Ruckus - two BYOD WLANs
Our school has a Ruckus system. At present we cater for BYOD by having an activation WLAN where users authenticate, then they are directed to our BYOD WLAN. Their traffic is sent through the controller to a Smoothwall box on a BYOD VLAN, which passes traffic transparently through our student level proxy filter and out to the Internet. This box also dishes out separate IP addresses for BYOD.
This level of filter is too restrictive for staff so I have been asked to set up a second BYOD WLAN which does the same thing but passes traffic transparently through our staff level proxy.
I believe I can get the Ruckus controller to differentiate staff and student users via group membership, but I'm not sure how I get the staff users to use a separate proxy on our BYOD VLAN, though I'm now at the point where I'm over thinking it!
Any advice would be welcome...
Best way is to create an new VLAN and create a new WLAN Called Staff BOYD and allow that address range different filtering on your firewall.
Yes you can also use AD groups on the controller to allow only staff to use that new WLAN.
Hope this helps.
If you want to keep your amount of broadcasted SSID's down and are using a Windows server, You can use Dynamic VLAN Assignment.
You will need to create another VLAN and tag it on the appropriate ports etc. e.g BYOD_Staff vid=10 BYOD_Students vid=20
VLAN Attributes Used in Network Policy -> NPS Side Attirbutes you will need to configure
http://a030f85c1e25003d7609-b98377ae...accounting.pdf -> Ruckus Side configuration and Vendor Specific Attributes
However there is also a ruckus document with the required Vendor Specific attributes you will need to configure.
Basically you want to pass on if they are a student or a staff member to NPS then have it pass back the VLAN assignment based on which group they are in.
You can get the Smoothwall to do this. Have 1 BYOD SSID, that VLAN redirects you to the Smoothwall login page. They login and are filtered based on the type of user account used.
We have one guest for both student and staff.
We set ruckus to auth via wpa enterprise from the smoothwall box which then filters from ad groups. Thus having the same filtering on both guest & network side.
Also you can monitor what they are going on. :)
Originally Posted by rob_coles