Mobile AP solution - Ruckus M510 AP

in ,

I have a prospective customer who, during the course of our conversation, explained that one of their issues was for mobile service workers to have wireless connectivity back into their network. Using a Ruckus SmartZone SZ-100 AP controller and GRE tunneling from the APs, this can be accomplished with relative ease. Or so the Ruckus marketing materials and my local Ruckus SE led me to believe. It ended up being easy, but the documentation and knowledge was lacking so it took quite a bit of trial and error on my part to get it figured out.

The M510 AP from Ruckus is an indoor AP designed for LTE backhaul, which makes it perfect for deployment in vehicles, pop-up locations, and temporary office locations such as construction sites or first-responder field operations.

Ruckus M510 Data Sheet

My SmartZone is running as a VM without a Data Plane, so I can’t run GRE tunneling back to my controller. This works for my demo purpose, but doesn’t give my clients an experience as if they were inside the network. For a production environment I’d suggest either a vSZ/vSZ-D deployment, or a SZ-100 physical appliance and use tunneling from the AP to the controller.

The first thing you’ll need to do is contact AT&T and get a SIM card with a data plan. Make sure you get a Micro-SIM card. The M510 can take up to two SIM cards, but currently only works with AT&T. I believe that another carrier (Sprint?) is being tested and should be available sometime this year but it’s only AT&T for now, sorry. Also, you’ll need a M510 AP and an AP license for your Smart Zone.

AT&T Compatible Data Plan

Before you get into the SmartZone configuration change, plan out how your mobile wireless will be utilized and deployed. If you are going to broadcast your internal SSIDs through your mobile APs, then you can get away with just your Default AP and Wireless Zone and just worry about creating the appropriate AP Groups. Becasue I’m going to be broadcasting an SSID only for testing and demo purposes, I’ll create separate AP and Wireless Zones/Groups for my M510 AP.

Setup SmartZone for External Access

First things first, for this to work you’re going to need to get your SmartZone an external IP address and set up some firewall rules. The ports you’ll need to forward are:

TCP ports:
Port 21 = FTP Com port
Port range 16384-65000 (configurable in vSCG) = FTP Passive port range
Port 443 = https port for AP to vSCG Registration
Port 22 = SSH Tunnel from AP to SCG
Port 91 = AP and vSCG firmware update and other uses port
Optional TCP Ports:
Port 8443 = Used for vSCG WebUI access from remote (if needed, this may not be necessary if you are using a 3 interface configuration and using VPN to connect to management interface)
Port 7443 = Port used by SWIPE (not required if you are not using SWIPE to provision APs onsite)

UDP Ports:
Port 12223 = LWAP communication port for APs not running vSCG firmware to communicate with vSCG and get upgraded (using passive FTP ports mentioned above

You also need to set the external NAT address of your SmartZone so that the APs keep the correct IP address for their SCG connections. Go to System/Cluster and edit your Control Plane Network Settings. Set the Control NAT IP Address to your external IP address and click save.

Setup AP Zones and Groups

Lets start by setting up an AP group that the M510 AP(s) will live in. Since we’ll want to have different settings for our mobile APs, it’s easiest to create a new AP group to manage these settings instead of making changes to each individual AP. Because this is a demo environment, I’m also going to create an AP Zone. I want to have obvious delination of my production and demo environment only setting up one AP Zone, and a single AP Group. If this was a production environment, I’d have multiple AP groups depending on how my mobile APs were being deployed (AP per site, or AP per function). I like to keep my Zones and groups in a parent-child config, so all of my general mobile AP settings will be set in my AP Zone. Any site or function specific settings will be configured in the AP Group.

I have created an AP Zone called MobileZone, and I’ll set my AP model specific settings in this zone.


Since you’ll be using AT&T for your LTE backhaul, contact them to make sure the APN is correct, but for me it’s “broadband”. I set my M510 COnfiguration settings to mostly default, except for the primary and secondary APN, and the LAN 2 port is set to “Default Trunk Port (LAN)” instead of WAN. This will let me plug a switch into the port and connect additional devices via ethernet. I also set my WAN connection to “Cellular (Primary) with Ethernet failover”. Make any other AP settings you want here, such as channel selection, AP reboot timeout, or radio channels and transmit power.

If you;’re deploying multiple APs and need different AP Groups, configure those now and make any AP Group setting changes you want. Again, since this is a demo setup, I’m using a single default AP group with default AP settings.

If you have added your M510 to your SmartZone, you can now move it into the correct Zone and group.

Setup Wireless Zones and Groups

When you create a Zone and a Group either in the AP configuration or the Wireless LAN configuration, they get created in both locations. So since we created an AP Zone and Group earlier, we’ll see them in our Wireless LAN configuration as well. So now we can create our new wireless network for our mobile APs.

Create your new wireless network and configure it as needed. Don’t forget to go back to your Wireless LAN Group configuration and add your new WLAN.

Also make sure that in your AP Group you have the correct WLAN group selected for broadcast.

At this point your M510 AP should be broadcasting your SSID and connecting to your AT&T LTE. The M510 AP will attempt to connect to the network through the assigned WAN interface if a cable is plugged in, so if you’re planning on using PoE to power the AP, make sure to set the PoE interface as your LAN connection (instead of the default WAN). I suggest powering it through an AC adaptor or the built-in DC 9-16V power block.

GPS Location and Map Display

In order to get SmartZone to show your M510 location you will need to get a Google Maps API key. From the Dashboard, click on the Map settings icon.

vSZ M510 setup 007.png

This opens the Map Settings window. Click on the Google Map API Key and enter your API key. If you don’t have an API key, click on the link shown in the window and get an API key.

vSZ M510 setup 008.png

It took a while the first time, but eventually my M510 AP started showing up on the map.

DHCP

Probably the easiest way to deploy DHCP out to your mobile sites is to put a DHCP server on your M510 APs. The SmartZone allows you to run a DHCP server on each AP, run DHCP across multiple APs, or run DHCP on a hierarchical AP setup.

DHCP enabled on each AP.

DHCP enabled on multiple APs.

DHCP enabled on hierarchical APs.

Regardless on how you pan on implementing DHCP on the APs, the setup is the same. In your SmartZone, go to Services & Profiles / DHCP & NAT. The first thing we need to do is create our DHCP Pool(s). Click the DHCP Pool tab, and then create a new DHCP pool in the correct Zone (MobileZone in my case).

Once the DHCP Pool is created, go to the DHCP Settings tab. This is where we’ll define the type of DHCP hierarchy we’ll be running. Click on your Zone and then click the Enable DHCP Services on AP button.

vSZ M510 setup 015.png

Click Edit DHCP Serveries on AP button and follow the prompts to pick your type of DHCP hierarchy, the Pool associated with your server, and the APs you want to run DHCP services on.

You should now have a fully configured and running Ruckus M510 AP!

High density AP environments & the benefit of tunneling

in

If you're running or designing a centrally controlled WiFi solution involving high density AP placement, such as in a hotel or event center, you can significantly improve AP roaming speed and reduce wireless service interruptions to the end users by using GRE tunnels out to the access points.

I recently had an Wireless network implementation where we had very high AP density in a hotel. 146 APs spread over 5 floors and 265 rooms. We had an issue where a client could be connected to the network, with good signal and low noise, and as they moved around the building, they would sometimes lose internet connectivity for 5 minutes. Their WiFi connection would remain strong but their internet would drop. We messed around with roaming settings, signal strength, anything we could think of. We weren't making any progress. On each floor of the hotel there would be 3 or 4 switches for the APs (and other things) to connect to, giving us 15-20 total switches that all ran back to the network core (through a few intermediate switches). We started tracing ARP and MAC entries on the floor and core switches. We saw that when a client lost internet connectivity while roaming around the hotel that there would be disparate ARP and/or MAC entries on the AP switches, the intermediate switches, and the core. Once the "bad" MAC entry expired, the client would connect to the internet again.

Due to the AP density a roaming client could see anywhere from 3-10 APs at any one time. Those 10 APs might be connected to 10 different switches, connected to 3 different intermediate switches before reaching the core. As the client hopped rapidly between APs, the MAC and ARP refresh couldn't keep up, and so the client lost internet while maintaining excellent wireless network signal.

This particular implementation was running Ruckus H510 APs connected to the SmartZone 100 AP controller. We enabled GRE Tunnels and immediately saw the issue go away. A client could roam freely and never lose internet connection. Looking at the MAC and ARP tables, we saw the client traffic going directly to the SmartZone where it was encapsulated into the GRE tunnel and sent out to the AP.