+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 25
Wireless Networks Thread, RUCKUS help - Guest access & the internet via Proxy in Technical; Hi guys Trying to setup a guest only wlan on my Ruckus kit so that guest clients can access the ...
  1. #1
    jamin100's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham
    Posts
    1,035
    Thank Post
    140
    Thanked 98 Times in 78 Posts
    Rep Power
    32

    RUCKUS help - Guest access & the internet via Proxy

    Hi guys

    Trying to setup a guest only wlan on my Ruckus kit so that guest clients can access the Internet but not the internal network.

    I have the guest lan setup ok and clients can connect fine. The problem comes when they try to go on the Internet.

    Our internet comes through a proxy, now because Ruckus doesnt allow the guest network access to the internal network the guest clients cannot see the proxy and therefore cannot get onto the Internet.

    Is there anyway around this?
    Can I add an exception to allow the guest wlan access to just the proxy server?

    Currently have net-ctrl looking into it for me, but i thought i'd post here to see if anyone had got round this somehow

    ta . . .

  2. #2
    jamin100's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham
    Posts
    1,035
    Thank Post
    140
    Thanked 98 Times in 78 Posts
    Rep Power
    32
    UPDATE:

    Sorted within the hour by Net-Ctrl
    Just needed a firmware flash after which i could set the layer 3,4 ACL's better

    Nice one guys!

  3. 2 Thanks to jamin100:

    MarkPower (18th May 2009), stevenlong1985 (30th September 2009)

  4. #3

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    284
    Thank Post
    16
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Hi,

    I've just had installed a Ruckus Wireless network and wish to setup the exact same thing, I have an SSID which has encryption setup for which the staff will connect to to access the school network etc, I also wish to have a "Guest/Student" style SSID which will allow only access to the Internet which goes out thr a proxy server, ideally for students, instead of having to enter a "Guess Pass" could they enter there AD Username and Password to get onto the internet, this will mainly be 6th Form Students bringing in their own personal laptops to access the Internet when in the 6th Form Study Room/Common Room.

    How would I go about setting this up, we are running the very latest Firmware Version, 8.0.1.0.15 (I think) Do you have any step by step guides you used please?

    Thanks

    Matt

  5. #4
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33
    Quote Originally Posted by mattpant View Post
    Hi,

    I also wish to have a "Guest/Student" style SSID which will allow only access to the Internet which goes out through a proxy server, ideally for students, instead of having to enter a "Guess Pass" could they enter there AD Username and Password to get onto the internet, this will mainly be 6th Form Students bringing in their own personal laptops to access the Internet when in the 6th Form Study Room/Common Room.
    You can do this, but I've not found a way that you can do it and also have it as a secure network, other than making the user enter a WPA key as well *before* entering their AD username and password into the captive portal. That gets a bit painful when they need to enter:

    WPA Key
    AD Username (for captive portal)
    AD Password (for captive portal)
    Proxy settings in IE
    AD Username (to auth to the proxy)
    AD Password (to auth to the proxy)

    I think in the short term I'm going to cut out the captive portal bit, because someone stealing access to the wireless - which will require the WPA key anyway - will also need an AD account to do anything... the L3/L4/IP ACL means they can only do DHCP, DNS and proxy.

    I think it's possible to use the zero-it config stuff to redirect users from the captive portal to a WPA2-encrypted WLAN with a PSK unique to their MAC, but I've not tackled that just yet.
    Last edited by sahmeepee; 20th August 2009 at 07:49 AM.

  6. #5

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    284
    Thank Post
    16
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Ok,

    Say I just setup a "Guest" WLAN for Students (and Visitors) where we generate pass codes out for them, is there away in which the RUCKUS ZoneDirector can automatically push out the proxy settings forr Internet Access to the students/visitors laptop? Also, how do we make sure they only get Internet access and not access to our school network/file servers etc, can they be given a totally different IP Address/Range?

    I can't find any info on setting this sceniro up in any support documents etc.

    Thanks

    Matt

  7. #6
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33
    Quote Originally Posted by mattpant View Post
    Ok,
    Is there away in which the RUCKUS ZoneDirector can automatically push out the proxy settings forr Internet Access to the students/visitors laptop?
    I'm pretty sure there's not, but I have made a feature request to Ruckus. Possibly you can make them redirect to a page with instructions or a batch file/script to download. Not tried it yet. Alternatively you could distribute the batch file via some other means and they could copy it on using a pen drive (not a very sexy solution though)

    Quote Originally Posted by mattpant View Post
    Also, how do we make sure they only get Internet access and not access to our school network/file servers etc, can they be given a totally different IP Address/Range?
    First off you will need to make sure you are on the latest firmware. I suspect most ZDs are shipped with out of date firmware on them. Version 7.x doesn't have the L3/L4/IP filter options at all.

    Then you can set up L3/L4/IP filters to only allow access to specific ports on specific servers. You can achieve the config above by only allowing access to specific ports on your DHCP, DNS and proxy servers.

  8. #7

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    284
    Thank Post
    16
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Quote Originally Posted by jamin100 View Post
    UPDATE:

    Sorted within the hour by Net-Ctrl
    Just needed a firmware flash after which i could set the layer 3,4 ACL's better

    Nice one guys!
    Hi "Jamin100" or anybody else that can help!!!

    How did you manage to do this, do you have a "Step By Step" guide? Do you have to get your clients to manually enter the Proxy server into their web browser when they connect to your Guest Access WLAN or does the internet just work going thr the Proxy once connected to the Guest VLAN without any config changes.

    I'm trying to get this setup for our 6th Form Students when they bring their laptops in, but Ideally without having to manually enter any settings.

    Thanks

    Matt

    PS> I am running the latest firmware which allows you to enter the ACLS etc

  9. #8

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    284
    Thank Post
    16
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Anyone???

    Thanks

    Matt

  10. #9

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    284
    Thank Post
    16
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    No, not yet i thought that Edugeek may hold the answer to the question first as it seems the majority of users are running the Ruckus system,

    I've tried the Ruckus support forums but seem to be less users on there then there are on here!

    Cheers

    Matt

  11. #10
    jamin100's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham
    Posts
    1,035
    Thank Post
    140
    Thanked 98 Times in 78 Posts
    Rep Power
    32
    Hi Matt,

    Sorry, didnt notice this thread again.

    ok,

    I have setup 2 wlans. One the main school network and then a second "guest" network which just provides access to the internet.

    In the Configure > Guest access tab about half way down there is a section called Restricted Subnet Access.

    Here you can block and allow access to different IP's.

    So i've added an entry and entered the IP and subnet mask of my proxy server and set that to allow.

    I've also entered the IP's of my servers and set those to deny.

    I did however have to configure the guest clients to access the proxy settings in Internet Explorer.

    Hope this helps

    Ben

  12. #11
    dirtydog's Avatar
    Join Date
    Sep 2008
    Posts
    301
    Thank Post
    47
    Thanked 29 Times in 16 Posts
    Rep Power
    23
    We are in the same position... I need a guest network set with proxy settings set automatically if thats possible? I can set an alternative proxy with no AD authentication to avoid that problem.

  13. #12

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    284
    Thank Post
    16
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Hi Ben,

    Thanks for the reply, ahh I too can setup the system to access the proxy server using the guest access as you have mentioned, but I really don't want to have to configure the Proxy Settings manually, just all seems a bit messy, I know other rivals to Ruckus do have a feature which pushes out the Proxy settings when connected to the Guest Access system.

    I have spoken to Ruckus and they have said "We have an open feature request to auto-configure client’s browser proxy settings, but this is not yet committed for release. I will add your use case to the feature request."

    Hopefully one day soon we will see this feature.

    Cheers

    Matt

  14. #13
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33
    Quote Originally Posted by mattpant View Post

    I have spoken to Ruckus and they have said "We have an open feature request to auto-configure client’s browser proxy settings, but this is not yet committed for release. I will add your use case to the feature request."
    Ha! I made that feature request on one of their blog postings! It was only about a month ago, so they've not had much time to act on it yet. Fingers crossed!

  15. Thanks to sahmeepee from:

    mattpant (1st October 2009)

  16. #14

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    284
    Thank Post
    16
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Nice one,

    Thanks, hopefully we will see it featured in the not so distant future! It would also be nice to see it assigning Guest PCs with a totally different IP Range, whilst still allowing access to the proxy, I know with the ACLs in place it can be setup so not to see any other devices on the network, but I like the idea of not having the same IP Address Range.

    Cheers

    Matt

  17. #15
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33
    Quote Originally Posted by mattpant View Post
    Nice one,

    Thanks, hopefully we will see it featured in the not so distant future! It would also be nice to see it assigning Guest PCs with a totally different IP Range, whilst still allowing access to the proxy, I know with the ACLs in place it can be setup so not to see any other devices on the network, but I like the idea of not having the same IP Address Range.
    I couldn't agree more! I don't like having my DHCP scope cluttered up with unmanaged laptops, especially as I currently get an alert when any new leases are given out and it's going to be difficult to tell the difference between PCs plugged into a wall socket and PCs getting a lease through DHCP.

    Presumably it could be done with a separate router, but it would be neater if it was handled by the ZoneDirector/APs

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Net-Ctrl & Ruckus at Wireless 09
    By MarkPower in forum Our Advertisers
    Replies: 1
    Last Post: 18th May 2009, 09:42 AM
  2. Ruckus Access point
    By Potato-Peeler in forum Wireless Networks
    Replies: 4
    Last Post: 6th May 2009, 02:14 PM
  3. Wireless Guest Access
    By steveo2000 in forum Internet Related/Filtering/Firewall
    Replies: 9
    Last Post: 19th March 2009, 06:41 PM
  4. Ruckus In Devon & Dorset
    By MarkPower in forum Recommended Suppliers
    Replies: 1
    Last Post: 3rd December 2008, 10:08 PM
  5. VLAN for guest internet access
    By plexer in forum How do you do....it?
    Replies: 3
    Last Post: 17th December 2007, 12:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •