Ruckus ZoneFlex 9.4 Software - Latest Features
I've created a short post on whats new in Ruckus's new 9.4 software. This version offers some great new features that take the ZoneFlex software to a new level. These features include: Client fingerprinting, Open / secure hotspots, Wireless intrusion prevention, Dynamic per-User Rate Limiting (802.1X) and Dynamic VLANs on Standalone APs (802.1X).
Ruckus have introduced the following new features in ZoneFlex 9.4 Software:
- Client fingerprinting
- Open / secure hotspots
- Wireless intrusion prevention
- Dynamic per-User Rate Limiting (802.1X)
- Dynamic VLANs on Standalone AP's (802.1X)
Ruckus Client fingerprinting
- Simplifies the understanding of the client mix
- Easier client identification and troubleshooting
- Automatically detects client info on WLAN
- and wired interfaces by operating system and OS Hostname
- Display in ZD/FM dashboard client monitor client details
- Supported ZD and standalone
- Future policy enforcement by device type
Open / secure hotspots
The problem
End users want secure connectivity on open public networks
The solution
- Encrypted wireless sessions without the need to authenticate or preregister users
- Perfect for high density public venues such as stadiums, conference centers, or hotspot locations
- No manual end user configuration required for most devices
So how does Open / Secure hotspots solution work?
- Client associates to AP; ZoneDirector doesn't recognize anonymous device, 1 sends client to Web portal
- Web portal redirects to Branded Portal page, requesting user for secure sign-in or open connection
- Sign-in request sent from client to Web portal, which requests zero IT Config DPSK from ZoneDirector
- ZoneDirector send DPSK to Web portal
- Web portal forwards DPSK to client and auto provisions WLAN session traffic now encrypted
Wireless Intrusion Prevention
- Automatically identifies rogue APs
- Spoofing your network settings
- Connected to your network
- Automatically protects your APs
- Prevents Wi-Fi clients from connecting to rogue APs
- Extends SmartSec WIPS services
- Password hacking, Evil Twin/Rogue discovery and prevention, rogue DHCP server detection
Dynamic per-User Rate Limiting (802.1X)
How will this work?
- Rate limiting is automatic if RADIUS returns attributes
- Client-specific rate from RADIUS overrides rate configured for WLAN
- Any-value rate defined per RADIUS is mapped to nearest fixed-value rate in WLAN
- Available for all WLANs authenticating to RADIUS
- WISPr, 802.1X, MAC address, 802.1X+MAC address, WebAuth
Dynamic VLANs on Standalone AP's (802.1X)
Usage Guidelines and Caveats
- RADIUS Server should contain these attributes:
- Tunnel-Type = 'VLAN'
- Tunnel-Medium-Type 'IEEE-802'
- Tunnel-Private-Group-ID = VLAN ID
ChannelFly - What is it ??
A predictive capacity management technique that uses statistical modeling to pick the best RF operating channel Significant capacity improvement observed in congested environments (25 -100%)
- Leverages patented principles from BeamFlex™ to learn and select the best RF channel
- Uses live channel activity to learn what channels will yield the most throughput
- Assesses true channel capacity, not subjective noise and traffic measurements
- Evaluates all channels: 2.4 GHz access and 5 GHz backhaul
- Smooth client transitions using 802.11h
- System constantly determines proper channel; no configuration or monitoring necessary
- Fast reaction (in seconds) to significant drop in throughput