Ruckus (SmartZone managed)

  • Updated
IMPORTANT: Please ensure you are running SmartZone v3.0 or above in order to continue.

 

Start by logging into your SmartZone web interface.

Step 1 - Authentication

Click Services & Profiles > Authentication on the left. Click the Proxy (SZ Authenticator) tab then Create and configure with:

Name
Guest WiFi
Service Protocol
RADIUS
Primary Server IP Address
*insert radius_server_ip here*
Port
1812
Shared Secret
*insert radius_secret here*
Confirm Secret
as above
Backup RADIUS
Enable Secondary Server
Secondary Server IP Address
*insert radius_server2_ip here*
Port
1812
Shared Secret
*insert radius_secret here*
Confirm Secret
as above

Click OK to save. Next, click Accounting on the left. Click the Proxy tab then Create and configure with:

Name
Guest WiFi Acct
Primary Server IP Address
*insert radius_server_ip here*
Port
1813
Shared Secret
*insert radius_secret here*
Confirm Secret
as above
Backup RADIUS
Enable Secondary Server
Secondary Server IP Address
*insert radius_server2_ip here*
Port
1813
Shared Secret
*insert radius_secret here*
Confirm Secret
as above

Click OK to save.

Step 2 - Hotspot

Click Hotspots & Portals on the left. Click the Hotspot (WISPr) tab then Create and configure with:

Portal Name
Guest Wi-Fi
Smart Client Support
None
Login URL
External
Redirect unauthenticated users to (Primary)
*insert access_url here*
Redirected MAC Format
AA-BB-CC-DD-EE-FF
HTTPS Redirect
ON
Start Page - Redirect to the following URL
*insert redirect_url here*
Walled Garden

Add the required domains one by one. Please refer to this list.

 

Click OK to save.

Step 3 - Wireless LAN

Click Wireless LANs on the left, then click Create. Configure with:

Under General Options:

Name
Guest Wi-Fi
SSID
Guest Wi-Fi (or whatever you wish)
Zone
Select a zone
WLAN Group
Select a group (or default)

Under Authentication Options:

Authentication Type
Hotspot (WISPr)
Method
Open

Under Encryption Options:

Method
None

Under Hotspot Portal:

Hotspot (WISPr) Portal
Guest Wi-Fi
Bypass CNA
Off
Authentication Service
ON - Use Controller as proxy - Guest WiFi
Accounting Service
ON - Use Controller as Proxy - Guest WiFi Acct
Send interim update
every 2 Minutes

Under RADIUS Options:

NAS ID
AP MAC
Delimiter
Dash
Single Session ID Accounting
ON
Called Station ID
AP MAC

Click OK to save.

Step 4 - Northbound API

Click System > General Settings on the left and then the WISPr Northbound Interface tab. Cconfigure as follows:

Enable Northbound Portal Interface Support
ON
User Name
api
Password
enter any password you choose

Click OK to save.

 

To complete the set up you will need to log in to your portal, and under Management > Venues > Edit Venue > Options you will need to enter your SmartZone Public Hostname or IP, Northbound Username and the Northbound Password you chose above. This allows our system to talk to the SmartZone for authenticating users and is a mandatory step.

IMPORTANT: In order for our system to authenticate users, you are required to set up a Port Forward on your firewall/router to allow traffic inbound.

Please create a new port forward with the following:

Local/Internal IP
Your Smartzone internal LAN IP (e.g. 192.168.0.1)
Protocol
TCP
Destination Port
9080 (http) or 9443 (https; recommended)

 

The configuration is now complete.

 

 

To enable our SecurePass WiFi solution please complete the steps below. This enables a secure, seamless WiFi connection for repeat users.

Secure WiFi Configuration - PurpleConnex

On the top menu, go to Security > Authentication > Proxy (SZ Authenticator). Click Create and configure with: 

Under Wi-Fi Operator click Create and configure with:

Name: Purple-Secure-Rad-Auth
Service Protocol: RADIUS
Encryption: ON (TLS)
CN/SAN Identity: *.purple.ai
IP Address/FQDN: rad1-secure.purple.ai
Port: 2083

Click OK to Save. Next, on the top menu, go to Security > Accounting > Proxy. Click Create and configure with: 

Under Wi-Fi Operator click Create and configure with:

Name: Purple-Secure-Rad-Acct
Service Protocol: RADIUS Accounting
Encryption: ON (TLS)
CN/SAN Identity: *.purple.ai
IP Address/FQDN: rad1-secure.purple.ai
Port: 2083

Click OK to Save.  Next, on the top menu, go to Services> Hotspot 2.0

Under Wi-Fi Operator click Create and configure with:

Name: PurpleConnex
Domain Names: securewifi.purple.ai
Signup Security: Off
Friendly Names: Purple

Click OK to add. Under Identity Provider click Create and configure with:

Name: PurpleConnex
Realms:

Name: securewifi.purple.ai

Encoding: RFC-4282

EAP Methods #1: EAP-TTLS (click Create)

Auth Info: Non-EAP Inner Authentication Type

Auth Type: PAP

Click Next and Next again.

On the Authentication tab click Create and configure with:

Realm: securewifi.purple.ai
Service: [RADIUS] Purple-Secure-Rad-Auth

Click OK to add. Click Next.

On the Accounting tab click Enable Accounting and click Create. Configure with:

Realm: securewifi.purple.ai
Service: [RADIUS] Purple-Secure-Rad-Acct

Click OK to add. Click Next to Review and then OK to save.

The configuration is now complete.

 

Share online:
Was this article helpful?
0 out of 0 found this helpful