of BSS min rate.

    Note: Enabling Directed Multicast in the Venue-level or AP-level settings (which converts multicast packets to unicast) will impact the functionality of Multicast Rate Limiting.
  16. BSS Priority: Adjusts the priority of Basic Service Set (BSS) to manage traffic more effectively. Set the BSS Priority to Low or High
    • Low: Reduces the priority of the WLAN by limiting the throughput to all clients connected to this WLAN.
    • High: Has no throughput limits. By default, the WLAN priority is set to High.
  17. Under Wi-Fi 7, configure the following settings:
    • Enable Wi-Fi 6/ 7: Allows some legacy Wi-Fi 5 clients with out-of-date drivers to interoperate with a Wi-Fi 6/7 AP. Toggle the Enable Wi-Fi 6/ 7 switch on. By default, Enable Wi-Fi 6/ 7 is enabled.
    • Enable Multi-Link operation (MLO): Toggle the Enable Multi-Link operation (MLO) switch on to enable the feature. When you enable this feature, all three bands, 2.4 GHz, 5 GHz, and 6 GHz are selected by default.

      MLO allows Wi-Fi 7 devices to use multiple radio channels simultaneously (at least two) for better throughput and efficiency. For MLO to function, radios on APs must be active, and their usage is determined by AP configuration, which limits the number of supported 6 GHz network

      Note: DPSK is not supported for this feature.
      Note: This toggle is only available when the network uses WPA3, WPA2/WPA3 mixed mode, or OWE encryption.
  18. Under RADIUS Options, configure the following settings. This option is available for Enterprise AAA (802.1X), Hotspot 2.0 Access, Open Network with External MAC Authentication, and third-party captive portal network types.
    • NAS ID: Identifies clients to a RADIUS server. Select an option from the list.
    • MAC Delimiter: Select Dash or Colon.
    • NAS Request Timeout: Enter the timeout period (in seconds) after which an expected RADIUS response message is considered to have failed.
    • NAS Max Retries: Enter the number of failed connection attempts after which RUCKUS One will failover to the backup RADIUS server.
    • NAS Reconnect Primary: Enter the number of minutes after which RUCKUS One will attempt to reconnect to the primary RADIUS server after failover to the backup server.
    • Called Station ID: Allows NAS to send the ID, that is called by the user. Select an option from the list.
    • Single Session ID Accounting: Allows the APs to maintain one accounting session (including statistics) for a user roaming between APs. This setting is disabled by default. Toggle the switch on to enable the feature.

      This option is not visible unless one of the selected identity providers enables an accounting service. You can find the Accounting Service option in the AAA Settings page by navigating to Network Control > Service Catalog > Identity Provider > Add Identity Provider.

    RADIUS Options

Configuring the Advanced Settings for a Wi-Fi Network

Configure any or all of the advanced settings, as necessary, for your network needs. Note that required fields already have a default value assigned, which you may retain or modify.
  1. Select the Advanced sub-tab.
    Configuring the Advanced Settings
  2. Set the DTIM (Delivery Traffic Indication Message) Interval to a value ranging from 1 (default) through 255. .
    DTIM interval controls how often DTIM messages are transmitted, and this affects the frequency of data transmissions per broadcast beacon. Setting the DTIM interval to a lower value results in more frequent DTIM messages, which can prevent mobile devices from going into power‑save mode and thereby increase battery consumption.
  3. QoS Mirroring enables APs to learn User Priority (UP) from uplink traffic and mirror it in downlink traffic. This ensures proper traffic differentiation, prioritizing critical applications like voice and video to maintain QoS. By default, QoS Mirroring is enabled. Configure the QoS Mirroring Scope by selecting one of the following options from the drop-down list:
    • MSCS requests only (default): When selected, QoS Mirroring is enabled only for clients that send mirrored stream classification service (MSCS) requests.
    • All clients: When selected, QoS Mirroring is enabled for all clients.

    Click the icon next to QoS Mirroring to view the feature synopsis and the minimum required AP firmware version. Click See the compatibility requirements to view the minimum required AP firmware version and the supported AP model families (denoted by their applicable IEEE 802.11 standard).

    Note: QoS Mirroring is supported only on APs that are running RUCKUS One AP firmware 7.0 and later versions.
  4. Toggle the QoS Map Set switch on. The QoS Map Set setting reprioritizes downlink packets based on the configured mappings. When an AP receives a downlink packet, it checks the existing DSCP (Layer 3 QoS) marking, compares it to this map set and then changes the user priority (Layer 2 QoS) values for transmission by the AP. By default, QoS Map Set is disabled.
    If you want to edit a QoS map set, select a specific QoS map set from the table and click the Edit option that appears above the table. In the Edit QoS Map sidebar, edit the required fields and click Apply.
  5. Click Next to go to the Venue page to activate this network on the venue.
    For the Captive Portal network types (except Cloudpath and third-party), you will see an additional screen, Portal Web Page before navigating to the Venue screen to activate the network.