DHCP/NAT functionality on SZ-managed APs and DPs (data planes) allows customers to reduce costs and complexity by removing the need for DHCP server/NAT router to provide IP addresses to clients. For data traffic aggregation and services delivery you can choose appropriate user profile for DHCP and NAT services on vDP.


In highly distributed environments, particularly those with only a few APs per site, the ability for an AP or a set of APs to provide DHCP/NAT support to local client devices simplifies deployment by providing all-in-one functionality on the AP, which eliminates the need for a separate router and DHCP server for each site. It also eases site management by providing central control and monitoring of the distributed APs and their clients.

Three general DHCP scenarios are supported:

  • SMB Single AP: DHCP is running on a single AP only. This AP also functions as the Gateway AP.
  • SMB Multiple APs (<12): DHCP service is running on all APs, among which two of the APs will be Gateway APs. These two Gateway APs will provide the IP addresses as well as Internet connectivity to the clients via NAT.
  • Enterprise (>12): For Enterprise sites, an additional on site vDP will be deployed at the remote site which will assume the responsibilities of performing DHCP/NAT functions. Therefore, DHCP/NAT service will not be running on any APs (they will serve clients only), while the DHCP/NAT services are provided by the onsite vDP.

Profile-based DHCP

The DHCP Server is designed in-line in the data plane and provides extreme scale in terms of IP address assignment to clients. This feature is especially useful in high density and dynamic deployments like stadiums, train stations where large number of clients continuously move in & out of WiFi coverage. The DHCP server in the network needs to scale to meet these challenging requirements. The DHCP server on the vSZ-D provides high scale IP assignment and management with minimal impact on forwarding latency. By default, the maximum allowed IP assignment for the DHCP server is 50K IP addresses in a vSZ cluster managing multiple vDP. Additional IP assignment requires additional licensing.

Note: DHCP Server/NAT function if enabled is supported only for wireless client IPv4 address assignment.

Profile-based NAT

With NAT service enabled, all the WiFi client traffic is NATed by the vSZ-D before being forwarded to the core network. Each vSZ-D supports up to 900K NAT ports (traffic sessions) and 128 public IP addresses for NAT. This feature essentially reduces the network overhead significantly since this reduces the MAC-table considerations on the UP-stream switches significantly. Again, very useful in high density deployments.

Caveats and Limitations

The SmartZone DHCP on AP functionality has some limitations. These limitations should be considered before enabling this feature:

  • Running DHCP/NAT services on an AP can consume significant memory resources. Therefore, Ruckus recommends deploying this feature only on APs with 256MB or more RAM.
  • Max 4 IP address pools. Each pool must have non-overlapping IP addresses, and must be assigned a VLAN ID (2~4094).
  • Max 1,000 IP addresses per pool.
  • The following features are incompatible with the DHCP feature and cannot be enabled for a zone in which DHCP is enabled (or, if enabled for a zone, DHCP cannot be enabled or will be allowed but with a warning message):
    • IPv6
    • WeChat WLANs
    • Mesh (irrelevant for single-AP scenarios, configurable but with limitations for multi-AP scenarios)
    • DVLAN
    • VLAN Pooling
    • Bonjour Fencing
    • Client Isolation: If any WLAN within a zone uses a "Manual-Only" client isolation whitelist, DHCP cannot be enabled. Only Auto and Hybrid options are supported for zones with DHCP enabled.