Ruckus ZoneFlex 9.4 Software - Latest Features

I've created a short post on whats new in Ruckus's new 9.4 software. This version offers some great new features that take the ZoneFlex software to a new level.  These features include: Client fingerprinting, Open / secure hotspots, Wireless intrusion prevention, Dynamic per-User Rate Limiting (802.1X) and Dynamic VLANs on Standalone APs (802.1X).

Ruckus have introduced the following new features in ZoneFlex 9.4 Software:

  • Client fingerprinting
  • Open / secure hotspots
  • Wireless intrusion prevention
  • Dynamic per-User Rate Limiting (802.1X)
  • Dynamic VLANs on Standalone AP's (802.1X)

Ruckus Client fingerprinting

  • Simplifies the understanding of the client mix
  • Easier client identification and troubleshooting
  • Automatically detects client info on WLAN
  • and wired interfaces by operating system and OS Hostname
  • Display in ZD/FM dashboard client monitor client details
  • Supported ZD and standalone
  • Future policy enforcement by device type

Open / secure hotspots

The problem

End users want secure connectivity on open public networks

The solution

  • Encrypted wireless sessions without the need to authenticate or preregister users
  • Perfect for high density public venues such as stadiums, conference centers, or hotspot locations
  • No manual end user configuration required for most devices

So how does Open / Secure hotspots solution work?

  1. Client associates to AP; ZoneDirector doesn't recognize anonymous device, 1 sends client to Web portal
  2. Web portal redirects to Branded Portal page, requesting user for secure sign-in or open connection
  3. Sign-in request sent from client to Web portal, which requests zero IT Config DPSK from ZoneDirector
  4. ZoneDirector send DPSK to Web portal
  5. Web portal forwards DPSK to client and auto provisions WLAN session traffic now encrypted

Wireless Intrusion Prevention

  • Automatically identifies rogue APs
  • Spoofing your network settings
  • Connected to your network
  • Automatically protects your APs
  • Prevents Wi-Fi clients from connecting to rogue APs
  • Extends SmartSec WIPS services
  • Password hacking, Evil Twin/Rogue discovery and prevention, rogue DHCP server detection

Dynamic per-User Rate Limiting (802.1X)

How will this work?

  • Rate limiting is automatic if RADIUS returns attributes
  • Client-specific rate from RADIUS overrides rate configured for WLAN
  • Any-value rate defined per RADIUS is mapped to nearest fixed-value rate in WLAN
  • Available for all WLANs authenticating to RADIUS
  • WISPr, 802.1X, MAC address, 802.1X+MAC address, WebAuth

Dynamic VLANs on Standalone AP's (802.1X)

Usage Guidelines and Caveats

  • RADIUS Server should contain these attributes:
  • Tunnel-Type = 'VLAN'
  • Tunnel-Medium-Type 'IEEE-802'
  • Tunnel-Private-Group-ID = VLAN ID

ChannelFly - What is it ??

A predictive capacity management technique that uses statistical modeling to pick the best RF operating channel Significant capacity improvement observed in congested environments (25 -100%)

  • Leverages patented principles from BeamFlex™ to learn and select the best RF channel
  • Uses live channel activity to learn what channels will yield the most throughput
  • Assesses true channel capacity, not subjective noise and traffic measurements
  • Evaluates all channels: 2.4 GHz access and 5 GHz backhaul
  • Smooth client transitions using 802.11h
  • System constantly determines proper channel; no configuration or monitoring necessary
  • Fast reaction (in seconds) to significant drop in throughput