Wireless Networks Thread, Ruckus access and proxy server in Technical; Has anyone out here successfully got their Ruckus system set up to allow student access from their own devices (laptops,iphones ...
3rd November 2010, 02:33 PM #1
- Rep Power
Ruckus access and proxy server
Has anyone out here successfully got their Ruckus system set up to allow student access from their own devices (laptops,iphones etc) so they authenticate using their own AD credentials?
Currently we have WPA2/TKIP authentication using RADIUS for domain PCs and laptops and this is working fine. But I want to allow student the ability to use the internet from their own devices, but authenticating as themselves and only having access to the web proxy.
I've tried a few ways and it doesn't seem to work as expected. I've also tried setting up guest access (with a pass) and this works, but theres no way of setting the web proxy address (apart from telling the user to configure it manually)
3rd November 2010, 02:47 PM #2
You could configure WPA2/AES and RADIUS to do what you want. There is a guide on here somewhere.
With regards to proxy, maybe wpad?
Automatic Discovery for Firewall and Web Proxy Clients
This may not work with all devices tho.
Dont grant access to kid here to save bandwidth.
3rd November 2010, 02:53 PM #3
Personally, I'd do all the authentication stuff on the proxy myself. Set up a VLAN for the wireless network, create a wireless network in ruckus that uses that vlan. Have the DHCP server for that VLAN set the gateway as the proxy server and then using the proxy server, have it handle the authentication via some form of web form. I know Forefront can handle this, and I'd guess Smoothwall can too.
3rd November 2010, 04:03 PM #4
- Rep Power
Cheers for the ideas - Its Forefront I'd be using and I was wanting to limit it to specific user groups (ie Sixth Form initially). What I was trying to avoid is DHCP filling up with all sorts of devices, therefore authentication at the wireless side would limit that to those who are going to use it. If authentication is only at the proxy side, the vlan's dhcp will be full of entries for everyones phone/ipad/coffee machine!
I was trying to avoid vlans due to the mixture of kit we have - everything is split into subnets at the core switch but I've avoided vlans as the various switches around the place have varying capabilities.
3rd November 2010, 04:07 PM #5
You're not going to have much luck trying to do any form of segregation without VLANS, as there would be no way to stop those clients accessing the servers.
Originally Posted by GoldenWonder
Also, regarding IPs in DHCP, why would this be an issue? Have a short enough lease time, and those which don't use their address will be released quickly anyway.
You'd be able to limit to specific groups via active directory group memberships in Forefront.
3rd November 2010, 04:25 PM #6
- Rep Power
Yeah I guess I'll have to bite the bullet and start looking at replacing switches as well!
By jamin100 in forum Wireless Networks
Last Post: 15th March 2012, 09:21 AM
By TheFopp in forum Wireless Networks
Last Post: 17th September 2010, 03:17 PM
By cookie_monster in forum Wireless Networks
Last Post: 23rd April 2010, 03:14 PM
By TechSupp in forum Our Advertisers
Last Post: 10th February 2010, 10:55 AM
By Potato-Peeler in forum Wireless Networks
Last Post: 6th May 2009, 02:14 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)