deepak_kumar_1's profile

5 Messages

 • 

122 Points

Wed, Oct 3, 2018 6:03 AM

Answered

MAC address authentication on Ruckus Smartzone-E 3.6

I am looking a solution as MAC address authentication on Ruckus Smartzone-E  3.6 with Radius server. Is it possible Version 3.6?

Regards,
Deepak Kumar

5 Messages

 • 

122 Points

3 y ago

Yes, it is possible. It's confirmed.

3 Messages

 • 

140 Points

3 y ago

Yes, we do this with PacketFence with a vSZ running 3.6.1.

154 Messages

 • 

2.7K Points

Hi Thomas,

Which version of PF are you using? I also have a few sites with Packet Fence and had to tweak it quite a bit

3 Messages

 • 

140 Points

We're running 5.4 and just transitioned to Ruckus this year. I believe I did have to make a small change to the Ruckus "switch" code in PF that I believe is resolved in the latest version of PF. We actually would have migrated to a newer PF but wanted to make one big change (migration to Ruckus) at a time.

154 Messages

 • 

2.7K Points

Thanks! Im on 8.1 and 7.5 on different schools. Using ZoneDirector (on 7.5) and 8.1 with SmartZone 3.6.0. It would be good to talk off-line. Im at dgarcia(at)mediatel.com.ar

Cheers!

1 Message

 • 

60 Points


Hello! I need help. I am using virtual smartphone 3.6.1 with packetfence 8.1.0. after authentication I get the error:

Dec  5 16:07:50 packetfence pfqueue: pfqueue(4096) ERROR: [mac:9c:4e:36:9d:15:10] Failed to contact Ruckus for deauthentication: 500 Can't connect to xxx.xxx.xxx.xxx:9443 (certificate verify failed) (pf::Switch::Ruckus::SmartZone::deauthenticateMacWebservices)


even after running the no-encrypt command on the smartzone controller




154 Messages

 • 

2.7K Points

Are you trying to do radius de-auth or using web-services? the error you're seeing seems to be tied to not having a proper cert on smartzone. You can use port 9080 instead of 9443 for non-TLS channel.

192 Messages

 • 

3K Points

3 y ago

We authenticate users for MAC authentication using AD servers and CloudPath (vSZ 5.0). Works like a charm.

5 Messages

 • 

122 Points

HI,
Is it possible to share NPS and AD server's configuration guide? I implemented AD username and password authentication many times but MAC authentication is the first time. If it is possible.   Any URL.

192 Messages

 • 

3K Points

This is basically our setup:
  1. Hotspot (WISPr) wireless LAN in vSZ (auth method MAC, no encryption), linked to hotspot portal
  2. Hotspot portal setup in vSZ to point to CloudPath
  3. AD server auth setup in CloudPath
  4. Workflow in CloudPath for register MAC address using AD auth servers
A lot of it is self-explanatory. And we don't use RADIUS for MAC auth, as it's not needed. We just use RADIUS for PEAP/TLS with certificates.

20 Messages

 • 

322 Points

Hi EightOhTwoEleven 
can you please share the WF step of setting up CloudPath for register MAC address using AD auth servers

1 Message

 • 

60 Points

2 y ago

We are running PacketFence/SZ with AD, SMS, local username/password works perfect, but we have email issue, PF/SZ couldn't "deauth" when time is up, PF unregistered the client but SZ still authenticated the client, here is error message from PF "According to rules in fetchRoleForNode this node must be kicked out. Returning USERLOCK (pf::Switch::handleRadiusDeny)".

Thanks,

154 Messages

 • 

2.7K Points

do you know if you're using RADIUS based de-auth or web-services? If using radius, you have to use smartzone as RADIUS proxy and not do RADIUS directly from the APs. I am using RADIUS directly from the APs and de-auth via web-services from PF to SZ. I had to do some small changes to PF but nothing huge.

477 Messages

 • 

5.9K Points

Hello, dear Diego,
As I understand, you have working combination of vSZ and PF.

I am stuck with combination of vSZ v.5.1.2 and PF 9.0.1. Users get to captive portal and get through registration steps, even get PF confirmation, but authentication on vSZ doesn't happen, and connection to Internet is not established.
Seems that PF isn't enabling user through WEB-service. We use guest access without password.
MAC and IP encryption in requests is disabled on vSZ.
Status of user in vSZ is unauthorised. Any ideas will be appreciated. You can reach me on eizens (at) e-meter.lv It would be great to have off-line conversation about this.

Thanks in advance,
Eizens

154 Messages

 • 

2.7K Points

just sent you an email. let me know

477 Messages

 • 

5.9K Points

Received first e-mail, sent info, but haven't got any farther communication - may be mails are not going and I need to switch to gmail?
Thanks in advance,
Eizens

31 Messages

 • 

656 Points

I am having the same issue using PF 10.1.
Can you please share how you guys are able to resolve this ?

Using a ssid with hotspot, based on what I understand it should use the Northbound Portal Interface to communicate with the pf server about the auth user status, but I didn't see any place where there is a exchange message been sended.
any help is appreciate. Thanks in advance.

1 Message

 • 

60 Points

2 m ago

Hey all,

i try also using PF with Ruckus Smartzone.

It's working fine till i won't to deauth a Client.

I always get the Message (from PF-Log):

Unable to perform RADIUS Disconnect/CoA Request: Timeout waiting for a reply from *IP-Smartzone* on port 1700...

can anyone help to solf the Problem?

Thanks

(edited)

477 Messages

 • 

5.9K Points

2 m ago

Hello, 

We have this issue in the past (as you can see in the beginning of the topic). Later I have seen this issue with PF multiple times.

To authenticate user on SZ the very first time, web service is used. next request (when reconnecting) are handled through Radius. If you want to disconnect client -- it again is done through WEB-service. 

 

By default Webservice uses https, and you must have proper public SSL certificates on both sides (and request must be made to SZ  by name, not IP -- otherwise certificate will be not accepted). If certificate isn't trusted,  webservice request is silently dropped. You can check it switching to http for webservice instead of https -- if it works, problem is certificates. As webservice is normally limited to closed network, you even can stay with http.   

Shure sign that it is this issue is behaviour, when client isn't connected to network after authentication, but when reconnects -- is connected immediately.  

(edited)

Important Announcement