We didn't have IP Routing on any switches at previous place so I just set the SonicWall appliance we had with sub sub interfaces for the vLans and used the built-in DHCP and basic filtering for the BOYD devices and it was good enough for us.
We used the domain DHCP for college devices and the SonicWall for BOYD DHCP as getting the DHCP relay working on the SonicWall and talking to the Domain DHCP server was a bain.
Last edited by Davit2005; 4th April 2014 at 03:41 PM.
There are couple of bits in this thread which I am responding to in 1 place:
>>Just looking through the manual and I can see where some people here have been having problems particularly with iOS devices. As they always want to connect to the open SSID.
Have you tried the on-boarding feature that is available in 9.6 onward? This removes the need to use a Hotspot WLAN for Zero-IT/D-PSK, just a single open WLAN for guest access and Zero-IT which is easier. I find that once the iOS device has its D-PSK and the user connects to the Secure WLAN then the device remembers it rather than jumping back to the open provisioning WLAN. In 9.8 (currently schedule for general availability May) you can also have 3 options for this on boarding portal - guest only, guest+Zero-IT, Zero-IT only. If its still an issue then you will have to get users do the "Forget WLAN" as unfortunately we can't force iOS devices to prioritise the WLAN connection order like you can on computers.
>>Has anyone actually managed to get Ruckus (Guest access) and iPads working with a WPAD to provide Internet access through a proxy? I have everything working as it should except for the fact that browsing the Internet (Safari or Chrome) fails for any site outside of our network. Bizarrely, using other apps (like Facebook, Twitter, Skype, etc) all work correctly!?!
>>P.S. Everything works fine if I manually enter the URL to the WPAD in the WiFi settings.
In the good old days when I was a young lad (pre-iOS 4.2) WPAD worked perfectly - just enabled HTTP Proxy / Auto and it would find WPAD host/file via DNS. Apple in their infinite wisdom decided to change this in subsequent versions of iOS so you have to enable Auto AND put the full WPAD URL in as it no longer uses DNS lookup (so no longer really "Auto")!! This is the issue with using "consumer" devices in an "Enterprise" network i.e. they are designed for consumer use/features (don't think many people have a non-transparent proxy at home). Its then always the Enterprise network vendors fault when something doesn't work... Android doesn't natively support WPAD so yuo can't even have one type of provisioning configuration for all devices unless you overlay an MDM solution.
I use Freeproxy for my WPAD testing with Chrome and it works Ok. When troubleshooting WPAD issues always start with ah very basic WPAD file and work up to a more complex one as you verify things work. I wrote a Ruckus WPAD deployment App Note which should be available through your Ruckus partner - that has a lot of good info in it. Some additional tips:
- If you are using WPAD on a WLAN with client isolation and the proxy is on the same subnet as clients/ZD then you need to add an Allow rule for the proxy IP to the Guest Access Restricted Subnets
- Similarly if you ar eusign L3/L4 Access Controls on the WLAN you need to add and allow rule for the proxy IP
- If you are using Guest Access or Web Portal then you need to add an exception for the ZD IP in the WPAD file so it can access it directly for redirection to work properly
Ultimately, either scrap your non-transparent proxy and move to a transparent proxy which solves all these client config issues, else have transparent proxy redirect your users to the non-transparent proxy (only works for HTTP traffic as I tested it and doesn't support proxy web authentication). I tested using a Microtik RB750 which has transparent redirection and NAT features to achieve this - think you can also do it on Smoothwall and Squid (which does support transparent HTTPS is you install the SSL Bump module). If you need any details on how I set it up with my RB750 send me a PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)