+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Wireless Networks Thread, Ruckus BYOD - possible android problem - not tested on apple products in Technical; We have had a ruckus system running brilliantly for months and i'm really happy with it, in fact i cannot ...
  1. #1
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,778
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    88

    Ruckus BYOD - possible android problem - not tested on apple products

    We have had a ruckus system running brilliantly for months and i'm really happy with it, in fact i cannot praise it enough.

    There has been one little niggle though which has been bothering me and that is to do with BYOD either Staff or Students. I'm in two minds on which way to go with this.

    At the moment i have an open SSID (BYOD-STAFF) for Staff, a SSID (BYOD-STUDENTS) and a SSID (BYOD-POST16) for students where users will connect to and authenticate against Active Directory and if they are part of the relevant member group in AD they are granted access. This is working fine however the connection isn't encrypted. They are then passed to the smoothwall for SSL login to the net as WPA on Smoothwall and the ruckus group membership don't work so i cannot let on staff connect to the staff SSID, anyway that's another story.

    I have seen and tested, which i have got setup but hidden at the moment, a SSID called Provision which is open and a test SSID for staff called BYOD-STAFF-En which is encrypted. A member of staff connects to the provision SSID, which gives the user an IP address from the main domain for a little while, logs into a walled garden, inputs their username and password and they download the prov.exe on windows or prov.apk if on android. Once the profile has been downloaded the user, i have found if using...
    a) a laptop, needs to turn the wireless off and then back on again and the laptop connects to the relevant SSID which the profile has given.
    b) an android device, will not pass me over to the relevant SSID, even if i turn the wireless off and on, it still doesn't work. The only way i have got it to work is to disconnect or forget the provision SSID.
    c) i have tried it on an apple device however the apple device is locked to IrisConnect so i cannot install google chrome as safari doesn't work.

    I thought this profile moved the device over to the SSID automatically this making it easy for the user. At the moment, it does't seem straight forward for the average user.

    Has anyone else had this problem or are people doing it the former way i have mentioned. I would really like to get the latter working to see how it goes.

    Thanks
    Last edited by timbo343; 30th August 2013 at 09:00 PM.

  2. #2
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    270
    Thank Post
    5
    Thanked 27 Times in 27 Posts
    Rep Power
    24
    I contacted support about the very same issue, I can only get it to work with osX.

    They said that you have to turn your wifi off then on again but with iOS and android you need to forget the provision network and then it will auto connect to the network from the profile you installed.

  3. #3

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    726
    Thank Post
    7
    Thanked 219 Times in 171 Posts
    Rep Power
    150
    Quote Originally Posted by ass17 View Post
    I contacted support about the very same issue, I can only get it to work with osX.

    They said that you have to turn your wifi off then on again but with iOS and android you need to forget the provision network and then it will auto connect to the network from the profile you installed.
    We've been using this setup just fine for 9 months. The only catch is that in both OS X and iOS you have to forget the provisioning SSID or the device might reconnect to it in the future (and you'll get "my WiFi isn't working" complaints). The other option is to use Zero-IT config, which can be limited so it only works for certain AD groups.

  4. #4
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,778
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    88
    I have configured the BYOD-STAFF-En to use ZeroIT activation which still results in the problem following this video http://m.youtube.com/watch?v=9AUki6_...%3D9AUki6_lJPA
    Last edited by timbo343; 30th August 2013 at 10:50 PM.

  5. #5

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    726
    Thank Post
    7
    Thanked 219 Times in 171 Posts
    Rep Power
    150
    Quote Originally Posted by timbo343 View Post
    I have configured the BYOD-STAFF-En to use ZeroIT activation which still results in the problem.
    What version of firmware are you using? There have been a few issues caused and solved with ZeroIT in a couple of firmware updates over the past year.

  6. #6
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,778
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    88
    The latest version 9.6

  7. #7

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    726
    Thank Post
    7
    Thanked 219 Times in 171 Posts
    Rep Power
    150
    Quote Originally Posted by timbo343 View Post
    The latest version 9.6
    I haven't tried 9.6 yet so I can't really say. Have you tried rolling back to the latest firmware prior to 9.6? There was a really bad bug in the first version of 9.5 that completely broke ZeroIT for OSX (it still worked with iOS though).

    *WARNING: rolling back the firmware may reset your ZoneDirector to factory config so make SURE you have a good config backup first.

  8. Thanks to seawolf from:

    timbo343 (30th August 2013)

  9. #8
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,778
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    88
    hmmmm, ill try, not too keen on going back to the latest version of 9.5. Ive got to do both boxes as they are in failover mode at the moment. Ill try to see if someone can test this on 9.5 first. What version are you on?

  10. #9
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,778
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    88
    Ive just found this http://support.responsive-services.c...roid_olton.htm looks like i may have to do a guide if i want it set this way.

  11. #10

    seawolf's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne
    Posts
    726
    Thank Post
    7
    Thanked 219 Times in 171 Posts
    Rep Power
    150
    Quote Originally Posted by timbo343 View Post
    hmmmm, ill try, not too keen on going back to the latest version of 9.5. Ive got to do both boxes as they are in failover mode at the moment. Ill try to see if someone can test this on 9.5 first. What version are you on?
    Just logged onto the VPN to check. we're using version 9.5.1.0 build 50 currently.

    It is a pain to rollback I know (had to do it when I encountered the bug at the start of the year after upgrading from 9.4 to 9.5). I took Ruckus a couple of weeks to fix it, but they did in the end (see email from Ruckus Support below)


    This email is to update you that we have uploaded 9.5.1 firmware in to our support site and this is the fix for the MAC clients who are facing issues with Zero-It, please upgrade the firmware and let us know for any issues.

    Feel free to contact us for any clarifications or assistance, we are glad to assist you.

    Best Regards,
    Srinivas Pithani

  12. Thanks to seawolf from:

    timbo343 (30th August 2013)

  13. #11
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,778
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    88
    Cheers. Ill see what i can do on Monday when i'm next in the office and report back on here.

  14. #12
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    270
    Thank Post
    5
    Thanked 27 Times in 27 Posts
    Rep Power
    24
    We rolled back to 9.5 and as been as stable as any of the previous builds.

    Instead of using a provisioning WLAN, on each WLAN enable captive portal against you AD and select ZeroIT, this way you don't need a provisioning network.

    If you have made the WLAN SSIDs obvious then people will know which one applies to them.

    Choose names that include, staff, pupils, guest etc....

    I'm not sure how this will work if also have specified an encryption type, at a guess it will prompt of the key, before anything else, but then it may ask you to auth after. I haven't test this theory out yet but perhaps someone can confirm what I'm saying...

  15. #13
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,778
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    88
    My BYOD SSIDs are all known by staff, student or post16 and all have authenticate against AD and have zero-it selected.

    My only worry is that the SSIDs aren't encrypted. Does this mean traffic over these SSIDs is viewable if the connection isnt encrypted or does the encryption only stop anons accessing the SSIDs?

  16. #14

    Join Date
    Mar 2008
    Location
    Midlands
    Posts
    119
    Thank Post
    0
    Thanked 21 Times in 20 Posts
    Rep Power
    16
    I think you can use dynamic psk but I never got it working properly. The smoothwall WPA enterprise option may work soon with ruckus roles correctly, apparently it's a bug in how the MAC address is dealt with I think I saw a smoothwall kb article regarding this if/when it's fixed it may be the best solution.

  17. #15
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,778
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    88
    I would quite happily use the WPA enterprise with smoothwall but until the roles/auth settings in ruckus talk to smoothwall and vise versa then i wont be using it.

    The bug is everyone needs to be part of the default group which kinda defeats the point of having seperate SSIDs and roles as everyone can join the one SSID which is inpracticle. The smoothwall isnt talking back to AD to find iut what groups the user is in. Plus the ruckus policies and setup is far easier to manage and configure than the smoothwall, also is the first thing clients hit so im thinking why go furthrr down the line when yiu can stop it at the first connection.

    How is it a problem with MAC addresses?
    Last edited by timbo343; 1st September 2013 at 07:54 AM.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 9
    Last Post: 8th April 2009, 08:41 AM
  2. Replies: 1
    Last Post: 30th March 2009, 12:48 PM
  3. Possible Proxy Problem
    By Pear in forum *nix
    Replies: 6
    Last Post: 1st November 2005, 08:31 AM
  4. Intermitent problems with logging on
    By alexknight in forum Wireless Networks
    Replies: 27
    Last Post: 22nd August 2005, 04:01 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •