+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 47
Wireless Networks Thread, Ruckus and guest access in Technical; Originally Posted by Sheridan Hmm I feel I am so near to getting this working, yet so far! I've got ...
  1. #31

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by Sheridan View Post
    Hmm I feel I am so near to getting this working, yet so far!

    I've got AD authentication working, and using the youtube example above I've managed to get a hotspot service set up and zero-it provisioning working, with a WLAN for staff and another for students.

    This seems to work, a user select the 'open' wlan and then when any web page is requested the authentication page appears. After successful authentication the zero-it installer comes in and adds the correct WLAN on the test pc (in this case an iMac).

    But thats where it stops, the mac stays connected to the hotspot wlan and ignores the specific wlan that is assigned to the user's group. The zero it part seems to configure this correctly and thats where it falls apart as you can't go any further!
    Sheridan, this behaviour is the default for most devices. They will keep the WiFi SSID that you are using for the provisioning unless you remove it from the memory of the device (Preferred Networks on a Mac, and you have to tell iOS to "forget" the provisioning network). In fact, I find that open (non-secured) SSIDs are usually preferred by many devices when they are aware of multiple SSIDs in the area they can access. We made this step part of our BYOD setup instructions for students and staff.

    Another method that we have used is to setup the "open" or provisioning WLAN to be used for enrolling iPads and Macs to our MDM system. The MDM system then installs the appropriate WiFi profile. This isn't making use of Zero-IT, but we switched to this because it gave us a bit more control over everything. However, the end-user still needs to tell their device to "forget" the provisioning WLAN or they will keep connecting back to it.

    This isn't the fault of the Ruckus WiFi system though.
    Last edited by seawolf; 24th February 2014 at 12:26 AM.

  2. #32
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,829
    Thank Post
    918
    Thanked 422 Times in 355 Posts
    Blog Entries
    12
    Rep Power
    88
    Quote Originally Posted by Sheridan View Post
    Has anyone implemented a robust byod system with anything like Aruba or a similar competitor?
    I share your frustrations as well on setting up BYOD and we use Aruba.

    I'm still trying to get my head around offering a simple, secure guest wireless system.

    Aruba works well but I'm having difficulty setting up VLANs and and the sheer complicatedness of it all.

    Currently we use a transparent Smoothwall proxy, Aruba Captive Portal and DHCP MAC address filtering. It works and is rock solid but a lot of admin and we have no tracking of devices. That worries me.

  3. #33

    Join Date
    Sep 2012
    Posts
    145
    Thank Post
    18
    Thanked 22 Times in 19 Posts
    Rep Power
    8
    We have given up with Ruckus after 2 years of trying to get it working properly and are now heading down the Meraki route now as we can then see what websites that the students go on in case of issues. Having spent 2 days on trying to get the 2 test APs sent out to us by Cisco, we have built a new DHCP server running 2012 plugged into the transparent proxy via a mini switch which goes into the core switch and out that way. Bit of a hassle to set up, but with more than one brain and a few hours with the door shut it all started working as expected. (stupidly used a desktop and not a rack mountable PC as a base so we now have to work out where to put it...)

  4. #34
    foofighterjim's Avatar
    Join Date
    Nov 2011
    Location
    Birmingham
    Posts
    417
    Thank Post
    30
    Thanked 78 Times in 59 Posts
    Rep Power
    28
    Its stories like this that are making me consider Areohive, no need for captive portal. You can use PPSK and give everyone their own personal key on the same secure SSID, AD membership can be used to define what VLAN they get put on. You can also set a concurrency limit to stop them from sharing keys. Not that I'm looking at BYOD per se but saw the uses for guest access.

  5. #35

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by foofighterjim View Post
    Its stories like this that are making me consider Areohive, no need for captive portal. You can use PPSK and give everyone their own personal key on the same secure SSID, AD membership can be used to define what VLAN they get put on. You can also set a concurrency limit to stop them from sharing keys. Not that I'm looking at BYOD per se but saw the uses for guest access.
    You can do the same with Ruckus.

    It's stories like this that make me think some people have misconfigured networks and they would have the same problems with ANY system....

  6. #36
    foofighterjim's Avatar
    Join Date
    Nov 2011
    Location
    Birmingham
    Posts
    417
    Thank Post
    30
    Thanked 78 Times in 59 Posts
    Rep Power
    28
    Thanks for the info, as you can guess I have enough info on the Areohive system to make a judgement on that. Hopefully I will be in the same position with Ruckus by the end of next week.

  7. #37

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by foofighterjim View Post
    Thanks for the info, as you can guess I have enough info on the Areohive system to make a judgement on that. Hopefully I will be in the same position with Ruckus by the end of next week.
    This might be helpful to you then - http://theruckusroom.typepad.com/fil...kus-0712-3.pdf

  8. Thanks to seawolf from:

    foofighterjim (3rd March 2014)

  9. #38
    foofighterjim's Avatar
    Join Date
    Nov 2011
    Location
    Birmingham
    Posts
    417
    Thank Post
    30
    Thanked 78 Times in 59 Posts
    Rep Power
    28
    Quote Originally Posted by seawolf View Post
    This might be helpful to you then - http://theruckusroom.typepad.com/fil...kus-0712-3.pdf
    Thanks @seawolf will give that a read this afternoon.

  10. #39
    foofighterjim's Avatar
    Join Date
    Nov 2011
    Location
    Birmingham
    Posts
    417
    Thank Post
    30
    Thanked 78 Times in 59 Posts
    Rep Power
    28
    Just looking through the manual and I can see where some people here have been having problems particularly with iOS devices. As they always want to connect to the open SSID, this is almost the exact same issue I had with Meru at my previous establishment. Looking at the Ruckus solution I would not be going down the zero it route, and the need to have dedicated SSIDs for each role all seems messy when compared with Areohive. It definitely gives me a new list of questions when I am having my Ruckus demo so thanks again @seawolf

  11. #40

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by foofighterjim View Post
    Just looking through the manual and I can see where some people here have been having problems particularly with iOS devices. As they always want to connect to the open SSID, this is almost the exact same issue I had with Meru at my previous establishment. Looking at the Ruckus solution I would not be going down the zero it route, and the need to have dedicated SSIDs for each role all seems messy when compared with Areohive. It definitely gives me a new list of questions when I am having my Ruckus demo so thanks again @seawolf
    No worries. The open SSID problem is easily taken care of by simply forgetting the provisioning network once everything is configured. We didn't find it to be a problem as we put this step in our BYOD instructions.

  12. #41
    truebluesteve's Avatar
    Join Date
    Jan 2008
    Posts
    369
    Thank Post
    48
    Thanked 46 Times in 38 Posts
    Rep Power
    24
    We have BYOD and Guest wlans working on our Ruckus/Smoothwall setup and it's fine but it does require the use of VLANs. A very good guide was written by someone on here - and I apologise to him profusely for remembering his name, but it did take a bit of time and patience.

    As for the self provisioning - it works on iOS devices but you need to 'forget' the provisioning WLAN as others have said. I couldn't get it to work on Android devices at all, although that was quite a few months ago and it may be better now.

  13. #42
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,035
    Thank Post
    305
    Thanked 293 Times in 203 Posts
    Rep Power
    120
    Ill dig the document out. It needs updating and will upload it.

  14. 2 Thanks to timbo343:

    djones (3rd March 2014), zag (4th March 2014)

  15. #43
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,035
    Thank Post
    305
    Thanked 293 Times in 203 Posts
    Rep Power
    120
    Document updated for you all.

    We don't self provision due to some devices accepting the config file and others not so just having a WLAN where people can hop on and off would be the best idea.

    Our BYOD WLANs aren't secure as there is a problem with 802.1x and smoothwall. If you read some of my posts on here you will find that ruckus cannot use the smoothwall as a radius server as the authentication groups don't work correctly when looking back at AD however i have heard this is going to change in the future.
    Attached Files Attached Files
    Last edited by timbo343; 4th March 2014 at 03:09 PM.

  16. 2 Thanks to timbo343:

    s1ndr0me (5th April 2014), zag (4th March 2014)

  17. #44

    Join Date
    Oct 2007
    Location
    Cambridgeshire, UK
    Posts
    306
    Thank Post
    58
    Thanked 23 Times in 20 Posts
    Rep Power
    18
    Has anyone actually managed to get Ruckus (Guest access) and iPads working with a WPAD to provide Internet access through a proxy? I have everything working as it should except for the fact that browsing the Internet (Safari or Chrome) fails for any site outside of our network. Bizarrely, using other apps (like Facebook, Twitter, Skype, etc) all work correctly!?!

  18. #45

    Join Date
    Oct 2007
    Location
    Cambridgeshire, UK
    Posts
    306
    Thank Post
    58
    Thanked 23 Times in 20 Posts
    Rep Power
    18
    P.S. Everything works fine if I manually enter the URL to the WPAD in the WiFi settings.

SHARE:
+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. RUCKUS help - Guest access & the internet via Proxy
    By jamin100 in forum Wireless Networks
    Replies: 24
    Last Post: 15th March 2012, 09:21 AM
  2. Replies: 2
    Last Post: 10th February 2012, 03:53 PM
  3. Ruckus Guest Access
    By Quackers in forum Wireless Networks
    Replies: 5
    Last Post: 6th February 2012, 10:59 AM
  4. Ruckus Wireless - Guest Access from Mac devices
    By Maxell in forum Wireless Networks
    Replies: 0
    Last Post: 2nd November 2011, 02:36 PM
  5. Need help and advice on wireless guest access proxy settings
    By sammy42 in forum Learning Network Manager
    Replies: 4
    Last Post: 6th October 2011, 08:43 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •