Configuring Additional Settings for a
Wi-Fi Network
While creating a new network or modifying
an existing network, you can configure a range of additional options that give you a high
degree of control over the way the network functions.
These options include VLAN configuration, network access
controls, radio throughput settings, networking configurations, and advanced quality or
service settings. Note that options vary from network to network, for example, only
Captive Portal networks include User Connection options.Complete one of the following steps to
configure the additional settings for a Wi-Fi network.
Configure additional options while adding a new wireless network.
Step through the Create New Network wizard until
you reach the Settings or
Onboarding page (page name is dependent on the
network type).
Click on Show more settings to expand the list
of additional settings.
Edit an existing network.
Navigate to Wi-Fi > Wi-Fi
Networks > Wi-Fi
Networks List.
Click the check box for the specific Wi-Fi network that you want to
configure, then click Edit. The Edit
Network page is displayed.
Click Next to advance through the wizard until
you reach the More Settings page, or click
More Settings in the wizard's navigation
menu.
The following sub-tabs
are accessible. By default, the VLAN sub-tab is
displayed. Each sub-tab includes additional Wi-Fi configuration
options to configure the settings of your preference. Refer to the
following instructions to customize each of the available
settings:
Demonstration
of Advanced Settings for a Wi-Fi Network. This video
explains advanced settings for a Wi-Fi network and walks you
through the process of configuring them.
Configure any or all of the settings in the VLAN
sub-tab, as necessary, for your network needs. Note that required fields already
have a default value assigned, which you may retain or modify.
You can either configure
VLAN Pooling or assign a VLAN ID to this network. Toggle the
VLAN sub-tab, toggle the VLAN Pooling
switch to ON to assign a VLAN pooling policy to this WLAN. From the
Select VLAN
Pooling drop-down list, select a VLAN pool or click
Add
Pool to configure a new VLAN pool.
A VLAN pool policy allows
a single VLAN, multiple VLANs (separated by comma), or a VLAN range
(from 2 through 4094). By default, VLAN
Pooling is disabled. Refer to Creating a VLAN Pool for more
information.
Configuring the
VLAN Settings
For VLAN ID,
enter the VLAN ID number that you want to assign to this network.
The valid range is from 1
through 4094. The default value is 1. The VLAN ID
option is not available if the VLAN
Pooling or Enable RUCKUS DHCP
service setting is enabled.
Dynamic VLAN is enabled by default. Dynamic VLAN
automatically and dynamically assigns wireless clients to different VLANs
based on their MAC addresses, using either a pre-registered MAC list or an
external MAC authentication service.
Dynamic VLAN option is
available only for DPSK, Enterprise AAA (802.1X), and 3rd Party Captive
Portal (WISPr) network types.
For Proxy
ARP, toggle the switch to ON to enable
this network to respond to ARP requests. Proxy ARP is
disabled by default.
Configuring the Hotspot 2.0 Settings for a Wi-Fi Network
Configure any or all of the Hotspot 2.0 settings, as
necessary, for your Hotspot 2.0 network needs. Note that required fields already
have a default value assigned, which you may retain or modify.
Select the Hotspot 2.0 sub-tab.
For Accounting Interim Updates, set the accounting
update interval, ranging from 0 through 1440. Default value is 5
minutes.
Configuring the Hotspot 2.0 Settings
Internet Access is enabled by default, which allows
devices to connect to the internet through the hotspot. If this option is
disabled, any device attempting to connect to the Hotspot Wi-Fi network will
be able to connect to the network but will not be able to access the
internet.
For Access Network Type, select the access network
type from the list.
For IPV4 Address, select the IPV4 address type for
the network.
For Protocol, select a preconfigured protocol from
the Connection Capabilities table or click Add. In
the Add Protocol sidebar, add a Protocol
Name, Protocol Number,
Port Number, Status, and
click Save.
Configuring the User Connection Settings for a Wi-Fi Network
Configure any or all of the user connection settings,
as necessary, for your Captive Portal network needs. Note that required fields
already have a default value assigned, which you may retain or modify.
Select the User Connection sub-tab.
Configuring the
User Connection Settings
For Max number of devices per
credentials, use the arrows or enter a value ranging from 1
through 10. The default value is 1. Sets the maximum number of devices that
the guest can connect using the Active Directory or LDAP credentials. This
option is available for Active Directory or LDAP server captive portal
network type.
For Allow the user to stay connected for, from the
drop-down list, select the Minutes,
Hours, or Days and then enter
the duration of connection time after which the client is disconnected or
use the arrows to select the duration in minutes, hours, or days. By
default, the duration is set to 1 day. The maximum
duration can be up to 10 days, 240 hours, or 14400 minutes.
Note: After exceeding the
configured duration for the session, the client will be disconnected
from the network and asked to re-authenticate with the portal.
In the Do not redirect to the portal when reconnecting
within section, from the drop-down list, select
Minutes, Hours,
Days, or Weeks and then enter
the duration or use the arrows to select the number of minutes, hours, days,
or weeks. enter the duration of wait time after which the client is
redirected to reconnect with the portal for or use the arrows to select the
duration in Minutes, Hours, or
Days, or Weeks.
Minutes: The valid range is from 1 through
1440 minutes.
Hours: The valid range is from 1 through
24 hours.
Days: The valid range is from 1 through 30
days.
Weeks: The valid range is from 1 through 7
weeks.
You can set the Grace Period, which determines the
number of minutes during which previously authenticated clients can
reconnect to the network without re-authentication. By default, the grace
period is set to 60 minutes. However, the grace period
cannot exceed the total connection time allotted to the user or 14,399
minutes (approximately 10 days).
Configuring the Network Control Settings for a Wi-Fi Network
Configure any or all of the network control settings,
as necessary, for your network needs. Note that required fields already have a
default value assigned, which you may retain or modify.
Select the Network Control sub-tab.
Configuring the
Network Control Settings
(Optional) Toggle the DNS Proxy
switch to ON. The DNS Proxy dialog box is
displayed. DNS Proxy enables this network to respond to DNS requests.
DNS Proxy is disabled by default.
DNS Proxy Dialog
Box
Click Add
Rule to add a new DNS proxy rule. In the
Add DNS Proxy Rule dialog box, configure
the following settings:
Domain
Name: Enter a domain name for the DNS proxy
rule.
IP
Addresses: Enter an IP address.
Adding a
DNS Proxy Rule
Click Add
to add the domain name and IP address to the table.
Click Save.
Click OK.
(Optional) Toggle the Wi-Fi Calling
switch to ON to allow voice calls over a Wi-Fi network instead of a
cellular network. Wi-Fi Calling is disabled by
default.
Wi-Fi Calling
Dialog Box
Toggle the Select
Profiles switch to ON. The
Select Wi-Fi Calling Profiles dialog box is
displayed.Selecting
Wi-Fi Calling Profiles
Select the profiles
in the Available Profiles table and click
Add to move the selected profile to the
Selected Profiles table. To remove the
profiles from the Selected Profiles table,
select the profiles in the Selected Profiles
table and click Remove.
Click Save.
(Optional) Toggle the Client
Isolation switch to ON to prevent
devices on the same network from communicating directly with each other,
enhancing security. Client Isolation is disabled by
default.
Client Isolation
Setting
Isolation
Packets: Select Unicast, Multicast/broadcast, or Unicast and
Multicast/broadcast from the drop-down list.
Automatic support
for VRRP/HSRP: Set the switch to ON to
enable the automatic support for VRRP/HSRP.
Client Isolation
Allowlist by Venue: Set the switch to ON to
enable the client isolation allowlist by venue.
(Optional) Toggle the
Anti-spoofing switch to ON to verify
the authenticity of devices and prevents IP address spoofing. Anti-spoofing
is disabled by default.
Anti-Spoofing
SettingComplete the following fields:
ARP request rate
limit: Enter the ARP request rate limit.
DHCP request rate
limit: Enter the DHCP request rate limit.
(Optional) Toggle the Logging client data to
external syslog switch to ON to send
client activity logs to an external Syslog server for monitoring and
analysis. Logging client data to external syslog is
disabled by default.
(Optional) Application Recognition
& Control is enabled by default. Manages the usage and
reporting of network guest application activities. You can see the
applications usage of device clients from the RUCKUS One dashboard. Disabling this setting stops the monitoring and
reporting of these activities.
(Optional) Under DHCP,
configure the following settings:
Force
DHCP: Ensures that all devices on this network
obtain their IP addresses through the DHCP server. Force
DHCP is disabled by default. Toggle the Force
DHCP switch to ON to
enable this setting. If you enable the
Anti-spoofing setting, then Force
DHCP is disabled and greyed out.
DHCP Option
82: DHCP Option 82 allows a DHCP relay agent to
insert circuit-specific information into a request that is being
forwarded to a DHCP server. By default, this feature is disabled.
Toggle the DHCP Option 82 switch to ON to
enable this setting. This option works by setting two
sub-options:
Agent
Circuit ID (enabled by default): Select a
circuit ID from the drop-down list.
Agent
Remote ID (disabled by default): Select a
remote ID from the drop-down list.
Sub-option 150 with VLAN ID
Sub-option 151
AP &
Client MAC format delimiter
The insertion
of DHCP Option 82 information is supported for wireless clients
in RUCKUS One. The DHCP relay agent adds
information such as the port number of the client or its own MAC
address to the DHCP packet before forwarding it to the DHCP
server.
Configuring DHCP Option 82
(Optional) Toggle the
Access Control switch to ON.
Access Control
Setting
Select a policy from the Access Control
Policy drop-down list.
Click Add to add an access control policy.
Click Select Separate Profiles to select
another access control policy. For more information, refer to Creating an Access Control Policy.
Click Save as AC Policy to display the
Add Access Control Policy dialog box and
create a new access control policy.
For Policy
Name, enter a name.
For
Description, enter a short description for
the policy.
Configure Layer
2, Layer
3, Device &
OS, Applications, and Client Rate
Limit. For more information, refer to Creating an Access Control Policy.
Click Save as AC
Profile to create a new Access Control policy.
If you want to cancel
the Access
Control Policy selection, click Select separate
profiles to exit from the Select Access
Control Profile.
Adding an Access
Control Policy
Configuring the Wi-Fi Radio Settings for a Wi-Fi Network
Configure any or all of the radio settings, as
necessary, for your network needs. Note that required fields already have a default
value assigned, which you may retain or modify.
Select the Radio sub-tab.
Radio
Settings
Toggle the Hide SSID
switch to ON if you want to hide the network name from being
broadcast. This setting is disabled by default.
Under Load
Control, complete the following fields:
Max Rate: Choose one of the following
options from the drop-down list:
Unlimited (default): No limits
on bandwidth allocation.
Per AP: The maximum bandwidth
allocation limit of all connections to that specific network
on the AP. If selected, two other options appear (enabled by
default), Upload Limit and
Download Limit. If either (or
both) check boxes are selected, a sliding scale appears and
you can drag your cursor along the line to choose the Mbps
limits for each. The upload and download limit ranges from 1
through 500 Mbps.
Max clients per radio: Limits the number
of clients that can associate with this network per AP radio
(default is 100). The value ranges from 1 through 512.
Enable load balancing between all radios
(enabled by default): Select this check box to enable load balancing
for all radios. Load balancing helps improve network performance by
helping to spread the client load between the radios on the AP.
Enable load balancing between APs
(enabled by default): Select this check box to spread the client
load between nearby access points, so that one AP does not get
overloaded while another AP sits idle.
Under Data Rate Control (2.4 GHz & 5 GHz),
configure the following settings:
BSS Min Rate: Select None,
1
Mbps, 2
Mbps, 5.5
Mbps, 12
Mbps, or 24
Mbps from the drop-down list. Use BSS Min
Rate option to configure the minimum transmission
rate that is supported by the network. If OFDM Only
(Disables 802.11b) is enabled, the only valid
options are 12 Mbps and 24 Mbps, with Mgmt Tx
Rate fixed at 6 Mbps. This option can also be used
to prevent 802.11b clients from connecting, and to allow greater
client density with higher data rates.
Mgmt Tx Rate: Select 1, 2, 5.5, 6, 9, 11, 12, or 18
Mbps from the drop-down list. This option is only available if both
Enable OFDM only and BSS Min Rate are disabled. (Otherwise, the Mgmt Tx
Rate is defined by those settings.) Use the Mgmt Tx Rate setting to configure the rate at which
management frames are sent. The default is 6 Mbps.
OFDM only (Disables 802.11b): Toggle the switch to
ON to enable this option. Enabling this option
disables CCK rates of 1, 2, 5.5, and 11 Mbps, so no 802.11b-only
clients can connect. Beacons and probe responses will be transmitted
at 6 Mbps, and data frames at 6, 9, 18, 24, 36, 48, and 54 Mbps.
Enforcing higher minimum data rates increases overall network
throughput capacity but reduces the distance at which clients are
able to remain connected.
Configuring the Networking Settings for a Wi-Fi Network
Configure any or all of the networking settings, as
necessary, for your network needs. Note that required fields already have a default
value assigned, which you may retain or modify.
Select the Networking sub-tab.
Configuring the
Networking Settings
Toggle the Enable Agile Multiband
(AMB) switch to ON to enable
the feature. Disabled by default.
Agile Multiband prioritizes
roaming performance in indoor environments, supporting IEEE protocols
802.11k, 802.11v, 802.11u, and 802.11r. Agile Multiband is a collection of
features designed to improve resource utilization, balance Wi-Fi load,
increase capacity, and provide the best possible Wi-Fi experience. AMB
configures WLANs to send IE Multi Band Operation information elements that
include beacon reporting, channel non-preference, cellular capability, and
association disallow.
The Enable
802.11k neighbor reports setting enhances roaming by
providing a list of neighbor APs to the client device. Enabled by
default.
The Enable
802.11d setting allows the AP to support multiple regulatory
domains by the addition of a country information element to beacons, probe
requests, and probe responses. Enabled by default.
Toggle the Enable 802.11r Fast BSS
Transition switch to ON and set
the value of Mobility Domain ID (allowed value is 1 through 65535). The
Enable 802.11r
Fast BSS Transition setting improves efficiency and speeds
up handoff processes between access points within the same network, ensuring
smoother transitions and continuous connectivity. IEEE 802.11r Fast BSS
Transition roaming protocol reduces the number of frame exchanges required
for roaming and allows the clients and APs to reuse the master keys obtained
during a prior authentication exchange. Mobility Domain
ID defines the network area for fast roaming in IEEE
802.11r, allowing shared master keys for seamless client transitions.
Enable 802.11r
Fast BSS Transition is disabled by default.
For Client
Inactivity Timeout, set the time duration (in seconds) after
which an inactive client remains connected before being disconnected. The
valid range is from 60 through 86400 seconds.
For Directed
MC/BC Threshold, set the threshold for converting multicast
or broadcast traffic to unicast to improve network efficiency. The valid
range is from 0 through 5.
The Airtime
Decongestion setting optimizes airtime usage by ensuring
that all devices connected to the Wi-Fi network get a fair share of the
available bandwidth. Enabled by default.
For Join RSSI
Threshold, disable Airtime
Decongestion to enable Join RSSI
Threshold setting. Toggle the Join RSSI
Threshold switch to ON (default
is -80 dBm) and set the minimum signal strength (must be between -90 and -60
dBm) required for a client to join the network. By default, Join RSSI
Threshold is disabled.
Toggle the Transient Client Management switch to
ON
and configure the following parameters:
Transient Client Management manages clients that
frequently connect and disconnect to maintain network stability. This
setting is disabled by default.
Join Wait Time: Enter a value in seconds or
use the arrows. Valid value ranges from 1 through 60 seconds. The
default value is -1 second.
Join Expire Time: Enter a value in seconds or
use the arrows. Valid value ranges from 1 through 300 seconds. The
default value is -1 second.
Join Wait Threshold: Enter a value in seconds
or use the arrows. Valid value ranges from 1 through 50 seconds. The
default value is 10 seconds.
Toggle the Optimized Connectivity Experience (OCE)
switch to ON and configure the following parameters:
Optimized
Connectivity Experience (OCE) enhances client
connectivity and roaming performance. This setting is disabled by
default.
Broadcast Probe
Response Delay: Valid value is from 8 through 120
ms. The default value is 15 ms.
RSSI-Based
Association Rejection Threshold: Valid value is from
-90 through -60 dBm. The default value is -75 dBm.
Toggle the AP Host Name Advertisement in Beacon switch
to ON
to advertise the hostname of an AP in beacon frames for easier
identification. This setting is disabled by default.
The GTK
Rekey setting allows periodic generation of a new group key
for securing multicast or broadcast traffic. Enabled by default.
Toggle the Multicast Filter switch to ON to enable
this feature. By default, Multicast
Filter is disabled.
Multicast
Filter filters multicast traffic to reduce unnecessary
network load. When the Multicast Filter option is
enabled on an AP, it will drop all IPv4 and IPv6 multicast and broadcast
from associated wireless clients except for the below which forms into
"multicast filter bypass" list. Note that the downstream multicast is
unaffected.
ARP request
DHCPv4 request
DHCPv6 request
IPv6 NS
IPv6 NA
IPv6 RS
IGMP
MLD
All unicast
packets
Multicast Rate
Limiting limits the rate of multicast traffic to prevent
network congestion. Multicast
Filter must be enabled to configure the Multicast Rate
Limiting setting.
Multicast Filter and
Multicast Rate Limiting are mutually exclusive features. From the RUCKUS One web interface, you cannot enable
them at the same time. SSID rate limiting will always take precedence if
Multicast rate limiting is also configured. Multicast downlink rate
limiting should not be greater than 50% of BSS min rate.
Note: Enabling Directed
Multicast in the Venue-level or AP-level settings (which
converts multicast packets to unicast) will impact the functionality of
Multicast
Rate Limiting.
BSS Priority: Adjusts the priority of Basic Service
Set (BSS) to manage traffic more effectively. Set the BSS Priority to
Low or High
Low: Reduces the priority of the WLAN by
limiting the throughput to all clients connected to this WLAN.
High: Has no throughput limits. By
default, the WLAN priority is set to High.
Under Wi-Fi
7, configure the following settings:
Enable Wi-Fi 6/
7: Allows some legacy Wi-Fi 5 clients with
out-of-date drivers to inter-operate with a Wi-Fi 6/7 AP. Toggle the
Enable
Wi-Fi 6/ 7 switch to ON.
By default, Enable Wi-Fi 6/
7 is enabled.
Multi-Link
operation (MLO): MLO allows Wi-Fi 7 devices to use
multiple radio channels simultaneously (at least two) for better
throughput and efficiency. For MLO to function, radios on APs must
be active, and their usage is determined by AP configuration, which
limits the number of supported 6 GHz networks. By default, MLO is
disabled and greyed out. For the functioning of MLO, ensure that
either the WPA3 or OWE encryption method is activated.
Under RADIUS
Options, configure the following settings. This option is
available for Cloudpath and third-party captive portal network types.
NAS
ID: Identifies clients to a RADIUS server. Select an
option from the list.
MAC Delimiter: Select
Dash or
Colon.
NAS Request
Timeout: Enter the timeout period (in seconds) after
which an expected RADIUS response message is considered to have
failed.
NAS Max
Retries: Enter the number of failed connection
attempts after which RUCKUS One will
failover to the backup RADIUS server.
NAS Reconnect
Primary: Enter the number of minutes after which RUCKUS One will attempt to reconnect to
the primary RADIUS server after failover to the backup server.
Called Station
ID: Allows NAS to send the ID, which is called by
the user. Select an option from the list.
Configuring the Advanced Settings for a Wi-Fi Network
Configure any or all of the advanced settings, as
necessary, for your network needs. Note that required fields already have a default
value assigned, which you may retain or modify.
Select the Advanced sub-tab.
Configuring the
Advanced Settings
For DTIM (Delivery Traffic Indication Message)
Interval, set a value ranging from 1 (default) through 255.
DTIM interval controls how often DTIM messages are transmitted and this
affects the frequency of data transmissions per broadcast beacon. Setting
the DTIM interval to a lower value results in more frequent DTIM messages,
which can prevent mobile devices from going into power-save mode and thereby
increasing battery consumption.
The QoS Mirroring setting duplicates network traffic
to ensure quality of service for specific multimedia clients or all clients
on your Wi-Fi network. By default, QoS Mirroring
is enabled. Configure the QoS Mirroring
Scope by selecting one of the following options from the
drop-down list:
MSCS requests
only (default): When selected, QoS Mirroring is
enabled only for clients that send mirrored stream classification
service (MSCS) requests.
All
clients: When selected, QoS Mirroring is enabled for
all clients.
Click the icon next to QoS
Mirroring to view the feature synopsis and the minimum
required AP firmware version. Click See the compatibility
requirements to view the minimum required AP firmware
version and the supported AP model families (denoted by their applicable
IEEE 802.11 standard).
Note: QoS Mirroring is
supported only on APs that are running RUCKUS One AP
firmware 7.0 and later versions.
Toggle the QoS
Map Set switch to ON. The
QoS Map Set setting reprioritizes downlink packets
based on the configured mappings. When an AP receives a downlink packet, it
checks the existing DSCP (Layer 3 QoS) marking, compares it to this map set
and then changes the user priority (Layer 2 QoS) values for transmission by
the AP. By default, QoS Map Set
is disabled.
If you want to edit a QoS map set, select a specific QoS map set from the
table and click the Edit option
that appears above the table. In the Edit QoS Map
sidebar, edit the required fields and click Apply.
Click Next to go the Venue page to activate this
network on the venue.
For the Captive Portal
network types (except Cloudpath and third-party), you will see an additional
screen, Portal Web
Page before navigating to the Venue screen to activate the
network.