20250907

projects/gg/avahi_mdns-reflector/prep/20250718-ruckus-sw-cfg.md

@@ -0,0 +1,101 @@
+
+### **Ruckus One Switch Configuration for Your Network Setup**
+
+#### **1. IGMP Snooping Configuration**
+Ruckus One switches support **active** and **passive** IGMP snooping. Here's what to use:
+
+- **IGMP Snooping Mode**: **Active**  
+  - **Why**: Active mode actively participates in IGMP snooping, ensuring multicast traffic is forwarded only to ports where devices are listening. This is critical if your network has **other multicast traffic** (e.g., video streaming, IP multicast services). While mDNS (Bonjour) uses UDP and not IGMP, enabling active IGMP snooping ensures **compatibility with other multicast services** and prevents unnecessary flooding.
+
+- **Enable IGMP Snooping**:
+  - Navigate to **Ruckus One Dashboard > Switches > [Switch Name] > IGMP Snooping**.
+  - Set **Mode** to **Active**.
+  - Enable **IGMP Snooping** and **IGMP Snooping Fast Leave** (for faster group leave handling).
+
+---
+
+#### **2. Key Configuration Recommendations for Ruckus One Switches**
+Here’s how to configure your switches for **maximal efficiency** and **network quality**:
+
+##### **A. VLAN Configuration**
+- **VLAN Trunking**: Ensure **trunk ports** are used between switches and the core network (e.g., Sophos XGS4300) to carry all VLANs (15, 19, 7).
+- **Access Ports**: Assign **access ports** to end-user devices (Apple TVs, macOS/iOS devices) with the correct VLAN tag.
+- **VLAN Prioritization**:
+  - Use **QoS (CoS)** to prioritize critical traffic (e.g., Bonjour, HTTP, HTTPS).
+  - Example: Assign **CoS 5** to VLAN 7 (AppleTV) and **CoS 4** to VLANs 15/19 (Apple devices).
+
+##### **B. QoS and Traffic Prioritization**
+- **Priority Queuing**:
+  - Prioritize **UDP ports 80, 443, 546** (HTTP, HTTPS, DHCPv6) for Apple devices.
+  - Use **DSCP values** (e.g., DSCP 46 for EF class) to mark traffic for low-latency, high-reliability transmission.
+- **Traffic Shaping**:
+  - Limit bandwidth for non-critical traffic (e.g., background updates) to ensure quality for AppleTV and student/teacher devices.
+
+##### **C. Link Aggregation (LACP)**
+- **Enable LACP** on uplinks between switches and the core (Sophos XGS4300) to:
+  - Improve redundancy.
+  - Balance traffic across multiple links.
+  - Avoid single points of failure.
+
+##### **D. Spanning Tree Protocol (STP)**
+- **Enable STP** (RSTP or MSTP) to prevent broadcast storms and loops.
+- Set **root bridges** to avoid unnecessary STP convergence delays.
+
+##### **E. Port Security**
+- **Enable Port Security** on access ports to:
+  - Prevent MAC address spoofing.
+  - Limit the number of devices per port (e.g., 1 device per port for AppleTV).
+- Use **MAC-based filtering** to restrict unauthorized devices.
+
+##### **F. IGMP Snooping Enhancements**
+- **IGMP Snooping Fast Leave**: Reduces delay when devices leave multicast groups.
+- **IGMP Snooping Querier Timeout**: Adjust timeout values (e.g., 100 seconds) to balance responsiveness and resource usage.
+
+##### **G. Monitoring and Analytics**
+- **Enable Traffic Monitoring** to track:
+  - Bandwidth usage per VLAN.
+  - Multicast traffic patterns.
+  - QoS policy enforcement.
+- Use **Ruckus One Analytics** to identify bottlenecks or misconfigurations.
+
+---
+
+#### **3. CSV File Configuration (Batch Setup)**
+If you have a CSV list of all switches, use the **Ruckus One Dashboard** to apply configurations **across all switches**:
+
+1. **Export Switch Configurations**:
+   - Navigate to **Ruckus One Dashboard > Switches > [Switch Name] > Export Configuration**.
+   - Save the configuration as a `.cfg` file.
+
+2. **Batch Apply Configurations**:
+   - Use the **"Apply Configuration"** feature to push the same settings to multiple switches.
+   - For VLANs, QoS, and QoS policies, ensure all switches are configured identically.
+
+3. **Automate with Ruckus One API** (Optional):
+   - Use the **Ruckus One API** (via REST or SDK) to programmaticall configure switches in bulk.
+   - Example: Apply IGMP snooping settings to all switches in a group.
+
+---
+
+#### **4. Additional Best Practices**
+- **Firmware Updates**: Ensure all switches are running the **latest firmware** for security and performance improvements.
+- **SNMP Monitoring**: Enable SNMP for real-time monitoring of switch metrics (e.g., CPU usage, port status).
+- **Security Policies**:
+  - Disable **unnecessary protocols** (e.g., Telnet, FTP).
+  - Enable **SSH** and **HTTPS** for secure access.
+  - Use **802.1X authentication** for access ports to restrict unauthorized devices.
+
+---
+
+### **Summary Table: Ruckus One Switch Configuration Summary**
+| Feature                  | Configuration                          | Rationale |
+|--------------------------|----------------------------------------|-----------|
+| IGMP Snooping           | **Active** mode, enabled              | For multicast services and compatibility |
+| VLAN Trunking           | Enabled on uplinks                    | For inter-switch communication |
+| QoS (CoS/DSCP)          | Prioritize VLAN 7 (AppleTV)           | Ensures low-latency traffic |
+| Link Aggregation (LACP) | Enabled on uplinks                    | Redundancy and bandwidth |
+| Port Security           | Enabled, MAC-based filtering          | Prevents unauthorized access |
+| STP (RSTP/MSTP)         | Enabled, root bridge set              | Prevents loops |
+| Monitoring              | SNMP, Ruckus One Analytics            | Identifies performance issues |
+
+By following these steps, your Ruckus One switches will be optimized for **multicast traffic handling**, **quality of service**, and **network security** in your hybrid AppleTV/education network. Let me know if you need help exporting CSV configurations or scripting API calls! 🚀