B

8 Messages

 • 

202 Points

Wed, Apr 7, 2021 8:52 AM

MAC Registration Redirection

With Cloudpath, I've set up an enrollment workflow for MAC Registration according to the document "Cloudpath Enrollment System MAC Registration Configuration Guide, 5.8".

What doesn't work is the step "Register the MAC Address". I've filled out the URL of my vSZ, however, there is no port 9998 (as filled in when choosing the button "Ruckus SZ HTTPS") open on my vSZ. So I alway get a connection timeout when being redirected. Is there something I missed during configuration?

Also, can somebody explain, why this redirection is even needed since Cloudpath is used for MAC authentication?

Responses

190 Messages

 • 

3K Points

5 m ago

Did you setup the WISPr Northbound Interface? What settings do you have for the Redirect Information under MAC Registration List? 

8 Messages

 • 

202 Points

Thanks for your answer. I've tried a little more and found a FW rule that was blocking this port. After opening this port, the redirect works, but somehow I'm being redirected back to Cloudpath, where I get a loop page asking me to continue to redirect or start over. This is how it look in enrollments:

And to your questions. No, I hadn't setup the WISPr Northbound Interface. I did now (with the User/PW of Cloudpath) but it doesn't look like it changes anything.

My redirect settings are as follows:

190 Messages

 • 

3K Points

That's interesting. Have you cleared out that MAC from Users and Devices to get back to a "clean" setup, then attempt it again. Your settings are the same that we have in production and it seems to work correctly. 

Employee

 • 

17 Messages

 • 

262 Points

This can happen if RADIUS is not configured correctly in SmartZone.  Make sure that the IP address is correct and that the shared secrets are as well.  SZ (in proxy) or AP (non-proxy) and Cloudpath should be able to talk to each other.

You can run a RADIUS auth test in SmartZone to your Cloudpath server, if you get a timeout, you know something is amiss (shared secret/fw issue/wrong ip address).

If you are unsure of what ports are required for ingress/egress of Cloudpath, you can also use the Administration / Firewall Requirements page.  This page will change dynamically as well depending on your workflow.  This is also on-prem only.

8 Messages

 • 

202 Points

@christopher_mohammed I tested the RADIUS server and got the response "Primary Server : Failed! Reason: Invalid username or password." which, according to the manual, means that the connection works.

@eightohtwoeleven Looks like cleaning out the MAC addresses (Configuration/MAC Registration Lists/Modify List/Cleanup -> Delete Registered MACs) did the trick. MAC registration ist now working as expected!

190 Messages

 • 

3K Points

Glad it worked out for you. Can't tell you how many times just removing it, works. 

Employee

 • 

17 Messages

 • 

262 Points

5 m ago

Hi b_g,

Great question!  When you setup this in Cloudpath, the client/device will actually POST to the SmartZone port. So keep that in mind when working with MAC Registration workflow step.

When the client gets to that workflow step (mac-registration) Cloudpath will take the MAC address of the client (Cloudpath learns that on redirection) and stores it.  What SmartZone needs to do is authenticate the client again.  What Cloudpath will do is actually tell the client to do a POST to the SmartZone URL with it's credentials.  SmartZone takes those credentials that the client provided it and will do a lookup in Cloudpath.  Cloudpath will then send SmartZone an access accept message and the client is online.

You can see this in the Developer tools in a browser if you are interested!  It will show up as "hotspotlogin".  From there, you can see that the client does a POST to the SmartZone IP address with information that Cloudpath had provided it (those variables in the MAC-Reg workflow).

If you are using https 9998 I would recommend that you put a valid certificate on your SmartZone.

SZ should have that port available, and you can test that in a few different ways.  I am making an assumption that you can connnect to SmartZone without it being behind a FW or NAT or something else to inhibit communication.

Use Cloudpath's WLAN controller port checker (works on premise or hosted):

1. In Cloudpath, can you click on Support | Diagnostics

2. In the Diagnostics window, click the WLAN controller tab

3. If not already selected, select SmartZone

4. Enter in the IP address of the SmartZone controller

5. Click on "run" on the top right

6. You will get output showing what ports are available on the SZ

Example:

Use Telnet to connect to port 9998

1. On you computer open up a command prompt window/power shell window/terminal window

2. Type in "telnet <smartzone IP address> 9998"

3. You may get a response saying "Escape character is '^]'" or along those lines; if  you do, you are connected to that port on SmartZone.  (you can type in "?" once connected to get some information returned from the page).

Note:  If the port is not open, you will get a "connection refused".  If you cannot communicate with SmartZone, you will get a time out.

Regards,

Christopher

Important Announcement