Archive for the ‘Ruckus Wireless’ Category

Phishing at the confluence of digital identity and Wi-Fi access

Friday, January 11th, 2019

When we think of phishing, most of us imagine a conventional phishing attack that begins with a legitimate-looking email. It might appear to come from an e-commerce site with which you happen to do business. “We’ve lost your credit card number. Please follow the link to re-enter it,” the email says. But the link leads to a malicious site where you enter your credit card number, press submit, and you have just been phished by hoody-clad hackers.

Even more likely in modern phishing attacks, the email may trick you into giving up your digital identity—for example, your Gmail account. Many legitimate sites give you the option to log in using social login. What’s to stop a criminal site from asking for your credentials in the same way? The answer: nothing. (Best to be sure that you only use social login on sites that you’re sure you can trust.)

Not every phishing attack starts with a spam email, though. Wi-Fi phishing is analogous to conventional phishing, and the stakes are just as high—or even higher. To understand how this works, let’s begin at the beginning.

Rogue Access Points and Evil Twins

A rogue access point is an AP that someone has installed on the network without the approval of IT. It could represent something innocently misguided, like a user trying to extend Wi-Fi range. (Users should contact IT teams for that.) Or a rogue AP could be set up with malicious intent.

An “evil twin” access point is a special variety of rogue access point that attackers can use for nefarious purposes. Every evil twin is a rogue, but not every rogue is an evil twin. The evil twin impersonates a legitimate access point and helps attackers compromise your network. As with many cyber-attacks, user behaviour makes this possible.

Attackers can force users off the access point and trick them into associating with the evil twin. This is how a Wi-Fi phishing attack starts. The evil twin can ask them to enter the pre-shared key into a fake login portal. To be clear, the user enters the actual credential into a fake portal. This does not seem unusual to users, because they have probably experienced having to re-enter credentials for network access before. In this scenario, doing so means handing over the Wi-Fi password or user credentials to the attacker, who can then use it to gain access to your network.

Where Wi-Fi Phishing Meets Digital Identity

Attackers can easily use the same technique to compromise digital identity within any IT environment. Suppose that the attacker asks your end users to enter their enterprise single sign-on credentials to regain access to the network. As an IT professional, you probably wouldn’t fall for that, but some of your users might. The more users you have, the more likely someone will fall victim.

Once the user has handed over his or her credentials, a world of opportunities opens for the hackers. Organizations typically leverage cloud-based file sync and share services. Customer relationship management (CRM) systems live in the cloud. Enterprise SSO platforms allow users—or hackers that have compromised their credentials—to access both. So, what began with a Wi-Fi hack can easily end in a massive data breach.

This scenario can play out even with a garden-variety rogue that is not an evil twin. The AP doesn’t have to be impersonating a legitimate access point to get a user to compromise his or her digital identity. Have you ever wondered whether Wi-Fi sources in public locations are legitimate? This vendor video shows how attackers can compromise digital identities when they target unsuspecting users (in this case members of the U.K. Parliament—incidentally using a VPN service when accessing unsecured public Wi-Fi is a good tip). The same thing can happen in an enterprise environment when users connect to a malicious rogue AP, only the identity compromised might imperil your confidential data.

How Can You Combat Wi-Fi Phishing, Evil Twins and Other Rogue APs?

Fortunately, you can take steps to protect your users and data from these scenarios. Your first line of defence against rogue access points is the wireless intrusion detection and prevention capability provided as part of your wireless LAN.

You can also take steps to avoid SSID proliferation, which will make it easier to spot rogues in your environment. Many IT environments become cluttered with SSIDs as IT teams use this as a mechanism to provide differential levels of access to different users and groups of users. Best practice: don’t do this. Employ a system for centrally defining and managing policies for network access.

By taking steps to make sure that users can authenticate reliably and seamlessly to a legitimate source of connectivity, you can also make it less likely that they will seek out a malicious access point, should one be within range. Digital certificates as the basis for network authentication can help here. A certificate on the device can also protect against devices connecting to evil twin APs, should a sophisticated attacker try and spoof a legitimate AP. Ruckus Cloudpath Enrollment System is a great way to roll out digital certificates for your users. It also addresses the security shortcomings of default methods of authentication that you may be using now.

If there is no PSK to divulge, there is also no risk that your users will divulge it. A secure onboarding and authentication approach based upon digital certificates obviates the need for conventional PSKs as a mechanism for network access. You can also use dynamic pre-shared keys, which are unique to each user, for guest access. Guests typically get internet access only, with no access to sensitive internal resources.

Last, but not least, user education is always a key to avoiding any kind of attack on your network, users and data. Take measures to educate stakeholders to be careful about what Wi-Fi sources they connect to and what information they enter when they do.

View the original post by Vernon Shure at Ruckus Networks.

Ruckus join Net-Ctrl at BETT 2019

Wednesday, January 9th, 2019

Ruckus will be joining Net-Ctrl at BETT 2019 on stand C61 with their range of smart wired and wireless technology.

Ruckus – Wireless Technology

Ruckus has never relied on off-the-shelf, reference design radio technology—it doesn’t deliver the capacity, range or interference mitigation necessary to make real the dream of wireless that works everywhere, all the time. Ruckus delivered the industry’s first adaptive antenna technology to overcome RF interference on Wi-Fi networks.

Ruckus Wired Technology

The Ruckus ICX Family of fixed form-factor switches works together to simplify network set-up and management, enhance security, minimise troubleshooting and make upgrades easy. ICX switches work seamlessly with Ruckus Wi-Fi access points and Ruckus SmartZone network controllers to deliver the most performance and cost-effective unified wired & wireless access solutions on the market today.

What makes Ruckus, well, Ruckus..

  • Performance – Ruckus’ deep history of technical innovation means superior, dependable wired and wireless performance. Everywhere, all the time.
  • Simplicity – Ease of install and management for IT? Ease of use for end users? These are just a given.
  • Flexibility – Ruckus provides the utmost flexibility for all the wired and wireless networking scenarios a school or college might have.

Moving Beyond Wi-Fi

Ruckus Wi-Fi itself is now much more than super-fast connections, it’s a platform for a host of capabilities—like location analytics and engagement technology.

Visit Net-Ctrl and Ruckus on stand C61 to find out more about Ruckus’ portfolio of smart wired and wireless solutions.

BETT 2019 is going to be held at the Excel in London from the 23rd – 26th January. Book your free ticket now.

If you would like to book a meeting slot in advance please email marketing@net-ctrl.com.

Simplifying Network Management with Ruckus SmartZone

Wednesday, December 19th, 2018

First introduced in 2015, SmartZone-powered controllers combine scalability, tiered multi-tenancy, architectural flexibility, and extensive APIs into a single centrally-managed element. These capabilities enable managed service providers to implement complex, multi-tier and as-a-service business models using their own management applications. They also allow operators to manage subscriber data traffic on a massive scale while integrating traffic flows and network data into existing network architecture.

Ruckus SmartZone products have been deployed in thousands of enterprises and in more than 200 service provider networks across five continents.

Unifying Network Management

IT departments seeking to manage both wired and wireless networks via a single console have traditionally needed to purchase a stand-alone network management element for on-premises management scenarios. Fortunately, Ruckus SmartZoneOS 5 has transformed the industry’s most scalable WLAN controllers into a comprehensive single network element to control and manage both Ruckus access points (APs) and switches. This simplifies network management by:

  • Eliminating provisioning errors through the use of an automated discovery process for access points (APs) and switches.
  • Reducing configuration and deployment duration when compared to a multi-console approach.
  • Reducing network software and hypervisor license fees, server expense, utility expense, and training costs.
  • Enabling a single network controller cluster to scale to 450,000 clients.
  • Enabling networking-as-a-service.

It should be noted that Ruckus SmartZone also includes open, well-documented RESTful application programming interfaces (APIs) that allow IT departments to easily invoke SmartZone functions and configurations to enable error-free automation. In addition, streaming APIs enable IT to monitor in near real-time the full array of Ruckus network data, statistics, and alarms. This means IT departments can more easily create customized, information-dense dashboards and reports.

Ruckus SmartZone Lineup: SZ300 & SZ100

Let’s take a closer look at Ruckus’ SmartZone lineup below, beginning with the Ruckus SmartZone 300 (SZ300) which is targeted at operators, MSPs, and large enterprises. Key features and benefits include:

A single SZ300 appliance can manage 10K APs and 500 switches, while 3+1 active clustering increases capacity to 30K APs, 1,500 switches, and 450K clients.

  • 6x 1GbE ports, 4x 10GbE ports.
  • The SZ300 protects itself from catastrophic failures with intra-cluster and inter-cluster failover. Geo-redundancy with active/active clusters delivers higher availability versus traditional hot-standby. Hot-swappable power supplies, 3x fan sets, and redundant disk drives further improve uptime.
  • Multi-tenancy, domain segmentation, and containerization enable secure delivery of managed network services in complex, multi-tier business models across multiple geographies, including MVNO models.
  • Visual Connection Diagnostics speeds and simplifies troubleshooting and client problem resolution while unique “super-KPIs” enable IT to more quickly detect and react to potential user experience degradation.
  • Optional Ruckus Cloudpath integration lets IT create rich location-, device- and user-based policy rules, enabling network segmentation based on real security and policy needs rather than on a one-size-fits-all approach.
  • The SmartZone OS advanced feature set includes rogue AP detection and mitigation, adaptive band balancing, load balancing, airtime fairness, hotspot, and guest services, capacity-based admission control, and more.

Meanwhile, the Ruckus SmartZone 100 (SZ100) is a scalable network controller for mid-sized enterprises. Key features and benefits include:

  • A single SZ100 appliance can manage up to 1,000 APs, while 3+1 active clustering increases capacity to 3,000 APs and 30K clients.
  • 4x 1GbE ports, 2x 10GbE ports.
  • Active/active clustering delivers higher availability and resiliency than traditional N+1 standby. 3x fans further improve uptime.
  • Visual Connection Diagnostics speeds and simplifies troubleshooting and client problem resolution while unique “super-KPIs” enable IT to more quickly detect and react to potential user experience degradation.
  • Optional Ruckus Cloudpath integration lets IT create rich location-, device- and user-based policy rules, enabling network segmentation based on real security and policy needs rather than on a one-size-fits-all approach.
  • The SZ100 can store up to 30 days of network configuration and client data on internal storage drives even with reboots.
  • Automated AP and switch provisioning; L3 and L2 auto-discovery of APs and switches reduce manual administration.
  • The SmartZone OS advanced feature set includes rogue AP detection, interference detection and mitigation, band steering, airtime fairness, hotspot, guest networking services, and more.

Ruckus SmartZone Lineup: vSZ-H and vSZ-E

The Ruckus Virtual SmartZone – High-Scale (vSZ-H) enables operators and managed service providers (MSPs) to easily, flexibly, and securely deliver Networking-as-a-Service (NaaS). Key features and benefits include:

  • A single cluster scales to 450K clients, 30K APs, and 1,500 switches.
  • A single low-cost license and a commodity x86 server with any popular hypervisor are all that’s needed for a vSZ-H instance.
  • Active/Active 3+1 clustering eliminates idle controller capacity and data loss during redundant failover while minimizing configuration time when nodes are added.
  • The vSZ-H centralizes LAN and WLAN management and flexibly integrates with the Virtual SmartZone – Data Plane (vSZ-D) or external WLAN gateways to accommodate complex data plane routing topologies.
  • Sophisticated zone and domain segmentation give service providers the flexibility to supply non-hosting partners with their own domains, to run different SmartZone OS versions in different zones, and countless other options.
  • An independent, containerized tenant architecture minimizes the risk of degraded end-user experience and enhances data privacy between tenants.

Meanwhile, Virtual SmartZone – Essentials (vSZ-E) offers mid-sized enterprises flexibility, lower deployment costs, and the ability to scale a network up to 60,000 clients. Key features and benefits include:

  • A single cluster scales to 60K clients, 3,000 APs, and 50 switches.
  • A single low-cost license and a commodity x86 server with any popular hypervisor is all that’s needed for a vSZ-E instance.
  • Active/Active 3+1 clustering eliminates idle controller capacity and data loss during redundant failover while minimizing configuration time when nodes are added.
  • The vSZ-E centralizes LAN and WLAN management and flexibly integrates with the Virtual SmartZone – Data Plane (vSZ-D) or external WLAN gateways to accommodate complex data plane routing topologies.
  • IT can offload WLAN and connectivity services such as DHCP/NAT to the AP or vSZ-D to reduce expenses for separate routers and servers.

SmartZone: Ruckus APs and Switches

Ruckus SmartZone controllers are designed to manage Ruckus’ extensive lineup of indoor and outdoor access points. Our AP family offers a solution for every deployment scenario including small businesses, wireless LANs, and mission-critical high-density carrier grade installations. Ruckus outdoor access points are suitable for a range of environments and offer a choice of mounting and antenna options, with outdoor point-to-point bridges providing connectivity between remote sites.

As a comprehensive single network element, SmartZone also manages the Ruckus ICX switch family, which can be deployed standalone, stacked or installed within a campus fabric. Switch management features offered by SmartZone include discovery and inventory, SNMP monitoring, link discovery, firmware upgrades, as well as backup and restore functions. By using SmartZone, organizations can proactively monitor their network, perform network-wide troubleshooting, generate traffic reports and gain visibility into the network activity from the wireless edge to the core.

Are you interested in learning more about the Ruckus SmartZone platform?

Submit a contact form or email sales@net-ctrl.com and we can set up a demo for you.

View the original publication at The Ruckus Room.

Getting Wired for Wireless: Power

Thursday, December 13th, 2018

Continuing our Wired for Wireless series where our most recent installment talked about performance, this blog will discuss Power over Ethernet and its importance when deploying access points.

Power over Ethernet (PoE) is typically provided for access points (APs), as well as other devices such as voice over IP (VoIP) phones, IP TVs, and video cameras. Although there are many devices that draw power directly from the switch, PoE is particularly important for APs. As such, a primary concern for customers planning an AP refresh is ensuring that sufficient power will be delivered at the switch.

Previous generations of access points could operate on a PoE budget of 15 watts of power at the switch. However, AP radios have evolved considerably and now demand more power. Today, most APs up to and including Wi-Fi 5 (802.11ac) draw PoE of 30 watts. However, while the latest Wi-Fi 5 APs can theoretically operate on 30 watts of power, they need just a little bit more to achieve top performance, drive all the radios, and provide power to the USB port. Next generation Wi-Fi 6 (802.11ax) APs demand even more power. While they operate on PoE + power, they will require more to drive their 8×8 radios for peak performance.

This is precisely why the IEEE recently defined IEEE 802.3bt. The standard outlines two additional power types to bolster PoE: up to 55 W (Type 3) and up to 90-100 W (Type 4). IEEE 802.3bt also stipulates that each pair of twisted pairs must support a current of up to 600 mA (Type 3) or 960 mA (Type 4). In addition, IEEE 802.3bt includes support for 2.5GBASE-T, 5GBASE-T, and 10GBASE-T.

Several vendors already have switches that support 60 watts, although only Ruckus supports 90 watts of power per port. Although there are relatively few devices that require more than 30 watts, more and more power-hungry devices are hitting the market with an ever-expanding appetite for more power. Such devices include LED lighting, high-end video displays, and pan tilt zoom cameras that can consume up to 75 watts and beyond.

This is precisely why we have designed our switches to deliver the power needed for dense Wi-Fi deployments, as well as for other powered devices. Ruckus switches can support Power over Ethernet (PoE) on all 24 or 48 ports with a single power supply – and PoE+ on all ports. As noted above, with dual power supplies, we are the only vendor that currently supports up to 90 watts power per port. Put simply, Ruckus delivers power to spare.

View the original post by Rick Freedman at the Ruckus Room.

Is Wi-Fi learning how to fix itself?

Tuesday, December 11th, 2018

It is hard to argue that Wi-Fi has not had a profound impact on human behaviour. As we consume more data, the humble Wi-Fi access point needs to evolve, not only through the evolution of Wi-Fi standards but also to self-optimize; to learn from its environment and make intelligent informed decisions. It needs to intelligently select how best to use its many advanced feature-sets in order be more spectrally efficient and deliver the optimum performance for any given use case or application. Technical standards describe ‘what’ the AP can do, but it is up to vendors to be innovative about ‘how’ they build their solutions. The industry is now looking to Artificial Intelligence (AI) and Machine Learning techniques to gain an advantage.

One thing that is undeniable is the fact that Wi-Fi has become the de-facto technology that we cannot live without. Whether in the home or in the enterprise, a significant part of our daily experiences and productivity are delivered via Wi-Fi connectivity. People no longer ask, “do you have internet?” but “how do I connect to the Wi-Fi?”; its presence is assumed.

Wi-Fi Growth

With this growth in Wi-Fi usage comes an increase in wireless access points and devices that share a finite amount of radio spectrum. This, in turn, limits the ability of these networks to deliver the desired performance.

For IT teams, vendors have provided WLAN controllers, either physical or cloud-based, that provide ease of management and deliver basic fault-finding tools. However, configurations have been static, requiring IT teams to be proactive in finding and fixing problems that arise within the network. Furthermore, the complexity of Wi-Fi technology has led IT teams to require a high level of specifically skilled staff or rely on a trial and error approach to fixing wireless issues or optimize the network to the desired level. For the IT team, AI promises to reduce the reliance on human capacities and speed up the process of taking the right course of action.

Wi-Fi and Machine Learning

The Wi-Fi industry is embracing Machine Learning, or more specifically Deep Learning AI techniques. These take large datasets (Big Data) and use neural networks to simulate the human brain in order to classify data.

Luckily, Smart Wi-Fi networks can provide enormous amounts of data about their environment. Everything from the type and capabilities of the devices connecting to the network, to the applications being consumed, to radio-specific statistics such as airtime utilization, signal-noise-ratio, and latency. All of which can be harvested for Deep Learning. Data can be baselined for a specific network, anomalies analyzed and resolutions either proactively given to the IT team or automatically corrected by the network.

Wi-Fi and Crowdsourcing

Crowdsourcing anonymized data sets also allows networks to benefit from problems and solutions that have been discovered in other systems, that can now benefit the target network. This allows vendor solutions to become more than the sum of their parts, effectively always learning from their customer base, who then in return realize the benefit of a more effective network.

Conclusion

The evolution of Wi-Fi networks has enhanced self-organizing networks (SON), using AI techniques to learn about their individual environments, self-diagnose, self-heal and self-optimize their performance, ultimately requiring minimal intervention from the IT team.

View the original post by Kevin Francis, Solution Architect.

Getting Wired for Wireless: Performance

Tuesday, December 11th, 2018

As we emphasized in our introductory blog about Switches and Robust Wi-Fi Deployments, an up-to-date switching underlay is a prerequisite for high-performance wireless access points (APs). Put simply, wired infrastructure needs to provide adequate speed for connections to the switch: from the access points, uplinks to aggregation and core switches, and to the cloud (or data center). This is because performance is only as fast as the weakest link. While fast access points are important, the full value of APs simply can’t be realized without an adequate underlying network. In an ideal network, all components – including the internet pipe – are well-matched to handle network traffic. A bottleneck at any point in the connection between a user and the cloud (or data center), will slow application performance and negatively affect the user experience.

Let’s take a closer look at the data flow. Beginning with user devices, the first step for wired networks is the connection from access points to switches. Over the past 5-10 years, most enterprise-class switches had 1-gigabit access ports to support access points up to and including Wi-Fi 4 (802.11n). The total throughput possible for a Wi-Fi 4 access point is below one gigabit per second, so connecting a switch to the 1-gigabit port was adequate. Anything faster wouldn’t make any difference to performance, as the AP remained the limiting factor to performance.

Wi-Fi 5 (802.11ac) Performance

Wi-Fi 5 (802.11ac) APs offer potential speeds of more than a gigabit per second throughput. According to a recent Dell’Oro report (August 2018), almost all enterprise APs sold as of 2017 were Wi-Fi 5 models. This means a 1-gigabit access port is on the cusp of becoming the bottleneck for top performance. Indeed, the more recent Wi-Fi 5 Wave 2 APs are capable of up achieving to 2.3 gigabits per second, though the practical limit is a little bit less. Ruckus lab tests confirmed Wi-Fi 5 Wave 2 throughput of one and a half gigabits per second, so a 2.5-gigabit port was sufficient to prevent the access port from being a bottleneck, at least for Wi-Fi 5 APs.

Wi-Fi 6 (802.11ax) Performance

However, next-generation Wi-Fi 6 APs (802.11ax) have already begun shipping, with IDC forecasting Wi-Fi 6 (802.11ax) deployment ramping significantly in 2019 and becoming the dominant enterprise Wi-Fi standard by 2021. This is because many organizations still find themselves limited by the previous Wi-Fi 5 (802.11ac) standard, especially in high-density venues such as stadiums, convention centers, transportation hubs, and auditoriums.

Wi-Fi 6 (802.11ax) access points (APs) deployed in dense device environments such as those mentioned above support higher service-level agreements (SLAs) to more concurrently connected users and devices – with more diverse usage profiles. This is made possible by a range of technologies that optimize spectral efficiency, increase throughput and reduce power consumption. These include 1024- Quadrature Amplitude Modulation (QAM), Target Wake Time (TWT), Orthogonal Frequency-Division Multiple Access (OFDMA), BSS Coloring and MU-MIMO. With the new Wi-Fi 6 (802.11ax) standard offering up to a four-fold capacity increase over its Wi-Fi 5 (802.11ac) predecessor, it is important to proactively eliminate potential bottlenecks at the switch by considering multi-gigabit.

Multi-Gigabit Switches for Wi-Fi 6

It should be emphasized that the transition to multi-gigabit switches to accommodate Wi-Fi 6 APs does not necessarily require a wholesale infrastructure upgrade. It can happen gradually by adding a few switches as needed. Furthermore, most multi-gigabit switches today include a mix of multi-gigabit and gigabit ports. Only those ports connected to 802.11ax (Wi-Fi 6) APs require multi-gigabit speeds, while the other gigabit ports are adequate for computers, printers, VoIP phones, cameras, and additional Ethernet devices.

Conclusion

To take full advantage of the speed performance offered by 802.11ax (Wi-Fi 6) APs (up to 5 gigabits per second), our customers have already begun installing multi-gigabit switches to either replace or supplement older infrastructure. This is because system administrators cannot ensure a quality user experience by simply upgrading one part (access points) of a network. Reaping the benefits of 802.11ax (Wi-Fi 6) requires upgrades on the switch side as well. From our perspective, the transition to multi-gigabit switches should start now. With the average life for a switch being 5-7 years (and up to 10 years for many educational institutions), the need for multi-gigabit connections will almost certainly be upon us within this timeframe.

View the original post at the Ruckus Room.

Wi-Fi security issues – a 5 step guide on the Common Threats and how to manage them

Tuesday, December 11th, 2018

Today’s Wi-Fi networks are now more secure than the typical wired network in the same building. While that may seem like a bold opening statement, today this is often the case.

Wi-FiIt is true that WLANs got off to a chequered start 20 years ago, with attackers finding ways around the early security procedures and protocols in place. Consequently, though, the industry devoted a great deal of effort and innovation towards making WLANs much more secure – and they succeeded. There are, however, still challenges in securing any network.

As we know, wireless “leaks out” to the surrounding environment, which means passers-by can see and attempt to connect to any network they choose. As a response, we need to put steps in place to mitigate this threat. For wired networks, physical barriers with locks on the doors and containment physically within the building are the traditional wired networking means of defense. However, if a person with malicious intent is able to gain physical access, perhaps through social engineering, or tail-gating, a device can be connected and access gained which, then, is an opportunity for an attack to commence.

So how have WLANs been addressing security concerns? What has the result of all that investment and innovation been?

Wi-Fi Security Methods

The Gold standard is the use of Digital Certificates. This method is preferable because, unlike user-created passwords, certificates are virtually impossible to replicate. However, this method is also the most complex to deploy for the network administrator. Unless a friendly, user self-service Enrolment System is used to automate the authorization, creation, and distribution of certificates and secure WLAN setup for users can become a time-consuming task.

The Silver standard is a username and password-based authentication – often linked to a user database such as Microsoft Active Directory. This works well, but network administrators need to implement with care, making sure that proper server certificates are deployed to ensure users address a legitimate server, and that user passwords are suitably complex. Interestingly, both password complexity and frequency of change need not be as onerous as imagined and are well explained here.

We must accept that there will be a need to support some devices that cannot support the gold or silver methods. Such equipment often compromises devices that have crossed over from the home market to the workplace as digital transformation has taken hold – smart speakers, video streamers and casters, as well as other IoT devices. Limited to Pre-Shared Key authentication, in the commercial world, the use of a unique static key per device, called Dynamic Pre-Shared Key, provides enhanced security and limitation of a breach if one key is discovered.

2019 will see the introduction of a further security enhancement called WPA3. This new Wi-Fi security standard will replace WPA2, and improve the encryption strength and ease of setup of the methods discussed above.

Role Based Access – with a suitable WLAN infrastructure, the above access methods can map to user roles. Define what is allowed for a user type and apply rules accordingly. Roles provide a plethora of controls, from VLAN allocation, through to simple port and protocol-based firewall rules up to application-based recognition and control, including URL filtering.

View the original post by Neil Goddard.

Multi-gigabit solutions – why you should choose Ruckus Networks

Tuesday, November 27th, 2018

In this blog post, we’ll be taking a closer look at the Ruckus Networks multi-gigabit solutions portfolio. As we noted earlier in our series, next-generation wireless access points (APs) are playing a major role in driving the demand for multi-gigabit connectivity. We offer both 802.11ac (Wi-Fi 5) and 802.11ax (Wi-Fi 6) APs with multi-gigabit ports. The R720 802.11 ac Wave 2 (Wi-Fi 5) AP includes one 2.5 GbE port, plus another 1 GbE port. For ultra-high density wireless deployments, the R730 802.11ax (Wi-Fi 6) AP includes a port supporting 2.5 or 5 GbE, plus an additional 1 GbE port.

We also offer two switch families with multi-gigabit ports. The top-of-the-line ICX 7650 Z-Series features 24x 1/2.5/5/10G Multigigabit Ethernet ports, with the 24 GbE ports supporting 802.3bt (ready) PoE. These provide 90 watts of power per port to drive 802.11ax APs, high-end cameras, LED lighting and HDTV displays. The ICX 7650 Z-Series also features 2X 100 gigabit uplink ports, which are upgradable from 40 gigabits to 100 gigabits with a simple CLI command for top performance.

Meanwhile, the Ruckus ICX 7150 Z-Series delivers multi-gigabit connectivity in an entry-level switch. It features 16 2.5 GbE ports and provides up to 90 watts PoE. It offers up to 8, 10 GbE uplink ports which can be easily upgraded from 1 to 10 gigabits with a software license. Both switches offer redundant hot-swappable power supplies and fans and are stackable with other switches in the same family. Like all Ruckus network solutions, both our APs and switches leverage innovative technologies such as Campus Fabric, Advanced Stacking, BeamFlex, unified management for wireless switching, IoT and LTE.

Offering industry-leading performance, scalability, simplified management and lower total cost of ownership (TCO), Ruckus leads the way with the best multi-gigabit solutions. For example, the ICX 7650 Z-Series delivers top performance for 802.11ax APs – and is future-proofed for the next generation of Wi-Fi (7-10 years). The ICX 7150 Z-Series provides great value for the money, with the performance that organizations need for 802.11ac and 802.11ax for at least the next three to five years.

Interested in learning more about our multi-gigabit portfolio? Contact our team now.

Read the original post by Rick Freedman at The Ruckus Room.

Multi-Gigabit Use Cases

Friday, November 9th, 2018

These days, most access switches and end-user devices have 1 GbE ports, which are plentiful, highly competitive and affordable. Though currently a minority, the number of access points with 2.5 Gigabit Ethernet ports to support 802.11ac access points (APs) is increasing. Indeed, there is a range of devices – both on the market and those anticipated to launch – that support Ethernet switches with 2.5 GbE ports.

Unsurprisingly, switches with 2.5 GbE ports cost more than those with 1 GbE ports. Ruckus offers 2.5 GbE switches at a modest premium, although many other vendors sell 2.5 GbE, 5 GbE and 10 GbE ports that are more expensive and generally overkill for 802.11ac (Wi-Fi 5). Many 802.11ax (Wi-Fi 6) APs hitting the market will feature 5 GbE ports, although there are still few other devices expected to support 5 GbE.

When to use multi-gigabit connectivity

10 GbE Ethernet – which was part of the original 802.3bz standard – is primarily used for servers, storage and other devices in the data center. There are very few end-user devices that support 10GbE. However, more and more devices, such as laptops, point of sale units and video cameras are losing their tethers and moving to wireless connectivity. This increases the data load on wireless networks and drives the primary use case for 2.5 GbE and 5 GbE, as well as a new generation of access points. Multi-gigabit connectivity should be considered as organizations move to 802.11ac (Wi-Fi 5) and 802.11ax (Wi-Fi 6) and start implementing the next generation of Wi-Fi networks.

There are additional features to consider that go hand-in-hand with multigigabit connections, such as Power over Ethernet requirements (PoE) and future growth expectations. Indeed, it is important to understand the PoE power requirements for a new generation of access points equipped with multi-gigabit ports. Early APs routinely operated on PoE, consuming just 15 watts of power at the switch. However, more powerful radios consume more power. Even so, most APs today can still be powered by PoE or PoE+, the latter of which feeds 30 watts to the AP. However, while the latest 802.11ac (Wi-Fi 5) APs can operate on 30 watts of power, many need just a little more to achieve top performance – to drive all the radios and provide power to the USB port.

The newest generation of 802.11ax (Wi-Fi 6) APs is likely to require even more power than their predecessors. While 802.11ax (Wi-Fi 6) APs will operate on PoE+ power, they will demand more power to drive 8×8 radios and achieve peak performance. A new standard known as 802.3bt is expected to address the PoE requirements for 802.11ax (Wi-Fi 6) APs, as well as for devices such as LED lighting, pan-tilt-zoom (PTZ) cameras and HDTVs. 802.3bt – which incorporates both 60 watts and 90 watts of power per port – was ratified by the IEEE in September 2018. Organizations planning to deploy new switches with multi-gigabit connectivity should make sure they deliver sufficient PoE to support newer APs.

It should also be noted that there are detailed specifications for connections running at more than one gigabit per second over standard twisted-pair copper cabling. It is therefore important to understand the requirements and how they match existing cabling. The IEEE modified the 802.3bz standard in 2016 to add 2.5 gigabits and five gigabit Ethernet over twisted pair wiring. This was done specifically to support connecting new generations of Wi-Fi over copper without having to move to fiber optics.

The type of cabling that is required – both for one gigabit and 2.5 gigabit – can run over Cat 5e cabling for up to 100 meters. However, five gigabits per second requires Cat 6 cabling to run up to 100 meters and 10 gigabits per second requires Cat 6a. A significant number of buildings still only have Cat 5e cabling, in which case supporting faster speeds would require re-cabling a property. In practical terms, this means organizations should check the type of cabling currently installed in their buildings when considering an upgrade to multi-gigabit. If new cabling is required, organizations should be sure to calculate the upgrade costs and determine if moving to multi-gigabit is worth the expense.

Organizations should also be sure to understand the life-cycle of their infrastructure. More specifically, Wi-Fi standards, equipment, and gigabit usage are growing so rapidly that companies and organizations are refreshing their Wi-Fi access points approximately every three years. However, the switch lifecycle averages closer to five to seven years for commercial enterprises – and up to seven to ten years for the education market. So, organizations should ensure that new switch purchases will support current Wi-Fi networks and at least one more refresh cycle, if not more. During this period, they will see more users, more devices per users and a greater demand for throughput generated by streaming audio and video. Put simply, future-proofing switching is essential to protecting any network infrastructure investment.

View the original blog post by Rick Freedman at The Ruckus Room.

Take a number, we’ll be right with you: Wi-Fi connections and capacity

Wednesday, November 7th, 2018

Wi-Fi connects the world, one device at a time. Literally. One. Device. At. A. Time. Wi-Fi is a half-duplex technology. This means only one device gets to transmit. All other devices sharing that channel have to wait their turn to make wi-fi connections. Yet we talk about high capacity and how many devices an AP can support. What does that mean if the answer is always one?

When more than one device is connected to an AP, they must share the air. All other things being equal, the devices and the AP (it counts as a device too!) will take turns transmitting. You could easily have 10, 50, 100, or more devices connected to an AP. But each still has to wait for its turn to talk.

If you want to sound like a Wi-Fi pro, you’ll need to understand a few things about capacity: how many Wi-Fi connections an AP can keep track of, how devices are trying to talk simultaneously, and how fast each can talk.

You might have 100 devices connected to an AP, but if only 10 need to transmit at a given time, you don’t have to wait long for your turn. The other 90 devices stay connected and hang out until they have something to say.

Now, imagine you’ve got 500 devices connected and 250 want to talk simultaneously. That’s like being stuck in line at the restroom during a concert and there are 249 people ahead of you. Yikes.

If all of the devices are fast, your turn will come much more quickly: think of your 802.11ac smartphone versus Grandma’s old 802.11g laptop. No matter what you do, the phone will be capable of going faster than the laptop. But that doesn’t mean they will get the same performance on all APs.

Ruckus helps you wring every last bit of speed out of any device with innovations like BeamFlex+, transient client management, auto RF cell sizing, airtime decongestion, and much more. When you’ve got a network with lots of Wi-Fi devices (why, hello, IoT), any extra performance boosts can make a big difference.

Read the original report at The Ruckus Room.