Page 1
Operation/Reference Guide NXA-WAPZD1000 ZoneDirector Smart WLAN Controller N e t w o r k / C o m m u n i c a t i o n I n i t ia l R e le a se : 3 / 2 8 / 2 0 1 1...
Page 2
AMX is not responsible for products returned without a valid RMA number. AMX is not liable for any damages caused by its products or for the failure of its products to perform. This includes any lost profits, lost savings, incidental damages, or consequential damages.
Page 3
LICENSE GRANT. AMX grants to Licensee the non-exclusive right to use the AMX Software in the manner described in this License. The AMX Software is licensed, not sold. This license does not grant Licensee the right to create derivative works of the AMX Software.
Accessing the NXA-WAPZD1000’s Command Line Interface........15 About Wireless WLAN Security ................17 Enabling Smart Redundancy ................... 17 Configuring the NXA-WAPZD1000 for Smart Redundancy ........... 17 Forcing Failover to the Backup NXA-WAPZD1000 ............18 Browser-Based Configuration Pages ..............19 Overview ........................ 19 Dashboard ......................20...
Page 6
Enabling Management via FlexMaster ................48 Configuring SNMP Support................... 48 Enabling the SNMP Agent..................... 49 Enabling SNMP Trap Notifications ................49 Trap Notifications Sent by the NXA-WAPZD1000............49 NXA-WAPZD1000 Management ACL................50 WLANs ........................51 Overview of Wireless Networks ..................52 Creating a WLAN ......................
Page 7
Creating a Guest WLAN ....................65 Access Points ......................66 Assigning a WLAN Group to an AP ................67 Deploying NXA-WAPZD1000 WLANs in a VLAN Environment ........67 Tagging Management Traffic to a VLAN............... 67 How Dynamic VLAN Works ................... 68 Adding New Access Points to the WLAN..............
Page 8
Single Domain Active Directory Authentication ............97 Multi-Domain Active Directory Authentication.............. 98 LDAP ..........................98 Advanced LDAP Filtering ....................98 Group Extraction ......................99 RADIUS / RADIUS Accounting ..................99 Configuring a Backup RADIUS / RADIUS Accounting Server......... 99 NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Page 9
Using an External Server for Administrator Authentication ........110 Administer Tab ....................112 Preferences......................112 Changing the NXA-WAPZD1000 Administrator User Name and Password ....112 Changing the Browser-Based Configuration Pages Display Language......113 Back up/Restore ....................114 Backing Up a Network Configuration................114 Restoring Archived Settings to the NXA-WAPZD1000 ..........
Page 10
Deploying a Wireless Mesh via the NXA-WAPZD1000 ......... 130 Step 1: Prepare for Wireless Mesh Deployment ............130 Step 2: Enable Mesh Capability on the NXA-WAPZD1000 ......... 130 Step 3: Provision and Deploy Mesh Nodes ..............130 Step 4: Verify That the Wireless Mesh Network Is Up..........131 Using the ZoneFlex LEDs to Determine the Mesh Status ........
Page 11
Using SpeedFlex in a Multi-Hop Smart Mesh Network......... 146 Allowing Users to Measure Their Own Wireless Throughput........ 147 How to Measure the Speed of Your Wireless Connection ........147 Diagnosing Poor Network Performance ............... 148 Starting a Radio Frequency Scan ................148 NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Page 12
Table of Contents viii NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
WAPZD1000, thereby eliminating bottlenecks when higher speed Wi-Fi technologies, such as 802.11n, are used. In addition, the NXA-WAPZD1000 supports rogue AP detection and the ability to blacklist client devices from the network — all of which are easily configured and enabled system-wide. When multiple APs are in close proximity, the NXA-WAPZD1000 automatically controls the power and the channel settings on each AP to provide the best possible total coverage and resilience.
(FG2255-53) Common Applications The NXA-WAPZD1000 is ideal for homes and businesses that require a robust and secure WLAN that can be easily deployed, centrally managed and automatically tuned. The NXA-WAP1000 is perfect for environments where high bandwidth applications such as video streaming are accessed simultaneously from several wireless devices such as iPads, laptops, and gaming consoles.
PC client devices with unique encryption keys Power Adapter Compatibility The NXA-WAPZD1000 is shipped with an appropriate power adapter for the country in which it is to be used: FG2255-52: Includes US Power Adapter for use in US, Canada, Colombia, Ecuador, Mexico ...
Press the button again to restart the device. Resetting the NXA-WAPZD1000 The NXA-WAPZD1000 may be reset in one of two modes. To reset the device while saving its current configuration, press the Reset button on the front of the device for one to two seconds.
The NXA-WAPZD1000 ZoneDirector Wireless Setup wizard appears, ready for wireless network configuration. If you prefer not to use UPnP, you can type in the NXA-WAPZD1000’s IP address into a Web browser. In case the LAN has no DHCP server, the NXA-WAPZD1000’s default IP address is 192.168.0.2, with a network mask of 255.255.255.0.
Installation and Setup The Setup Wizard will only appear when connecting to an NXA-WAPZD1000 in the factory default mode. For more information on returning a device to the factory default mode, please refer to the Resetting the NXA-WAPZD1000 section on page 13.
Page 20
Installation and Setup You are now logged into the NXA-WAPZD1000 with limited privileges. As a user with limited privileges, you can view a history of previously executed commands and ping a device. If you want to run more commands, you can switch to privileged mode by entering enable at the root prompt.
About Wireless WLAN Security When you connect to the NXA-WAPZD1000 for the first time and run the Setup Wizard, you are prompted to set up two basic WLAN configurations -- an Internal WLAN for your internal users, and a Guest WLAN for guests.
Enter a Shared Secret for two-way communication between the two devices (up to 15 alphanumeric characters). Click Apply to save your changes and prompt the NXA-WAPZD1000 to attempt to discover its peer on the network. If discovery is successful, the details of the peer device will be displayed to the right. If discovery is unsuccessful, you will be prompted to retry discovery or continue configuring the current device.
NXA-WAPZD1000 and all access points connecting to it. To access the browser-based configuration pages, enter the IP address for the NXA-WAPZD1000 into your preferred Web browser. The browser will then display the Ruckus Wireless ZoneDirector Login page (FIG. 3).
Refresh icon on the right side of the indicator, and hide the indicator in the Add Widgets column by clicking the Hide icon on the right side. Default Dashboard Indicators System Overview: Shows NXA-WAPZD1000 system information, including its IP address, MAC address, model number, maximum number of licensed APs, serial number, and software version number. Devices Overview:...
Widgets are Dashboard components, each containing a separate indicator or table as part of the active Dashboard. Each widget may be added or removed to enhance your NXA-WAPZD1000 summary needs. All unused widgets remain hidden until you click the Add Widgets link at the bottom of the Dashboard.
Page 26
When finished installing or moving widgets, click the Finish link at the bottom of the Widgets section to save your changes. The Widgets column will disappear, but it accessible again by clicking the Add Widgets link again. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Monitor tab workspace, such as the WLANs workspace “Events/Activities” table. Open the NXA-WAPZD1000 Dashboard (page 20) and look at the Most Recent User Activities table and Most Recent System Activities table for summaries of activity in the network.
The AP’s “description.” This can be modified on the Configure > Access Points page by clicking the Edit link next to the AP’s MAC address. Model: The model number, if applicable. Status: Displays the current status of the AP from the NXA-WAPZD1000’s perspective: • Approval Pending • Connected • Disconnected •...
Displays uptime, clients and mesh status. Actions: Action icons provide tools for managing the AP. WLANs: Displays the WLANs that this AP is supporting. Radio 802.11(a/n or g/n): Displays details on the 2.4GHz (g/n) and 5GHz (a/n) radios. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Click the Restart icon. The Status column now displays “Disconnected” along with the date and time when the NXA-WAPZD1000 last communicated with the AP. After restart is complete and the NXA-WAPZD1000 detects the active AP, the status will be returned to “Connected.”...
The image should be monochrome or grayscale. The file size should be no larger than 200KB in size. The floorplan image should be (ideally) no larger than 10 inches (720 pixels) per side. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Click this icon, and then click an AP from the floorplan to remove that AP. Click this icon to rotate the floorplan. When clicked, rotation crosshairs appear in the center of the map; click and hold these crosshairs and move your cursor to rotate the view. Refresh the floorplan. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Mesh APs through its wireless interface. Optimizing Access Point Performance Using the Map View The NXA-WAPZD1000, through its Browser-Based Configuration Pages, enables you to remotely monitor and adjust key hardware settings on each of your network APs. After assessing AP performance in the context of network performance, you can reset channels and adjust transmission power, or adjust the priority of certain WLANs over others, as needed.
Evaluating and Optimizing Network Coverage If there are gaps or dead spots in your worksite WLAN coverage, you can use the NXA-WAPZD1000 to assess network RF coverage and then reposition APs to enhance coverage.
The date and time of the logged event. Severity: The determined alert level for the event. User: The WLAN producing the event. Activities: The specific activity being logged. Show More: Click this button to show 15 more previous events. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Under Currently Active WLAN Groups, click the WLAN group name for which you want to view the member AP list. On the page that loads, look for the Member APs section. All APs that belong to this WLAN group are listed. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Go to Monitor > Currently Active Clients. When the Currently Active Clients page appears, review the table for a general survey. Click any client device MAC address link to monitor that client in more detail. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Page 38
(which will allow them to attempt to reconnect), testing throughput using SpeedFlex, and testing connectivity using Ping and Traceroute. To review blocked clients, go to Configure > Access Control > Blocked Clients (page 74). NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
The selected PSKs and Certificates are deleted from the system. A user with a deleted PSK or a deleted certificate will not be able to connect to the wireless network without obtaining a new key or a new certificate. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Monitor Tab Generated Guest Passes The Generated Guest Passes page lists all generated guest passes managed by the NXA-WAPZD1000. You can review the guest passes generated for your users, and also remove them if necessary. FIG. 12 Monitor Tab - Generated Guest Passes...
Rogue APs also interfere with nearby authorized APs, thus degrading overall wireless network coverage. Your NXA-WAPZD1000 rogue detection options include identifying the presence of a rogue AP, and locating it on your worksite floorplan prior to its removal. You can also mark rogue APs as “Known” if they are located in a neighboring network —...
Page 42
AP: An access point unknown to the NXA-WAPZD1000. AP (SSID-spoof): A rogue AP that uses the same SSID as the NXA-WAPZD1000’s AP, also known as Evil-twin AP. AP (MAC-spoof): A rogue AP that has the same BSSID (MAC) of one of the virtual APs managed by the NXA-WAPZD1000.
Changing the System Log Settings The NXA-WAPZD1000 maintains an internal log of current events and alarms. This file has a fixed capacity; at a certain level, the device will start deleting the oldest entries to make room for the newest. This log is volatile, and the contents will be deleted if the device is powered down.
Monitor Tab All Alarms If an alarm condition is detected, the NXA-WAPZD1000 will record it in the events log, which, if configured, will send an email warning. FIG. 15 Monitor Tab - All Alarms Monitor Tab - All Alarms Alarms: This section lists all alarms uncleared by the NXA-WAPZD1000 administrator.
This table shows the current mesh network topology between APs and (Mesh-131003001936) the NXA-WAPZD1000. Access Points: The current APs connected to the NXA-WAPZD1000. Signal (dB): The current signal strength of the mesh network connection. Description: (Optional) A more detailed description of the mesh network connection.
Monitor Tab - Real Time Monitoring Start Monitoring button: Click this button to start monitoring. CPU Util: Displays the percentage utilization of the NXA-WAPZD1000’s CPU. Memory Util: Displays the percentage utilization of the NXA-WAPZD1000’s memory. # of APs: Displays the number of wireless access points being managed by the NXA-WAPZD1000.
Configure Tab Configure Tab The Configure Tab contains the tools necessary to configure and maintain a NXA-WAPZD1000 network. This tab includes access to WLAN specifications, identification of users, guest access, and configuration of mesh networks. When making any changes in the Browser-Based Configuration Pages, you must click Apply before you navigate away from the page or your changes will not be saved.
Configure Tab System The majority of the NXA-WAPZD1000’s general system settings can be accessed from the System page under the Configure Tab in the Browser-Based Configuration Pages. A basic set of parameters is configured during the Setup Wizard process. These parameters and others can be customized on this page.
Page 49
Smart Redundancy: Smart Redundancy allows continued operation of your network in the event of an NXA-WAPZD1000 failure or power loss by allowing a connection to a second NXA-WAPZD1000. If the active NXA- WAPZD1000 loses connection, the standby device automatically takes over.
Click Apply to save your settings. The change goes into effect immediately. Changing the Network Addressing If you need to update the IP address and DNS server settings of the NXA-WAPZD1000, follow the steps outlined below. As soon as the IP address has been changed, you will be disconnected from your...
Enabling an Additional Management Interface The additional management interface is created for receiving or transmitting management traffic only. The management IP address can be configured to allow an administrator to access the NXA-WAPZD1000 remotely from a different subnet from the AP network.
Configure Tab Setting the System Time The NXA-WAPZD1000 does not have an internal clock, and if the device is rebooted, it will lose the current time given to it by the configuring PC. Time-sensitive features--such as time-based WLANs and Smart Redundancy--will not function properly if the time is incorrect.
Enabling SNMP Trap Notifications If you have an SNMP trap server on the network, you can configure the NXA-WAPZD1000 to send SNMP trap notifications to the server. Enable this feature if you want to automatically receive notifications for AP and client events that indicate possible network issues.
Configure Tab NXA-WAPZD1000 Management ACL The NXA-WAPZD1000 also includes an access control feature for controlling access to the Browser-Based Configuration Pages. The Management Access Control interface is located on the Configure > System screen. Options include limiting access by subnet, single IP address and IP address range.
Name: The name of the WLAN group. Description: (Optional) A more detailed description of the WLAN. Actions: Select Edit to make changes to the group and Clone to make an exact copy of the group. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Overview of Wireless Networks When you have completed the NXA-WAPZD1000 Setup Wizard, you have a fully functional wireless network, based on two secure WLANs (if you enabled the optional guest WLAN) with access for authorized users and guests.
Select whether Web-based authentication (captive portal) will be used, and which type of authentication server will be used to host credentials (local database, Active Directory, RADIUS, LDAP). Also, enable or disable Wireless Client Isolation, Zero-IT Activation, Dynamic PSK and Priority for this WLAN. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
WEP-64: Provides a lower level of encryption, and is less secure, using 40-bit WEP encryption. WEP-128: Provides a higher level of encryption than WEP-64, using a 104-bit key for WEP encryption. However, WEP is inherently less secure than WPA. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Options include Local Database, RADIUS server, Active Directory and LDAP. When one of these authentication server types is selected (other than Local Database), you will need to point the NXA-WAPZD1000 to the proper authentication server configured on the Configure > AAA Servers page.
Dynamic PSK: Dynamic PSK is available when you have enabled Zero-IT Activation. When a client is activated, the NXA-WAPZD1000 provisions the user with a pre-shared key. This per-user key does not expire by default. If you want to set an expiration for Dynamic PSKs, you can do so from the drop-down menu further down the page.
You can also disable a WLAN temporarily for testing purposes, for example. This feature will not work properly if the NXA-WAPZD1000 does not have the correct time. To ensure the NXA-WAPZD1000 always maintains the correct time, configure an NTP server and point the NXA-WAPZD1000 to the NTP server’s IP address, as...
WLAN to use 802.1X/EAP authentication, you normally have to generate and install certificates for your wireless users. With the built-in EAP server and Zero-IT Wireless Activation, certificates are automatically generated and installed on the end user's computer. Users simply follow the instructions NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
RADIUS server is required for this application. Also, you might need to deploy your own certificates for wireless client devices and for the RADIUS server you are using. In this case, the NXA-WAPZD1000 works as a bridge between your wireless clients and the RADIUS server during the wireless authentication process.
Dynamic PSK offers the following benefits over standard PSK security: Every device on the WLAN has its own unique Dynamic PSK (DPSK) that is valid for that device only. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
WLAN settings and make sure that the Dynamic PSK check box is selected. To generate multiple dynamic PSKs: Go to Configure > WLANs. Scroll down to the Dynamic PSK Batch Generation section. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
If you want to be able to identify the dynamic PSK users by their names (for monitoring or auditing purposes in a school setting, for example), click Browse, and upload a batch dynamic PSK profile instead. Click Generate. The NXA-WAPZD1000 generates the dynamic PSKs, and then the following message appears:...
To self-authenticate a computer to the wireless LAN: Connect the computer to the wired LAN using an Ethernet cable. Open a Web browser and enter the Activation URL in the navigation bar (http:// <NXA-WAPZD1000’s IP address>/activate). A WLAN Connection Activation Web page appears.
For clients that support Zero-IT, an activation script is generated that will automatically install security settings of WLANs configured on the NXA-WAPZD1000 to the client. If your users are connecting with computers running earlier versions of Windows, Linux, or other operating systems, no activation script will be provided for them.
If you want your internal wireless traffic to have priority over guest traffic, set the Priority to Low. Click OK to save your changes. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Click Enable to balance the number of clients across adjacent APs Max Clients: The maximum number of clients allowed access through the AP. Global Configuration: Use this feature to apply global configuration settings to all Access Points. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Click OK to save your changes. Deploying NXA-WAPZD1000 WLANs in a VLAN Environment You can set up an NXA-WAPZD1000 wireless LAN as an extension of a VLAN network environment by tagging wireless client and management traffic to specific VLANs. Qualifications include the following: ...
WAPZD1000. How Dynamic VLAN Works By default, all wireless clients associated with APs managed by the NXA-WAPZD1000 are segmented into a single VLAN (with VLAN ID 1). If you want to segment wireless clients into different VLANs (for example, for security purposes), you can enable dynamic VLAN.
The Automatic AP Approval process is enabled by default, automatically approving AP join requests. If you prefer, you can disable Automatic Approval. If this is your preference, the NXA-WAPZD1000 will detect new APs, alert you to their presence, and then wait for you to manually “approve” their activation.
WLAN coverage, as well as policies on client distribution and communicating with the NXA-WAPZD1000. These policies are enforced on all APs managed by the NXA-WAPZD1000 unless a specific WLAN setting overrides them. For example, if you want to enable Load Balancing for most APs but disable it on specific WLANs, you would enable it in the Access Point Policies section, then disable it for the particular WLAN from the Configure >...
11N Only Mode: Force all 802.11n APs to accept only 802.11n compliant devices on the 2.4GHz or 5GHz radio. If N-Only is selected, all older 802.11b/g devices will be denied access to the radio. The following setting can be applied to all APs of a particular model managed by the NXA-WAPZD1000: ...
Click OK to save your settings. Optimizing Access Point Performance The NXA-WAPZD1000, through the Browser-Based Configuration Pages, enables you to remotely monitor and adjust key hardware settings on each of your network APs. After assessing AP performance in the context of network performance, you can reset channels and adjust transmission power, or adjust the priority of certain WLANs over others, as needed.
WAPZD1000 immediately updates the list of adjacent radios and refreshes the client limits at each affected Once the NXA-WAPZD1000 is aware of which APs are adjacent to each other, it begins managing the client load by sending desired client limits to the APs. These limits are “soft values” that can be exceeded in several scenarios, including: (1) when a client’s signal is so weak that it may not be able to support a link with another...
Access controls can be configured to control access to both your wireless network and to the Browser-Based Configuration Pages themselves. For network access, the NXA-WAPZD1000 features a block list as well as access control lists (ACL) to control access to the network.
ACL. Thus, the block list takes precedence over an ACL. MAC addresses that are in the deny list are blocked at the AP, not at the NXA-WAPZD1000. Configuring Access Control Lists You can build L2/MAC and L3/L4 access control lists to establish which devices are allowed to associate to the APs.
L3/L4 Access Control In addition to L2/MAC based ACL, the NXA-WAPZD1000 also provides access control options at the Layer 3 and Layer 4 levels. This means that you can configure the access control options based on a set of criteria, including: ...
Configure Tab Maps If the NXA-WAPZD1000 does not display a floorplan for your worksite when you open the Monitor tab Map View (page 27), you can import a floorplan and place AP markers in relevant locations by following the steps outlined in this section.
Page 82
Configure Tab Go to Monitor > Map View (page 27) to see this image. You can now use the Map View to place the Access Point markers. FIG. 25 Maps - Editing NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Configure Tab Roles and Policies The NXA-WAPZD1000 provides a “Default” role that is automatically applied to all new user accounts. This role links all users to the internal WLAN and permits access to all WLANs by default. As an alternative, you...
If you want users with this role to have the permission to generate guest passes, enable this option. Administration: This option allows you to create a user role with NXA-WAPZD1000 administration privileges - either full access or limited (read only) access. In the Policies options, clear the Allow Guest Pass Generation check box.
Guest Pass: If you want users with this role to have permission to generate guest passes, check this option. Click OK to save your settings. This new role is ready for application to authorized users. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Configure Tab Users Once your wireless network is set up, you can instruct the NXA-WAPZD1000 to authenticate wireless users by referring to accounts that are stored in the NXA-WAPZD1000’s internal user database. FIG. 28 Configure Tab - Users Configure Tab - Users User Name: The name of the particular user.
Click OK to save your settings. Be sure to communicate the user name and password to the appropriate end user. Managing Current User Accounts The NXA-WAPZD1000 allows you to review your current user roster on the internal user database and to make changes to existing user accounts as needed. To change an existing user account: Go to Configure >...
You can edit an existing user account and reassign the pass generator role, if you prefer. Click OK to save your settings. Be sure to communicate the role, user name and password to the appropriate end user. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
These include options you can fine-tune to fit your work environment. FIG. 30 Configure Tab - Guest Access NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Use this workspace to import your custom Guest Pass Printout in HTML Customization: format. The NXA-WAPZD1000 can support up to 1,250 combined total users and guest passes in the internal database. Configuring System-Wide Guest Access Policy The Enable Guest Access options enable the administrator to define the system-wide guest access policy. You can require guests to validate their guest pass, accept terms of use, and be redirected to a URL you specify.
To generate a single guest pass: On your computer, start your Web browser. In the address or location bar, type the URL of the NXA-WAPZD1000 Guest Pass Generation page: https://{NXA-WAPZD1000-hostname-or-ipaddress}/guestpass In User Name, type your user name. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Key: Leave as is if you want to use the random key that the NXA-WAPZD1000 generated. If you want to use a key that is easy to remember, delete the random key, and then type a custom key. For example, if the NXA-WAPZD1000 generated the random key OVEGS-RZKKF, you can change it to joe-guest-key.
Once you have generated a pass for a guest, you can monitor and, if necessary, remove it. Go to Monitor > Generated Guest Passes. View generated guest passes. To remove a guest pass, select the check box for the guest pass. Click the Delete button. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Guest Access > Restricted Subnet Access section. You can create up to 22 subnet access rules, which will be enforced both on the NXA-WAPZD1000 side (for tunneled/redirect traffic) and the AP side (for local-bridging traffic).
Click Browse, select the HTML file that you customized earlier, and then click Open.The NXA- WAPZD1000 copies the HTML file to its database. Click Import to save the HTML file to the NXA-WAPZD1000 database. You have completed creating a custom guest pass printout. When users generate a guest pass, the custom printout that you created will appear as one of the options that they can print.
The NXA-WAPZD1000 has a built-in hotspot feature that you can enable and configure to provide hotspot service to users via its WLANs. In addition to the NXA-WAPZD1000 and its managed APs, you will need the following to deploy a hotspot: ...
(for example, your company Web site). In Session Timeout, select the check box, and then set a maximum session time (in minutes) after which sessions will be restarted automatically. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Page 98
In Restricted Subnet, type the subnets to which hotspot users will be prevented from accessing. Click OK to save the hotspot settings. The page refreshes and the hotspot service you created appears in the list. You may now assign the WLANs that you want to provide hotspot service. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
In the Mesh Settings section, click Apply to save your settings and enable Smart Mesh. You have completed enabling mesh capability on the NXA-WAPZD1000. You can now start provisioning and deploying the APs that you want to be part of your wireless mesh network.
If you want to authenticate users against an external Authentication, Authorization and Accounting (AAA) server, you will need to first configure your AAA server, then point the NXA-WAPZD1000 to the AAA server, so that requests will be passed through the NXA-WAPZD1000 before access is granted. This section describes the tasks that you need to perform on the NXA-WAPZD1000 to ensure the device can communicate with your AAA server.
Click OK to save this server entry. The page refreshes and the AAA server that you added appears in the list of authentication and accounting servers. Note that input fields differ for different types of AAA server. The NXA-WAPZD1000 only displays the option to enable Global Catalog support if Active Directory is chosen, for example, and only offers backup RADIUS server options if RADIUS or RADIUS Accounting server is chosen.
The Admin account need not have write privileges, but must able to read and search all users in the database. Click OK to save changes. LDAP The NXA-WAPZD1000 supports several of the most commonly used LDAP servers, including: OpenLDAP ...
Group Extraction By using the Search Filter, you can extract the groups to which a user belongs, as categorized in your LDAP server. Using these groups, you can attribute Roles within the NXA-WAPZD1000 to members of specific groups. For example, in a school setting, if you want to assign members of the group “students” to a Student role, you can enter a known student’s name in the Test Authentication Settings section, click Test, and return the groups...
The Test Authentication Settings feature allows you to query an AAA server for a known authorized user, and return Groups associated with the user that can be used for configuring Roles within the NXA-WAPZD1000. After you have configured one or more authentication servers in the NXA-WAPZD1000, perform this task to ensure that the device can connect to the authentication server and retrieve the groups/attributes that you have configured for each user account.
If your server allows TLS encryption, click the box to allow it. Setting Up Email Alarm Notification If an alarm condition is detected, the NXA-WAPZD1000 will record it in the event log. If you prefer, an email notification can be sent to a configured email address of your choosing.
Rogue DHCP server on {ip} is detected. When any of these events occur, the NXA-WAPZD1000 sends an email notification to the email address that you previously specified. With the exception of the Lost contact with AP event, the NXA-WAPZD1000 only sends one email alarm notification for each event.
Points to assess radio frequency (RF) usage, to detect rogue APs and to determine which APs are near each other for mesh optimization. Rogue DHCP Server Detection: The NXA-WAPZD1000 has a rogue DHCP server detection feature that can help you prevent connectivity and security issues that rogue DHCP servers may cause.
Automatically adjust AP channel when interference is detected: If interference of any kind is detected in an AP, the radio frequency will be switched automatically. Click the Apply button in the same section to save your changes. The NXA-WAPZD1000 issues necessary AP power and/or channel updates at 10 minute intervals.
If the check box is cleared, the NXA-WAPZD1000 will not generate these events. Active Client Detection Enabling active client detection allows the NXA-WAPZD1000 to trigger an event when a client with a low signal strength joins the network. To enable active client detection: Go to Configure >...
Configure Tab - Certificate page Configure Tab - Certificate Generate a Request: Common Name Enter the NXA-WAPZD1000’s Fully Qualified Domain Name (FQDN). Subject Alternative Name: (Optional) Select either IP or DNS from the menu and enter either alternative IP addresses or alternate DNS names.
DNS server, you may use the NXA-WAPZD1000’s IP address instead. However, note that some CAs may not allow this. - If you wish to access the NXA-WAPZD1000 from a public network via the internet, you must use a Fully Qualified Domain Name (FQDN).
Importing an SSL Certificate If you already have an SSL certificate, you can import it into the NXA-WAPZD1000 and use it for HTTPS communication. To complete this procedure, you will need the SSL certificate file and the key pair password that you set when you created the certificate signing request (CSR) file.
Configure Tab Finally, you can also import a wildcard certificate. If you do this, the NXA-WAPZD1000 will prompt you to fill in the NXA-WAPZD1000 redirect URL before proceeding. Once the private key matches and intermediate certificates are imported, clicking the Import button will start the Loading Certificate process.
Configure Tab If the imported certificate does not match the NXA-WAPZD1000’s private key, a warning message appears (FIG. 40). FIG. 40 The imported certificate does not match ZoneDirector’s private key Click the click here link, and an Import Private Key dialog appears (FIG. 41).
Page 115
Configure Tab If you do not select the Allow ZoneDirector Administration check box, administrators that are assigned this role will be unable to log into the NXA-WAPZD1000 even if all other settings are configured correctly. Test your authentication settings (Configure > AAA Servers > Test Authentication Settings).
Apply before you navigate away from the page or your changes will not be saved. Preferences You should change your NXA-WAPZD1000 administrator login password on a monthly basis, but the administrator user name should be changed only if necessary. FIG. 42...
Admin Name: Delete the text in this field and type the new administrator account name (used solely to log into the NXA-WAPZD1000 via the Browser-Based Configuration Pages.) Password/Confirm Password: Delete the text in both fields and type the same text for a new password.
After you have set up and configured your wireless network, you may want to back up the full configuration. The resulting archive can be used to restore your NXA-WAPZD1000 and network. And, whenever you make additions or changes to the setup, you can create new backup files at that time, too.
“factory default” state. After you complete the Setup Wizard, the Status LED will be steady green. Alternate Factory Default Reset Method If you are unable to complete a software-based resetting of the NXA-WAPZD1000, you can do the following “hard” restore: Do not disconnect the NXA-WAPZD1000 from its power source until this procedure is complete.
Administer Tab Restart/Shutdown This page allows you to make a remote reboot or shutdown of the NXA-WAPZD1000 without having physical access to the device. FIG. 44 Administer Tab - Restart/Shutdown Restarting the NXA-WAPZD1000 The NXA-WAPZD1000 three “restart” options: To disconnect and then reconnect the NXA-WAPZD1000 from the power source, ...
Administer Tab Upgrade Check the AMX Web site on a regular basis for updates that can be applied to your Ruckus Wireless network devices — to the NXA-WAPZD1000 and all your NXA-WAP1000 APs. After downloading any update package to a convenient folder on your administrative PC, you can complete the network upgrade of both the NXA-WAPZD1000 and APs by following the steps detailed below.
(begins accepting AP requests), while the original active device enters backup state and begins its own upgrade process. All APs are now associated to the original backup NXA-WAPZD1000 (which is now the active device), and begin upgrading AP firmware to the new version.
Administer Tab License Depending on the number of Ruckus Wireless APs you need to manage with your NXA-WAPZD1000, you may need to upgrade your license. Contact your authorized AMX reseller to purchase an upgrade license. Once you load the license via the Browser-Based Configuration Pages, it takes effect immediately.
If requested to generate and save a debug file: Go to Administer > Diagnostics. Select the items under Debug Components as directed by AMX technical support, or check the box next to Debug Components to select all. (If they are already selected, skip this step.) If you are instructed to save only log information for a specific AP or client, you can select the check box next to Debug log per AP’s or client’s mac address, then enter either the MAC address in the adjacent...
Viewing Current AP Logs While the NXA-WAPZD1000 debug files can not be directly viewed, you can display a list of recent AP activity from the Browser-Based Configuration Pages. To view AP logs: Go to Administer >...
AMX for customer assistance. You can register your NXA-WAPZD1000 along with all of your access points in one step using the NXA-WAPZD1000’s Registration form (FIG. 48).
The Browser-Based Configuration Pages provide two commonly used tools that allow you to diagnose connectivity issues while managing the NXA-WAPZD1000 without having to exit the UI. The Ping and Traceroute tools can be accessed from anywhere in the UI that you see the icon.
To view the Real Time Monitoring page, locate the Toolbox link at the top of the page and select Real Time Monitoring from the pull-down menu. You can also access the Real Time Monitoring page from the Monitor > Real Time Monitoring tab (page 42). FIG. 51 Real Time Monitoring Tool NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Blocking Client Devices Blocking Client Devices When users log into an NXA-WAPZD1000 network, their client devices are recorded and tracked. If, for any reason, you need to block a client device from network use, you can do so from the Browser-Based Configuration Pages.
In the Ruckus Wireless Smart Mesh network, all traffic going through the mesh links is encrypted. A passphrase is shared between mesh nodes to securely pass traffic. When deployed as a mesh network, Ruckus Wireless APs communicate with the NXA-WAPZD1000 through a wired LAN connection or through wireless LAN connection with other access points.
Hybrid Mesh Topology Standard Topology The standard Smart Mesh topology consists of an NXA-WAPZD1000 and a number of Root APs and Mesh APs. In this topology, the NXA-WAPZD1000 and the upstream router are connected to the same wired LAN segment. You can extend the reach of your wireless network by forming and connecting multiple mesh trees (FIG.
Mesh AP that uses a wired Ethernet link as its uplink rather than wireless. An eMAP is not considered a Root AP, despite the fact that it discovers the NXA-WAPZD1000 through its Ethernet port. Multiple eMAPs can be connected to a single Mesh AP to, for example, bridge a wired LAN segment inside a building to a wireless mesh outdoors.
Step 3: Provision and Deploy Mesh Nodes In this step, you will connect each AP to the same wired network as the NXA-WAPZD1000 to provision it with mesh-related settings. After you complete provisioning an AP, you must reboot it for the mesh-related settings to take effect.
(FIG. 55). These dotted lines identify the neighbor relationships that have been established in the current mesh network. If your mesh spans multiple NXA-WAPZD1000s, it is possible for a node to be associated to a different device than its parent or children. FIG. 55 Neighbor relationships in a mesh network NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Page 136
An AP with a dimmed blue square indicates that it is a Root AP without any active downlinks. An AP with a red square is an Ethernet-Linked Mesh AP (eMAP). An AP with an X icon is disconnected. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
• Signal quality is good • Signal quality is good Solid amber • At least one Mesh AP is • Connected to a Root AP connected • Signal quality is fair • Signal quality is fair NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Mesh tree that also shows the uplink and downlink APs connected to this AP. SpeedFlex Launch the SpeedFlex performance test tool to measure uplink/downlink speeds to/from this AP. Troubleshoot Troubleshoot connectivity issues using Ping and Traceroute. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Troubleshooting Isolated Mesh APs Isolated Mesh APs are those that were once managed by the NXA-WAPZD1000 but are now unreachable. They are up and running and constantly searching for mesh uplinks, but are unable to connect to any root AP.
AP will only connect to another 802.11n AP, and an 802.11b/g Mesh AP will only connect to another 802.11b/g AP. To resolve this, place additional wired APs or Mesh APs that use the same radio type near this AP. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
You have completed recovering the isolated mesh AP. You should be able to manage this AP again shortly. Please wait at least 15 minutes (to allow the mesh network to stabilize), and then try managing this AP again via the NXA-WAPZD1000. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Choosing the Right AP Model for Your Mesh Network The NXA-WAPZD1000 supports both 802.11g and the newer, faster 802.11n APs with which to form a mesh network. Because mesh throughput degrades with the number of hops, the best performance can be achieved using the newer, faster 802.11n APs.
MAPs. If there are multiple Roots, ensure that the Roots are distributed evenly throughout the coverage area (not clumped up close together in one area). Of course, the whole purpose of mesh is to NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
RAPs and MAPs are at ceiling height (standard 15-foot ceiling), then you would not want to mount the outdoor MAPs on 40-foot poles. You would want to keep all MAPs and RAPs at around the same elevation from the ground. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
Connected MAP uplink is 25% or better. Ideally there should be at least one alternate uplink path for every MAP, and the signal quality of that alternate path should also be 25% or better. NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
WLAN. Upon the completion of the Setup Wizard, the NXA-WAPZD1000 automatically activates a default internal WLAN for authorized users. A key benefit of the internal WLAN is the Zero-IT configuration, which enables new users to self-activate their wireless client devices with little or no assistance from the IT department.
Measuring Wireless Network Throughput with SpeedFlex SpeedFlex is a wireless performance tool included in the NXA-WAPZD1000 that you can use to measure the downlink throughput between the NXA-WAPZD1000 and a wireless client, the NXA-WAPZD1000 and an AP, and a wireless client and an AP.
Page 149
When the tests are complete, the results appear below the Start button. Information that is shown includes the downlink/uplink throughput and the packet loss percentage during the tests. FIG. 57 Click the download link for the target client’s operating system NXA-WAPZD1000 ZoneDirector Smart WLAN Controller...
SpeedFlex can also be used to measure multi-hop throughput between APs and the NXA-WAPZD1000 in a mesh tree. For example, if you have a mesh tree that is three hops deep (i.e., NXA-WAPZD1000... Root AP... Mesh AP 1... Mesh AP 2), SpeedFlex can measure the total throughput between the NXA-WAPZD1000 and Mesh AP 2.
Uplink or Downlink and test one direction at a time. Allowing Users to Measure Their Own Wireless Throughput The NXA-WAPZD1000 provides another version of the SpeedFlex Wireless Performance Test application that does not require authentication. This version can be accessed at:...
AP has a fixed channel number not too close to the number of a nearby Ruckus AP. Starting a Radio Frequency Scan This task complements the automatic RF scanning feature that is built into the NXA-WAPZD1000 That automatic scan assesses one radio frequency at a time, every 20 seconds or so.
Page 154
- Schedules and registration for any AMX University course - Travel and hotel information - Your individual certification requirements and progress 3000 RESEARCH DRIVE, RICHARDSON, TX 75082 USA • 800.222.0193 • 469.624.8000 • 469-624-7153 fax • 800.932.6993 technical support • www.amx.com...