+ Post New Thread
Results 1 to 8 of 8
Wireless Networks Thread, Ruckus which AAA service to use? in Technical; ...
  1. #1
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    343
    Thank Post
    5
    Thanked 38 Times in 35 Posts
    Rep Power
    27

    Ruckus which AAA service to use?

    Please can someone tell me what benefits are there when using a Radius over AD.

    If we want to offer BYOD and get users to auth using AD logins, I assume we don't need a radius because ZoneDirector is acting as a radius, sort of..

    Any thoughts....

    We are hoping to implement the following:

    Domain WLAN - wifi computers on the domain(access to most servers)
    Staff WLAN - staff BYOD (access to Internet based stuff and firefly VLE, also needs auth through smoothwall)
    Pupil WLAN - pupil BYOD (same as above)
    Admin WLAN - IT admins BYOD (access to all servers and services)
    Guest WLAN - any other BYOD ( Internet only, transparent through smoothwall) WPA2 key issued daily.

    Any advice on the above would be grateful, in terms of ruckus AAA and WLAN setups ànd smoothwall.

  2. #2
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,035
    Thank Post
    305
    Thanked 293 Times in 203 Posts
    Rep Power
    120

  3. #3
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    343
    Thank Post
    5
    Thanked 38 Times in 35 Posts
    Rep Power
    27
    Ok I see you ave used AD in ruckus as your AAA service.

    On smoothly you redirect users to an SSL login page to auth against AD, if that correct.

    Why do SSL login on the guest wan? Surely you just let the out, I wouldn't want to give the a wifi key and a temp AD username, to much for them to get started.

  4. #4
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    343
    Thank Post
    5
    Thanked 38 Times in 35 Posts
    Rep Power
    27
    And from what I can read your core switch gateway is set to the smoothly so clients don't need to set a proxy server as they will be directed that way anyway, if I'm correct...

  5. #5
    nelsons's Avatar
    Join Date
    May 2013
    Location
    Newcastle Upon Tyne
    Posts
    17
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    3
    Main differences are :

    Radius will encrypt the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can be captured by a third party.

    Depending on what mechanism you use for AD authentication the credentials may or may not be encrypted, Kerberos is an example of this when used in conjunction with AD Authentication.

    Cheers

    S

  6. #6
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,035
    Thank Post
    305
    Thanked 293 Times in 203 Posts
    Rep Power
    120
    Quote Originally Posted by ass17 View Post
    Ok I see you ave used AD in ruckus as your AAA service.

    On smoothly you redirect users to an SSL login page to auth against AD, if that correct.

    Why do SSL login on the guest wan? Surely you just let the out, I wouldn't want to give the a wifi key and a temp AD username, to much for them to get started.
    Yep thats correct. There is an update soon where the smoothie will intercept the traffic from the wireless so users on the wifi dont need to use the SSL login page. I think @robk has been testing this.

    I dont think i have got SSL set on the guest wan. If i have then i have changed it to indent via location and then give basic filtering.

    Quote Originally Posted by ass17 View Post
    And from what I can read your core switch gateway is set to the smoothly so clients don't need to set a proxy server as they will be directed that way anyway, if I'm correct...
    Thats right, it is working at the moment for staff as i havent yet rolled it out to post16, however its working fine as staff have complained they cannot get on facebook on their phones :P

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    866
    Thanked 850 Times in 672 Posts
    Rep Power
    196
    Yeah, that's right - in the Smoothwall update you'll use the Smoothie as your radius server. This will give a "seamless" login experience. @robk and a couple of others have tested this, it is currently in integration waiting to be turned into a patch for rollout (look out for main update 60) - this will take at least 3 weeks.

  8. #8
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    761
    Thank Post
    176
    Thanked 130 Times in 109 Posts
    Blog Entries
    1
    Rep Power
    48
    With the Smoothie auth that @tom_newton mentioned you could use the smoothwall zone bridging rules to achieve the effect of the different vlans, without needing to configure them... Guest logon can just be an AD account that you change the password on each day... saves a lot of setup!

SHARE:
+ Post New Thread

Similar Threads

  1. [Windows Software] Which serial number to use for Server 2008 VM on datacenter 2008 licensed host ?
    By albertwt in forum Licensing Questions
    Replies: 2
    Last Post: 18th May 2010, 05:51 AM
  2. Which Exchange protection to use?
    By MK-2 in forum Windows
    Replies: 5
    Last Post: 17th November 2008, 01:47 PM
  3. Set Terminal Services to use a second network port
    By Mr_M_Cox in forum How do you do....it?
    Replies: 5
    Last Post: 14th July 2008, 09:12 PM
  4. Which Backup Exec version + optional features to use?
    By OverWorked in forum How do you do....it?
    Replies: 18
    Last Post: 23rd February 2007, 07:24 PM
  5. Which Backup Hardware to use
    By Brad in forum Hardware
    Replies: 19
    Last Post: 28th March 2006, 10:16 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •