Ruckus Virtual SmartZone

From Social ID Developers
Jump to: navigation, search

The following guide was created using a Ruckus wireless network with the following components:

  • Controller: Ruckus Virtual SmartZone
  • Controller System Version: 3.2.1.0.163
  • AP: Ruckus ZoneFlex R310
  • AP Firmware: 3.2.0.0.593

Contents

Configuring the RADIUS server

Configure the CoffeeBean RADIUS server by creating a new AAA Server.

Go to "Configuration > Wireless Network > AAA Servers > Proxy AAA".

RADIUS Authentication

For "Authenticaton Service", click in the "Create New" link and fill the name, such as "AAA-SOCIAL-ID":

RuckusSZ AAA policy.png

Then fill the following info:

  • Service Protocol: RADIUS
  • IP Address: the primary RADIUS server IP according to your environment/region
  • Port: 1812
  • Shared Secret: the provided RADIUS client secret
  • Confirm Secret: the provided RADIUS client secret
  • Backup RADIUS: check "Enable Secondary Server"
  • IP Address: the secondary RADIUS server IP according to your environment/region
  • Port: 1812
  • Shared Secret: the provided RADIUS client secret
  • Confirm Secret: the provided RADIUS client secret

RADIUS Accounting

For "Accounting Service", click in the "Create New" link and fill the name, such as "AAA-SOCIAL-ID-ACCT":

RuckusSZ RADIUS Accounting.png

Then fill the following info:

  • IP Address: the primary RADIUS server IP according to your environment/region
  • Port: 1813
  • Shared Secret: the provided RADIUS client secret
  • Confirm Secret: the provided RADIUS client secret
  • Backup RADIUS: check "Enable Secondary Server"
  • IP Address: the secondary RADIUS server IP according to your environment/region
  • Port: 1813
  • Shared Secret: the provided RADIUS client secret
  • Confirm Secret: the provided RADIUS client secret

PAP/CHAP Support

You can change PAP/CHAP support accessing AP CLI and running:

 set aaa auth-method pap|chap

It is a global setting for all WebAuth WLANs on the AP. The default is CHAP.

Configuring the Hotspot (WISPr)

Go to "Configuration > Wireless Network > Hotspot (WISPr)", click in the "Create New" link and fill the Portal Name, such as "CP-SOCIAL-ID":

RuckusSZ Hotspot.png

Then fill the following info on "Redirection" section:

  • Logon URL: select "External" and fill the "Redirect unauthenticated user to the URL for authentication" with the provided captive portal login URL
  • Start Page: select "Redirect to the following URL:" and fill the provided captive portal start URL

You can also adjust the "Session Timeout" and "Grace Period" according to your specifications.

Walled Garden

Allow CoffeeBean Platform URLs and social network URLs by configuring the Hotspot Walled Garden destinations.

Add the entries according to Walled Garden for the Social Login URLs:

RuckusSZ Walled Garden.png

Configuring the WLAN

Now you need to create a Wireless LAN with the Hotspot (WISPr) previously created.

Go to "Configuration > Wireless Network > WLANs", click in the "Create New" WLAN Configuration and fill the Name and SSID, such as "WLAN-SOCIAL-ID":

RuckusSZ WLAN.png

Then fill the following info:

  • WLAN Usage > Authentication Type: Hotspot (WISPr)
  • Authentication Options > Method: Open
  • Encryption Options > Method: None
  • Hotspot Portal > Hotspot (WISPr) Portal: the previously Hotspot (WISPr) created (e.g.: "CP-SOCIAL-ID")
  • Hotspot Portal > Authentication Server: check the "Use the Controller as Proxy" and select the previously RADIUS Authentication Server created (e.g.: "AAA-SOCIAL-ID")
  • Hotspot Portal > Accounting Server: check the "Use the Controller as Proxy" and select the previously RADIUS Accounting Server created (e.g.: "AAA-SOCIAL-ID-ACCT")

RuckusSZ WLAN Hotspot.png

WLAN Group

You need to associate the previously WLAN with a WLAN Group.

Probably you already have a "Default" one, but you can also create a new one and associate the previously WLAN as a "Member":

RuckusSZ WLAN Group.png

Configuring the Access Points

You need to associate the WLAN Group previously created/configured to your Access Points.

Go to "Configuration > Wireless Network > APs" and check "AP Groups" section.

Click in the "Create New" AP Group and fill the Name, such as "APG-SOCIAL-ID":

RuckusSZ AP Group.png

Add the Access Points to the group:

RuckusSZ AP Group Members.png

Then assign the previously WLAN Group by overriding the configuration:

RuckusSZ AP Group WLAN.png

If you prefer, you can also override the WLAN Group for each AP individually.

Disable MAC Address Encryption

The client MAC address is encrypted by default on Ruckus SmartZone. To perform authentication flows you'll need to disable MAC address encryption.

Log in your Ruckus CLI using privileged credentials and run the following commands:

1. Enter in the config mode:

 # config

2. Check if MAC encryption is enabled:

 (config)# do show running-config encrypt-mac-ip
 Encryption MAC and IP: Enabled

3. If encryption is "Enabled", you can run the following command:

 (config)# no encrypt-mac-ip
 Do you want to continue to disable (or input 'no' to cancel)? [yes/no] yes
 Successful operation
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox