Skip to main content

9 Messages

 • 

170 Points

Tue, Oct 13, 2015 8:31 AM

Onboarding (Zero IT) with vSZ. Authentication issue.

Hi,
We are trying to set up a BYOD WLAN with Onboarding (Zero IT) but cant seem to get the register device authentication to work.

Ruckus Support have spent a lot of time to try to help with this issue remotely. They have verrified that our vSZ is configured correct and that our NPS (2012) which we use as RADIUS-server have the right policies.

Despite this we cant get the authentication to work. 
When we try to authenticate in the register device portal we get "Internal server error".
The NPS logs 2 events every time; 6278 and 6272. Both with Audit Success. Both logs says that the user is granted full network access and match the policy we have set up for Secure Wireless Connection.

Ruckus Support ran a tcpdump on our vSZ to see what traffic passes during authentication and there we can see an Access Reject " Access Reject (3), id: 0x0d, Authenticator:xxxxxxxx"

vSZ is located externally and our NPS is local.
On NPS side we have port 1812 and 1813 open and we have all ports open for vSZ services on that side.

According to Ruckus Support the issue is on our RADIUS side but I cant seem to figure out where to contiune troubleshoot this as "everything is configured by the book". 

If anyone would have some suggestions or input that could point me in the right direction I would appreciate it a lot.
Thank you.

Responses

21 Messages

 • 

324 Points

5 years ago

Have you tried turning off the external firewall, and internal { vSZ firewall.}  { Redhat }.. Just to see if its something to do with the firewall settings..  Suggestion..

9 Messages

 • 

170 Points

5 years ago

Thank you for the suggestion Gerard. We disabled the firewall completely on vSZ-side with no change. Today we will set up a seperate RADIUS server on a virtual client so we can se if it is our NPS that is causing this.

21 Messages

 • 

324 Points

5 years ago

What is the account back link command ( *.  )?

9 Messages

 • 

170 Points

5 years ago

Hello Gerard,
Im not sure what you are reffering to here. Please clarify. I am not the one handling the server on vSZ side and I am not used to Linux. Thank you.

21 Messages

 • 

324 Points

5 years ago

Best asking one of the more experienced members, I could be pointing you in the wrong direction.  I was thinking along the lines of the wall garden, and the allowed list. But I don't believe that applies in your case.