Finally got provisioning hotspot auto config working by rolling back the firmware to 9.5. Need to see now if 9.6 supports the auto config, im sure it does, but maybe i was just missing something.
Ruckus' DPSK and Zero-IT config are working well for me. Credentials are passed and are encrypted (HTTPS) and authentication is handled via WPA2 and a PSK. Not sure what issue you are really facing here.
Yes, the provisioning/activation SSID has to be forgotten. This is not an issue with the Ruckus system, but rather the device OS. Devices will tend to remember any SSID they connect to and especially connect to open SSIDs like the Zero-IT/Activation one you use for a Ruckus deployment. Forget it and the device connects just fine to the requisite SSID.
Android phones are a pain simply for two reasons: Androids by default won't accept apps that are not from the Android market so this has to be turned off in the settings, and second; the OS is so fragmented each and every device handles the provisioning file so differently - I end up copying and pasting the DPSK into the device manually quite a lot.
I'm finding if I enable zero-IT and Web Captive/Portal it never provides access to the portal/zero-it and only asks for a wifi password. I'm on firmware 9.6. It seems this only works on 9.5? I would like to get this work if possible so I can use DPSK rather than having the BYOD network open with Captive Portal. @Distinove @timbo123 what firmware are you using?
I am using the latest version of 9.5 as i downgraded from 9.6. I have an S4 and 9.5 works with that. Once the phone connects to the provisioning SSID it gets a DHCP address from the domain. The apk downloads to the phone and installs wifiautoconfig4.1. Just remember to run this once installed as this will automatically change the SSID on the phone. Sometimes i had to forget the provisioning network so it would autoconnect to the correct network. I have reverted back to an open network and they authenticate via AD with a AD group. This way our DHCP addresses aren't taken up with random devices and keeps everything separate.
I have a smoothwall and I just wish that it would work correctly as a radius server. If ruckus is configured to use the smoothwall as a radius server, the roles don't work so everyone is set as default which i am waiting to get fixed from smoothwall. This means that i cannot restrict only staff and Post16 to use the wireless.
We have ruckus setup here with a provisioning wlan and separate SSIDs for pupils, sixth form and staff which are also in separate VLANS. We don't use smoothwall but have set our filter to filter the traffic based on IP address. Therefore a user logged into the sixth form wlan - vlan - ip range gets sixth form level filtering without authenticating to our filter. Our filter doesn't know who the devices belong to - but our ruckus controller does, and the logs are sent to a syslog server so they can be cross referenced if any issues arise.
You are correct about the auto network jumping. It works quite well on Macs and iOS devices, but not at all on others. We don't use the prov.apk on android because different browsers deal with the file differently and users need to have 'third party app stores' allowed in their security settings. It was all too complicated so we just tell android users to click the manually set up your connection link on the ruckus portal, copy their unique key, and connect to the correct wlan and paste the key in.
To restrict pupils from utilizing the BYOD facility, we only allow users with the AD security group BYOD_Pupils to access the pupils SSID using ruckus groups. We then assign users rights in AD by adding them to the group.
We're on 9.5... I'll leave it a bit before upgrading.
I'm not far from you @timbo343 if you want to pop down and see how ours is working for us?
AliG: There should be no password on your activation/hotspot SSID. Options here are set to Open/None for Authentication and Encryption.
I am running 184.108.40.206 build 267