+ Post New Thread
Results 1 to 6 of 6
Wireless Networks Thread, Ruckus access and proxy server in Technical; Has anyone out here successfully got their Ruckus system set up to allow student access from their own devices (laptops,iphones ...
  1. #1

    Join Date
    Mar 2007
    Posts
    421
    Thank Post
    14
    Thanked 16 Times in 10 Posts
    Rep Power
    19

    Ruckus access and proxy server

    Has anyone out here successfully got their Ruckus system set up to allow student access from their own devices (laptops,iphones etc) so they authenticate using their own AD credentials?

    Currently we have WPA2/TKIP authentication using RADIUS for domain PCs and laptops and this is working fine. But I want to allow student the ability to use the internet from their own devices, but authenticating as themselves and only having access to the web proxy.

    I've tried a few ways and it doesn't seem to work as expected. I've also tried setting up guest access (with a pass) and this works, but theres no way of setting the web proxy address (apart from telling the user to configure it manually)

  2. #2
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42
    You could configure WPA2/AES and RADIUS to do what you want. There is a guide on here somewhere.

    With regards to proxy, maybe wpad?

    Automatic Discovery for Firewall and Web Proxy Clients

    This may not work with all devices tho.

    Dont grant access to kid here to save bandwidth.

  3. #3

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,684
    Thank Post
    516
    Thanked 2,453 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    Personally, I'd do all the authentication stuff on the proxy myself. Set up a VLAN for the wireless network, create a wireless network in ruckus that uses that vlan. Have the DHCP server for that VLAN set the gateway as the proxy server and then using the proxy server, have it handle the authentication via some form of web form. I know Forefront can handle this, and I'd guess Smoothwall can too.

  4. #4

    Join Date
    Mar 2007
    Posts
    421
    Thank Post
    14
    Thanked 16 Times in 10 Posts
    Rep Power
    19
    Cheers for the ideas - Its Forefront I'd be using and I was wanting to limit it to specific user groups (ie Sixth Form initially). What I was trying to avoid is DHCP filling up with all sorts of devices, therefore authentication at the wireless side would limit that to those who are going to use it. If authentication is only at the proxy side, the vlan's dhcp will be full of entries for everyones phone/ipad/coffee machine!

    I was trying to avoid vlans due to the mixture of kit we have - everything is split into subnets at the core switch but I've avoided vlans as the various switches around the place have varying capabilities.

  5. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,684
    Thank Post
    516
    Thanked 2,453 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    Quote Originally Posted by GoldenWonder View Post
    Cheers for the ideas - Its Forefront I'd be using and I was wanting to limit it to specific user groups (ie Sixth Form initially). What I was trying to avoid is DHCP filling up with all sorts of devices, therefore authentication at the wireless side would limit that to those who are going to use it. If authentication is only at the proxy side, the vlan's dhcp will be full of entries for everyones phone/ipad/coffee machine!

    I was trying to avoid vlans due to the mixture of kit we have - everything is split into subnets at the core switch but I've avoided vlans as the various switches around the place have varying capabilities.
    You're not going to have much luck trying to do any form of segregation without VLANS, as there would be no way to stop those clients accessing the servers.

    Also, regarding IPs in DHCP, why would this be an issue? Have a short enough lease time, and those which don't use their address will be released quickly anyway.

    You'd be able to limit to specific groups via active directory group memberships in Forefront.

  6. #6

    Join Date
    Mar 2007
    Posts
    421
    Thank Post
    14
    Thanked 16 Times in 10 Posts
    Rep Power
    19
    Yeah I guess I'll have to bite the bullet and start looking at replacing switches as well!

SHARE:
+ Post New Thread

Similar Threads

  1. RUCKUS help - Guest access & the internet via Proxy
    By jamin100 in forum Wireless Networks
    Replies: 24
    Last Post: 15th March 2012, 09:21 AM
  2. Ruckus SSID query - timed access
    By TheFopp in forum Wireless Networks
    Replies: 4
    Last Post: 17th September 2010, 03:17 PM
  3. Ruckus access control
    By cookie_monster in forum Wireless Networks
    Replies: 3
    Last Post: 23rd April 2010, 03:14 PM
  4. Quote for Ruckus Access Point
    By TechSupp in forum Our Advertisers
    Replies: 1
    Last Post: 10th February 2010, 10:55 AM
  5. Ruckus Access point
    By Potato-Peeler in forum Wireless Networks
    Replies: 4
    Last Post: 6th May 2009, 02:14 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •