+ Post New Thread
Page 1 of 4 1234 LastLast
Results 1 to 15 of 47
Wireless Networks Thread, Ruckus and guest access in Technical; I'm trying to get my head around using our Ruckus for allowing certain students to access the internet from their ...
  1. #1
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,350
    Thank Post
    123
    Thanked 95 Times in 65 Posts
    Rep Power
    29

    Ruckus and guest access

    I'm trying to get my head around using our Ruckus for allowing certain students to access the internet from their own devices in school. I would like them to effectively only have access to the web proxy (smoothwall) and authenticate using their AD credentials. We don't have our APs on a seperate VLAN (due to the nature and variety of network switches) so I'm hoping that Ruckus's own isolation will help with that, but I am struggling to get my head around how Ruckus do this.

    I've tried to enable guest pass authentication, using our RADIUS server, but when redirected to the authentication page no valid credentials work so I get the feeling I'm missing a stage out at some point.

    Has anyone managed to do this, and have they got an idiot guide handy!

  2. #2

    CPLTD's Avatar
    Join Date
    Apr 2008
    Location
    Northamptonshire
    Posts
    4,065
    Thank Post
    1,401
    Thanked 652 Times in 507 Posts
    Blog Entries
    1
    Rep Power
    261
    Hi Sheridan,

    should be able to walk you through this, have PM'd.

    Thank,

    Mark

  3. #3
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,350
    Thank Post
    123
    Thanked 95 Times in 65 Posts
    Rep Power
    29
    Cheers for the offer - I might take you up on that when I get some time set aside.

    I've got a simple guest network running, which works with RADIUS and allows valid AD accounts to connect. However my wpad.dat file isn't recognised by any device. I've got the wpad.dat on the Zoendirector and configured in DHCP but everything that connects seems to ignore it!

  4. #4
    w-clarke101's Avatar
    Join Date
    May 2011
    Location
    Lancaster
    Posts
    97
    Thank Post
    1
    Thanked 8 Times in 8 Posts
    Rep Power
    15
    I was trying to do you same with wpad.dat to get proxy setup on guest laptop! don't get it to work and gave up in the end after being off work for a week.

    Would like to get this to work some how?

    Any one had any luck with setup Ruckus with wpad.dat?

  5. #5

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    887
    Thank Post
    280
    Thanked 139 Times in 112 Posts
    Blog Entries
    27
    Rep Power
    42
    There's a really good video on you tube that shows how to setup BYOD access with Ruckus (How to BYOD with Ruckus Wireless - YouTube)

    Should give you a good oversight; I managed to set ours up after watching this as a sort of primer.

    Pete

  6. 4 Thanks to FragglePete:

    BatchFile (18th February 2013), DevilsAdvocate (4th April 2014), gumbygaz (15th February 2013), speckytecky (15th February 2013)

  7. #6
    w-clarke101's Avatar
    Join Date
    May 2011
    Location
    Lancaster
    Posts
    97
    Thank Post
    1
    Thanked 8 Times in 8 Posts
    Rep Power
    15
    Can't get youtube! as it blocked ....

  8. #7
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,350
    Thank Post
    123
    Thanked 95 Times in 65 Posts
    Rep Power
    29
    I think theres something fundamentally wrong with my ruckus. I've got the RADIUS servers setup, and configured Roles for each group (admins/staff/students etc) but the AAA query always shows success but the group assignment will be 'default'!

  9. #8
    BatchFile's Avatar
    Join Date
    Aug 2007
    Location
    Cumbria
    Posts
    948
    Thank Post
    544
    Thanked 128 Times in 106 Posts
    Rep Power
    60
    I've never used VLANs before - is there an idiots guide somewhere?

    I've got Ruckus to authenticate with AD, no worries, and without the VLAN settings it's getting IP addresses from a DHCP server and, when the proxy settings are put in manually, all is well.

    I'm thinking one way to proceed now is:
    1. set a spare port on a managed switch to be a new VLAN
    2. connect a smoothwall transparent proxy with DHCP, which I've used before to add a proxy setting where the client device didn't support it, to it
    3. set that VLAN to the BYOD Network in Ruckus

    How does that sound? will that then give a client device an IP from Smoothwall and allow it to access the web? or have I fundamentally missed a point or two along the way?

    edit: I've just read through the thread again and it looks as if I've hijacked it - mods if you want to move this to a new thread that's fine by me!
    Last edited by BatchFile; 18th February 2013 at 11:53 AM.

  10. #9

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    887
    Thank Post
    280
    Thanked 139 Times in 112 Posts
    Blog Entries
    27
    Rep Power
    42
    Quote Originally Posted by BatchFile View Post
    I've never used VLANs before - is there an idiots guide somewhere?
    You need to get your head round that first, took me a while as well and I believe a number of posts on here will point you in the right direction.

    But, in a nutshell - You'll need switches that are managed, you'll need to setup the VLANs on all your switches (obviously, only those that will have traffic flowing for each VLAN), 'tag' the trunks/uplinks to each Edge switch with the associate VLANS, setup DHCP helper on your Core Switch for the VLANs to point at your DHCP server, Setup a DHCP scope for the BYOD with the gateway set to the IP address of your Core Switch, 'tag' the port that has the AP plugged into for your guest VLAN (you'll need to tag it with the other VLANs as well if you have other SSIDs for on it and management so that ZoneDirector can still access it), setup the SSID on the ZoneDirector to be associated with a particular VLAN and, errr, that is about it. I think, working from memory. May have missed out a step but hopefully it'll help.

    Pete

  11. 2 Thanks to FragglePete:

    BatchFile (18th February 2013), zag (24th February 2014)

  12. #10
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,464
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113
    Quote Originally Posted by Sheridan View Post
    I think theres something fundamentally wrong with my ruckus. I've got the RADIUS servers setup, and configured Roles for each group (admins/staff/students etc) but the AAA query always shows success but the group assignment will be 'default'!
    You need to add some additional attributes to get the radius groups working

    Windows NPS Radius + ZoneDirector, A How to guide. - Ruckus Wireless Forums

    I have got it working to assign available ssids via group membership

  13. #11
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,350
    Thank Post
    123
    Thanked 95 Times in 65 Posts
    Rep Power
    29
    Hmm I feel I am so near to getting this working, yet so far!

    I've got AD authentication working, and using the youtube example above I've managed to get a hotspot service set up and zero-it provisioning working, with a WLAN for staff and another for students.

    This seems to work, a user select the 'open' wlan and then when any web page is requested the authentication page appears. After successful authentication the zero-it installer comes in and adds the correct WLAN on the test pc (in this case an iMac).

    But thats where it stops, the mac stays connected to the hotspot wlan and ignores the specific wlan that is assigned to the user's group. The zero it part seems to configure this correctly and thats where it falls apart as you can't go any further!

  14. #12

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    887
    Thank Post
    280
    Thanked 139 Times in 112 Posts
    Blog Entries
    27
    Rep Power
    42
    It's the one failing, that myself and others have noticed - it doesn't switch the user to the SSID automatically that has been setup with the Auto Provisioning. The user has to switch to that Wireless SSID themself to start using your internet connection. Also, the problem on Android devices is that by default they don't allow .apk files to be installed from unknown sources; this has to be setup on the phone by the user, but of course, trying to explain that to some users is tricky.

    Looks like your there really, try it out on a few guinea pigs and see how it goes.

    Pete

  15. #13
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,350
    Thank Post
    123
    Thanked 95 Times in 65 Posts
    Rep Power
    29
    I noticed the issue with apk files on android phones as well, but thats something thats easy to work around I suppose.

    I gave up with the mac, and got it working on and android device but that ignores the proxy settings I uploaded to the zonedirector (wpad.dat) so even when I get a connection its useless!

    I'm so close I can almost taste it!

    EDIT, spoke too soon! Android devices just sit in a loop of Authenticating... and Obtaining ip address.

    The macs connect and fail to connect to the correctly assigned wlan, and even when manually connected they ignore the wpad.dat settings. Oddly my test mac now refuses to open the zero-it file (prov-mobileconfig) and attempts to open it with Apple Logic Pro!
    Last edited by Sheridan; 27th February 2013 at 03:48 PM.

  16. #14
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,350
    Thank Post
    123
    Thanked 95 Times in 65 Posts
    Rep Power
    29
    I think I'll have to ditch the byod aspect of ruckus - it doesn't seem to work very well. For starters the zero-it part doesn't work on Macs and then the correct WLAN isn't selected. Plus it simply ignores the wpad.dat file that is uploaded to the zonedirector so it means manual proxy details have to be entered - that defeats the purpose a bit.

    Its inconsistent on android devices as well, so I have no faith in rolling this out to staff/students who might be on ipod/ipads/macs/phones etc!

    Has anyone implemented a robust byod system with anything like Aruba or a similar competitor?

  17. #15
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,350
    Thank Post
    123
    Thanked 95 Times in 65 Posts
    Rep Power
    29
    All I would say in conclusion is - don't waste too much time with byod on ruckus. It looks like a bit of a mess and I've given up trying to sort it out.

    I've decided to ditch the ruckus and use some Dlink WAP's (just using wpa) and stick them on a seperate vlan in key areas of the school. This Vlan will have its own non-authenticating smoothwall web filter and thats all they will have access to. They will still need to put the proxy settings manually in but that would have been the case with ruckus anyway. Frustrated and disappointed with ruckus - but I've wasted too much time on this.

  18. Thanks to Sheridan from:

    zag (24th February 2014)

SHARE:
+ Post New Thread
Page 1 of 4 1234 LastLast

Similar Threads

  1. RUCKUS help - Guest access & the internet via Proxy
    By jamin100 in forum Wireless Networks
    Replies: 24
    Last Post: 15th March 2012, 09:21 AM
  2. Replies: 2
    Last Post: 10th February 2012, 03:53 PM
  3. Ruckus Guest Access
    By Quackers in forum Wireless Networks
    Replies: 5
    Last Post: 6th February 2012, 10:59 AM
  4. Ruckus Wireless - Guest Access from Mac devices
    By Maxell in forum Wireless Networks
    Replies: 0
    Last Post: 2nd November 2011, 02:36 PM
  5. Need help and advice on wireless guest access proxy settings
    By sammy42 in forum Learning Network Manager
    Replies: 4
    Last Post: 6th October 2011, 08:43 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •