gyari's profile

16 Messages

 • 

498 Points

Tue, Apr 13, 2021 5:22 PM

Guest network related question

Hello!

I have a guest network at home and this network is for work related devices too. There was a time when i separated the two networks, but i had to rationalize my networks, so i decided to make one network instead of two. Is there any way to grant definite access for the work related devices? Now if i disconnect from the network and want to connect again after a run-down grace period i had to connect again on the captive portal. So i'd like to skip the captive portal only with my work related devices. Is there any possibility to do this?

Thanks any help you can provide!

503 Messages

 • 

6.1K Points

9 m ago

It is a bad idea to use Guest portal authentication for anything except plain unsecured Internet access. Guest portal is not secure, and doesn't provide traffic encryption. Use DPSK instead, and you'll have security and guaranteed connectivity.

16 Messages

 • 

498 Points

So are you suggesting to use a normal wifi network with Dynamic PSK enabled instead of a guest network ? And maybe i should configure all my other network for DPSK? I just read this article: link, and it seems as a really awesome feature.

9 Messages

 • 

150 Points

9 m ago

You can also setup a normal network and give it a whitelist (with DPSK or not) for access, this would allow you to only specify that the wifi has access to the WAN or to other guest friendly devices such as Sonos, AppleTV's or Printers.


Another approach if you're gear is capable is to setup a vlan for the guest network and have the guest wifi tied to the guest vlan.

16 Messages

 • 

498 Points

@pyro_guy 

DPSK seems a very good option, unfortunately i can't make it work. If you know how to set it up, you could help me out, i'd appreciate it!

I had a separate guest VLAN on my network, but there was too many WLAN network in my home, i had to do something about it, so i had to rally some of my network. For IOT i have a separate network.

9 Messages

 • 

150 Points

I haven't done a DPSK setup myself so I'm unfamiliar.

503 Messages

 • 

6.1K Points

Nowadays if you don't want to read manual, you can google and find video describing the process. This is manual: https://docs.ruckuswireless.com/unleashed/200.3/c-ZeroITandDPSK.html

There is video: https://www.youtube.com/watch?v=IaMyJ8kbV9w

So in future spend 15 seconds on google and find all you need -- Ruckus configuration is very well presented on youtube, in many cases by Ruckus or Rucks partner videos.

Kids now go directly this way, and, of cause, in some situation they get  to prank  videos, similar to such: https://www.youtube.com/watch?v=EDPoRmnHPCA , and kid sometimes even believe such pranks... 

But what you can expect from videos which propose you to double something for free? Yes, you are correct. 

16 Messages

 • 

498 Points

As i mentioned in my other thread i've checked the ruckus manuals and dug youtube for videos. Yes i can understand things better if i can watch it. I've followed the ruckus docs (exactly what you just linked to me) and the firewalls.com video, but in the documents i can't find any mention about creating roles and users under the admin settings. Now it is much clearer and simpler to make a Zero-IT enabled network. And thanks for the 1. video, it seems as a great channel. I'm not sure how i missed that.

Edit:

So i watched the video again. When he switch to the user's computer he says he is already connected to the network. With what credentials? With the WPA2 password? Then what's the point? He already can browse the internet. Just another gray point in the configuration...


And what if the network is separated from the Ruckus's main Network? I mean i have 5 VLANs on my network. Ruckus's IP come from a network which is unreachable from the guest network. When i set up the Zero-IT network it gives me the activation address of the Ruckus's address what in this case  can't reach. To clarify the situation (sorry i speak only the unifi terminology):

I have 3 networks:

192.168.1.0/24

192.168.2.0/24

192.168.3.0/24

Ruckus AP IP address: 192.168.1.3

The ruckus AP is connected to my unifi switch with a trunk port, the native network (i think it' called untagged VLAN) is: 192.168.1.0, the others are tagged VLANs. In the ruckus AP the 192.168.1.0 network is set as Access VLAN 1 ,the other gets there own VLAN numbers. Now if i'd like to set a Zero-IT network for the 192.168.3.0 network, i get the activation address as 192.168.1.3/activate. But what if i block the traffic through the 192.168.3.0 network to the 192.168.1.0 network on my router? How should i manage a situation like this if i don't want any communication between the two networks?

Sorry for my english, and for the long reply, i just like to understand it, and as you can see there are some gray holes even if you follow a video tutorial.

(edited)

Important Announcement