+ Post New Thread
Results 1 to 14 of 14
Wireless Networks Thread, BYOD with Ruckus wireless in Technical; Hi Guys, In need of a bit of advice. We currently have a Ruckus wireless network and are wanting to ...
  1. #1

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    440
    Thank Post
    112
    Thanked 13 Times in 13 Posts
    Rep Power
    8

    BYOD with Ruckus wireless

    Hi Guys,

    In need of a bit of advice. We currently have a Ruckus wireless network and are wanting to start offering BYOD to 6th form. Is there a way to get the zonedirector to assign a specific range of IP's to BYOD devices? Our internet feed utilises an upstream proxy. Is WPAD the only way to configure automatic proxy settings on the devices?

    Any tips or advice from people who have set it up with Ruckus would be greatly appreciated.

    Thanks

  2. #2

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,656
    Thank Post
    324
    Thanked 506 Times in 474 Posts
    Rep Power
    177
    Unless it's changed recently I thought the ZoneDirector never gives the IPs out, it just routes them via the gateway/internet etc. (Well they have a very small DHCP server builtin but thats generally for testing/small networks)

    If you are using the guest access it'll just do a layer filter between the local subnet and gateway etc for the guest side.

    If you're looking to roll that out larger you'd probably be better off at looking to tag the SSID to it's own VLAN and do the DHCP based on that.

    Steve

  3. #3
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87
    Are you able to setup VLANs on your network and what filtering device are you using?

  4. #4

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    440
    Thank Post
    112
    Thanked 13 Times in 13 Posts
    Rep Power
    8
    We can do VLAN's but never done them before. Currently looking into it.

    Basically our aim is that a guest can bring in a laptop or ipad and connect to our guest SSID, enter the passcode and they are on (the proxy is automatically configured). Would love if they could also authenticate via AD. We are using a council developed system but currently looking into alternatives.

    Saw this old forum RUCKUS help - Guest access & the internet via Proxy saying the auto proxy was down as a feature request but could find anything to say it had been implemented.

    Cheers

  5. #5
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    Yorkshire
    Posts
    707
    Thank Post
    71
    Thanked 145 Times in 116 Posts
    Rep Power
    58
    We've done this by creating vlans. The ruckus controller can tag all packets on a specific SSID with a specific VLAN, or using radius, you can have it dynamically assign a vlan to your clients devices. You can then add access lists on the ruckus controller and be reasonably confident that your BYOD traffic is separate to your wired traffic.

    IP's will still need to be served by your DHCP server - the ruckus kit can't help here.

    Proxies are a different matter.

    Ruckus have implemented a system to hand out a WPAD file. It can either be hosted on the controller, or a web server. However it can only have one WPAD file for all the SSIDs (unless that has changed very recently?).

    Unfortunately, WPAD is not a silver bullet. iOS devices wont use it, Android devices wont use it and I couldn't get them running with OSX if memory serves. Windows machines do like WPAD though (as long as automatically detect settings is enabled in the internet lan settings).

    When we had an LEA proxy to deal with, we ended up using a combination of Pac files for OSX/iOS devices, WPAD for Windows and manual proxy settings for Android.

    So what's left - transparent proxy sounds good? But sadly it's not that straight forward either.

    Happy to answer any questions about our journey with ruckus and porixes. You might find some more useful info on my blog... WPAD | IrritableTech

  6. #6

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    440
    Thank Post
    112
    Thanked 13 Times in 13 Posts
    Rep Power
    8
    Trying to get my head around the vlan setup seems every time I try I just succeed in cutting off my poe switch.

    Any advice?

    I'm setting up two vlans ID 100 = curriculum, ID 110 = Guest. I have set the vlans up on the core switch and Poe switch. Tag the uplink at both ends (1 in core and 1 in Poe with ID's 100 an 110. And the port on the core switch where the zone director goes in as 100 and 110 and nothing else on the switches. Set my curriculum ssid to VLAN 100 in the advanced settings and set the guest ssid to 110.

    This just results in me loosing connection to the Poe until I move the uplink connection to a different port. They are all HP switches. Any ideas?

    Cheers

  7. #7
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87
    What are you using to give out dhcp addresses?

    Are you able to post the configs of the switches?
    Last edited by timbo343; 27th November 2013 at 07:49 PM.

  8. #8

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    440
    Thank Post
    112
    Thanked 13 Times in 13 Posts
    Rep Power
    8
    DHCP is being given out by our DC (Server 2008 R2)

    I'll have a look for the configs tomorrow. Not sure where they are :P First time messing around on the switches.

  9. #9

    Join Date
    Feb 2013
    Posts
    118
    Thank Post
    46
    Thanked 8 Times in 7 Posts
    Rep Power
    4
    I had issues trying to take the default VLAN away from 1. I ended up leaving the default VLAN as 1 across the entire system, and had that VLAN host the curriculum network. From there I could bolt on new VLANs successfully. Now my guest VLAN links to the gateway router via its own router that also acts as the DHCP server for the guest network (Dual NAT). Runs OK.

  10. #10

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    440
    Thank Post
    112
    Thanked 13 Times in 13 Posts
    Rep Power
    8
    Think i'm having one of those days! Can't even get a basic guest ssid with guest pass to work. Goes ok accept the AUP and comes up saying you have been connected then i can't click continue

    Just need something where a student can bring a device in, someway of them authenticating be it AD (Limited year groups) or guest pass issued by a member of staff and then they are on for a predetermined set of time. Sounds easy .........

  11. #11
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    Yorkshire
    Posts
    707
    Thank Post
    71
    Thanked 145 Times in 116 Posts
    Rep Power
    58
    Have you checked your guest access list? By default it blocks the standard internal ip ranges.

    Our guest SSID is used to give access to guests with a pass issued by us. Our BYOD SSIDs are standard SSIDs with dynamic pre shared keys and custom access lists applied.

  12. #12

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    440
    Thank Post
    112
    Thanked 13 Times in 13 Posts
    Rep Power
    8
    Quote Originally Posted by IrritableTech View Post
    Have you checked your guest access list? By default it blocks the standard internal ip ranges.

    Our guest SSID is used to give access to guests with a pass issued by us. Our BYOD SSIDs are standard SSIDs with dynamic pre shared keys and custom access lists applied.
    When i click on Access Control i have no entries at all. Is this where i may need to add something? Should it have a different VLAN ID to my standard SSID?

    Thanks

  13. #13
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    Yorkshire
    Posts
    707
    Thank Post
    71
    Thanked 145 Times in 116 Posts
    Rep Power
    58
    It's slightly confusing but there are two access lists options for your guest SSID. There are the standard access lists and another found in - Configure - Guest Access - Restricted Subnet Access.

    As long as all your switches are tagged correctly then you should assign the guest vlan tag within the advanced options of your guest SSID.
    Last edited by IrritableTech; 28th November 2013 at 02:39 PM.

  14. #14

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    440
    Thank Post
    112
    Thanked 13 Times in 13 Posts
    Rep Power
    8
    So would i be right in thinking:

    VLAN 1 (Default) - use this for computers and school owned wifi.
    VLAN 2 (Guest) - Use this for guests coming into the school needing wifi
    VLAN 3 (BYOD) - Use this with students BYOD devices

    I have AP's going into a POE switch then uplink from this to core switch (Port 2).
    I have my zone director going into port 1 on the core switch.

    tag each of the AP ports on the POE 1,2,3 and the uplink from the POE and port 2 on my core switch 1,2,3. Also tag port 1 on the core switch (ZD) 1,2,3?

    I was thinking of using the open source smoothwall to act as DHCP on the Guest and BYOD VLANS. Two NIC's going into the core switch.

    When i create the VLANS is it just a case of create VLAN on the core switch and each of my POE switches? E.g. Create VLAN, give it an ID and a name (same on all the switches)

    Cheers

SHARE:
+ Post New Thread

Similar Threads

  1. BYOD with Ruckus and Smoothwall
    By denon101 in forum Wireless Networks
    Replies: 6
    Last Post: 17th January 2013, 10:57 AM
  2. How to BYOD with Ruckus Wireless
    By Net-Ctrl in forum Recommended Suppliers
    Replies: 5
    Last Post: 7th December 2012, 09:14 PM
  3. User Guide to Simplifying BYOD with Ruckus
    By Net-Ctrl in forum Recommended Suppliers
    Replies: 2
    Last Post: 6th December 2012, 11:50 PM
  4. BYOD with Ruckus
    By CPLTD in forum Our Advertisers
    Replies: 2
    Last Post: 10th August 2012, 10:45 AM
  5. Thinking about going with Ruckus wireless but....
    By mharig in forum Wireless Networks
    Replies: 1
    Last Post: 19th May 2011, 02:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •