+ Post New Thread
Results 1 to 10 of 10
Wireless Networks Thread, Link Ruckus Auth to Lightspeed Auth in Technical; Hi all, I currently have wifi guest access set up using WPA2-PSK, password, then Ruckus guestpass, and then lightspeed Web ...
  1. #1
    HCC
    HCC is offline
    HCC's Avatar
    Join Date
    Jan 2009
    Location
    East Sussex
    Posts
    117
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    12

    Link Ruckus Auth to Lightspeed Auth

    Hi all,

    I currently have wifi guest access set up using WPA2-PSK, password, then Ruckus guestpass, and then lightspeed Web Auth via AD. I have Vlans, and transparent proxy in place and it generally works OK for guest devices
    Few annoyances:
    • It's annoying I can't tell lightspeed to forget all web logins at lesson ends, as even with the 55 min auth its is possible to have the wrong student in logs if the machine was turned on half way through a lesson.
    • In an ideal world I would like not to need the multiple systems of authentication.


    I'm aware Ruckus can do AD and RADIUS auth, the reason I used guestpass, is I like it auto-expiring access after a set amount of time, and it limits each student to one device. I don't see how I would achieve this otherwise but....
    If I used RADIUS or AD auth on the ruckus guest SSID, is there a way for Ruckus to pass the auth info along to the lightspeed rocket? The reason for this is that I have had to set the re-auth for students to 55mins (lesson duration) and they find this annoying throughout the day. We collect their MAC address but I can't see how to use this as a method of auth on light speed.

    Has anyone managed to get Ruckus AD/Radius auth to be passed on to lightspeed?


    P.S Has anyone found a way to save the Ruckus logs for what device connects where? Would be useful for when inclusion lose a laptop to know what AP it used last.

  2. #2
    Eappariello's Avatar
    Join Date
    Jan 2007
    Location
    London
    Posts
    72
    Thank Post
    41
    Thanked 16 Times in 14 Posts
    Rep Power
    18
    If you are on version 2.4> you can use radius Auth information from your Ruckus to transparently Auth to the rocket (802.1x). You basically setup the Wireless controller to point to the rocket as a secondary radius accounting server, the rocket will do the rest.

    In the meantime you could increase the authentication timeout and ask the students to manually logout using lsaccess.me/logout

  3. #3
    HCC
    HCC is offline
    HCC's Avatar
    Join Date
    Jan 2009
    Location
    East Sussex
    Posts
    117
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    12
    I have seen the radius option. My concerns with this are:

    Would Ruckus show who is logged in, on the ruckus dashboard using the radius info?
    Would it use Ruckus' auth page or lightspeeds? I'm assuming the ruckus one since this is presented first then passed to LS.
    Is there a way I could restrict this auth to a specific group, or the option of disabling specific users if there is a need. (without disabling their use of normal college computers\logon)
    Would RADIUS auth restrict logons to one device?
    LS is currently set to a 55min reauth. After this time would the lightspeed reauth page reappear or Ruckus'.

  4. #4
    Eappariello's Avatar
    Join Date
    Jan 2007
    Location
    London
    Posts
    72
    Thank Post
    41
    Thanked 16 Times in 14 Posts
    Rep Power
    18
    I can not comment on what will happen on the Ruckus, sorry.

    Yes the users would only Auth against the Ruckus Auth page / captive portal page.
    Not sure if you can restrict the Ruckus to only Auth against certain groups. For the lightspeed rocket you can restrict to a certain OU if that helps.
    The 55min Auth timeout is just for the lightspeed captive portal web authentication. If you use radius that will inform the rocket of new login and logout events so the timeout does not apply.

  5. #5

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,113
    Thank Post
    403
    Thanked 619 Times in 566 Posts
    Rep Power
    180
    Slightly related, if I may ask. Is there a recommended lifetime time to re-auth?

  6. #6
    Eappariello's Avatar
    Join Date
    Jan 2007
    Location
    London
    Posts
    72
    Thank Post
    41
    Thanked 16 Times in 14 Posts
    Rep Power
    18
    Quote Originally Posted by Edu-IT View Post
    Slightly related, if I may ask. Is there a recommended lifetime time to re-auth?
    Not really, it depends on what the school feel is acceptable for students etc to re Auth. Of course deployment can also make a difference in that a 121 deployment would just need to Auth once a day, perhaps BYOD the same.

    Also, don't forget the default Auth time is just that, you can specify different Auth times based on Users, User Groups, and User OU's, so for example Staff could be 12 hours and students 1 hour.

  7. #7

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,113
    Thank Post
    403
    Thanked 619 Times in 566 Posts
    Rep Power
    180
    Is there any benefit to re-auth'ing more often? What exactly is the purpose of re-auth'ing?

  8. #8
    Eappariello's Avatar
    Join Date
    Jan 2007
    Location
    London
    Posts
    72
    Thank Post
    41
    Thanked 16 Times in 14 Posts
    Rep Power
    18
    Quote Originally Posted by Edu-IT View Post
    Is there any benefit to re-auth'ing more often? What exactly is the purpose of re-auth'ing?
    Good question

    Its really needed for devices that are used by different students each lesson or at different times a day (A device cart for example). You would not want a student logged into a device another student will use next lesson as it will make the reporting inaccurate. So Authentication lifetimes are important from that perspective.
    If its a one2one environment the lifetimes can be much longer as devices do not pass from one student to another.

  9. #9

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,113
    Thank Post
    403
    Thanked 619 Times in 566 Posts
    Rep Power
    180
    Quote Originally Posted by Eappariello View Post
    Good question

    Its really needed for devices that are used by different students each lesson or at different times a day (A device cart for example). You would not want a student logged into a device another student will use next lesson as it will make the reporting inaccurate. So Authentication lifetimes are important from that perspective.
    If its a one2one environment the lifetimes can be much longer as devices do not pass from one student to another.
    That could always happen though unless you set auth to 1 minute, and I'm not sure that's wise. For example if you had a 20 minute auth time and a lesson ended at 10am, if a pupil logged in at 9.55am and another at 10.01am then the Rocket would still think it was the first user at 10.03am?

  10. #10
    HCC
    HCC is offline
    HCC's Avatar
    Join Date
    Jan 2009
    Location
    East Sussex
    Posts
    117
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    12
    I agree this is a trade off based on a best case scenario. I doubt that even if I give the students a big log off link that they would ever use it.
    We used to have smoothwall and the auth was done transparently without even needing an agent. Shame lightspeed doesn't offer the same but it's interface and ease of use is much better.

    There are a few things I miss from SW that lightspeed could easily implement to improve things:
    • Improve the auth (NTLM) so no need for agent.
    • Add a top 10 domains list with bandwidth to the dashboard
    • Add a new summary report that combines the most viewed domains, most bandwidth heavy users, popular searches and graphs in one report.
    • A report on duration specific users spend on sites would also be useful especially for staff Facebook access!

SHARE:
+ Post New Thread

Similar Threads

  1. Auth to AD
    By ful56_uk in forum Web Development
    Replies: 2
    Last Post: 8th January 2010, 08:24 PM
  2. Resetting D-Link DP-100 to factory default
    By laserblazer in forum How do you do....it?
    Replies: 6
    Last Post: 15th October 2008, 03:02 AM
  3. How to link a component to admin control quick link icons box
    By DirtySnipe in forum EduGeek Joomla 1.5 Package
    Replies: 1
    Last Post: 15th June 2008, 08:02 PM
  4. Replies: 3
    Last Post: 30th April 2007, 10:32 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •