Have a look at this guide i created for my setup www.edugeek.net/forums/how-do-you-do/109684-byod-smoothwall-ruckus-2.html#post941420
Please can someone tell me what benefits are there when using a Radius over AD.
If we want to offer BYOD and get users to auth using AD logins, I assume we don't need a radius because ZoneDirector is acting as a radius, sort of..
We are hoping to implement the following:
Domain WLAN - wifi computers on the domain(access to most servers)
Staff WLAN - staff BYOD (access to Internet based stuff and firefly VLE, also needs auth through smoothwall)
Pupil WLAN - pupil BYOD (same as above)
Admin WLAN - IT admins BYOD (access to all servers and services)
Guest WLAN - any other BYOD ( Internet only, transparent through smoothwall) WPA2 key issued daily.
Any advice on the above would be grateful, in terms of ruckus AAA and WLAN setups ànd smoothwall.
Ok I see you ave used AD in ruckus as your AAA service.
On smoothly you redirect users to an SSL login page to auth against AD, if that correct.
Why do SSL login on the guest wan? Surely you just let the out, I wouldn't want to give the a wifi key and a temp AD username, to much for them to get started.
And from what I can read your core switch gateway is set to the smoothly so clients don't need to set a proxy server as they will be directed that way anyway, if I'm correct...
Main differences are :
Radius will encrypt the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can be captured by a third party.
Depending on what mechanism you use for AD authentication the credentials may or may not be encrypted, Kerberos is an example of this when used in conjunction with AD Authentication.
robk has been testing this.
I dont think i have got SSL set on the guest wan. If i have then i have changed it to indent via location and then give basic filtering.
Yeah, that's right - in the Smoothwall update you'll use the Smoothie as your radius server. This will give a "seamless" login experience. @robk and a couple of others have tested this, it is currently in integration waiting to be turned into a patch for rollout (look out for main update 60) - this will take at least 3 weeks.
With the Smoothie auth that @tom_newton mentioned you could use the smoothwall zone bridging rules to achieve the effect of the different vlans, without needing to configure them... Guest logon can just be an AD account that you change the password on each day... saves a lot of setup!
There are currently 1 users browsing this thread. (0 members and 1 guests)