MAC address authentication on Ruckus Smartzone-E 3.6

  • 1
  • Question
  • Updated 21 hours ago
  • Answered
I am looking a solution as MAC address authentication on Ruckus Smartzone-E  3.6 with Radius server. Is it possible Version 3.6?

Regards,
Deepak Kumar

Photo of Deepak Kumar 1

Deepak Kumar 1

  • 5 Posts
  • 0 Reply Likes

Posted 11 months ago

  • 1
Photo of Deepak Kumar 1

Deepak Kumar 1

  • 5 Posts
  • 0 Reply Likes
Yes, it is possible. It's confirmed.
Photo of Thomas Carter

Thomas Carter

  • 3 Posts
  • 0 Reply Likes
Yes, we do this with PacketFence with a vSZ running 3.6.1.
Photo of Diego Garcia del Rio

Diego Garcia del Rio

  • 66 Posts
  • 24 Reply Likes
Hi Thomas,

Which version of PF are you using? I also have a few sites with Packet Fence and had to tweak it quite a bit
Photo of Thomas Carter

Thomas Carter

  • 3 Posts
  • 0 Reply Likes
We're running 5.4 and just transitioned to Ruckus this year. I believe I did have to make a small change to the Ruckus "switch" code in PF that I believe is resolved in the latest version of PF. We actually would have migrated to a newer PF but wanted to make one big change (migration to Ruckus) at a time.
Photo of Diego Garcia del Rio

Diego Garcia del Rio

  • 66 Posts
  • 24 Reply Likes
Thanks! Im on 8.1 and 7.5 on different schools. Using ZoneDirector (on 7.5) and 8.1 with SmartZone 3.6.0. It would be good to talk off-line. Im at dgarcia(at)mediatel.com.ar

Cheers!
Photo of Claudinir Carfaro

Claudinir Carfaro

  • 1 Post
  • 0 Reply Likes

Hello! I need help. I am using virtual smartphone 3.6.1 with packetfence 8.1.0. after authentication I get the error:

Dec  5 16:07:50 packetfence pfqueue: pfqueue(4096) ERROR: [mac:9c:4e:36:9d:15:10] Failed to contact Ruckus for deauthentication: 500 Can't connect to xxx.xxx.xxx.xxx:9443 (certificate verify failed) (pf::Switch::Ruckus::SmartZone::deauthenticateMacWebservices)


even after running the no-encrypt command on the smartzone controller




Photo of Diego Garcia del Rio

Diego Garcia del Rio

  • 66 Posts
  • 24 Reply Likes
Are you trying to do radius de-auth or using web-services? the error you're seeing seems to be tied to not having a proper cert on smartzone. You can use port 9080 instead of 9443 for non-TLS channel.
Photo of EightOhTwoEleven

EightOhTwoEleven

  • 98 Posts
  • 25 Reply Likes
We authenticate users for MAC authentication using AD servers and CloudPath (vSZ 5.0). Works like a charm.
Photo of Deepak Kumar 1

Deepak Kumar 1

  • 5 Posts
  • 0 Reply Likes
HI,
Is it possible to share NPS and AD server's configuration guide? I implemented AD username and password authentication many times but MAC authentication is the first time. If it is possible.   Any URL.
Photo of EightOhTwoEleven

EightOhTwoEleven

  • 98 Posts
  • 25 Reply Likes
This is basically our setup:
  1. Hotspot (WISPr) wireless LAN in vSZ (auth method MAC, no encryption), linked to hotspot portal
  2. Hotspot portal setup in vSZ to point to CloudPath
  3. AD server auth setup in CloudPath
  4. Workflow in CloudPath for register MAC address using AD auth servers
A lot of it is self-explanatory. And we don't use RADIUS for MAC auth, as it's not needed. We just use RADIUS for PEAP/TLS with certificates.
(Edited)
Photo of Scott Lu

Scott Lu

  • 1 Post
  • 0 Reply Likes
We are running PacketFence/SZ with AD, SMS, local username/password works perfect, but we have email issue, PF/SZ couldn't "deauth" when time is up, PF unregistered the client but SZ still authenticated the client, here is error message from PF "According to rules in fetchRoleForNode this node must be kicked out. Returning USERLOCK (pf::Switch::handleRadiusDeny)".

Thanks,
Photo of Diego Garcia del Rio

Diego Garcia del Rio

  • 67 Posts
  • 24 Reply Likes
do you know if you're using RADIUS based de-auth or web-services? If using radius, you have to use smartzone as RADIUS proxy and not do RADIUS directly from the APs. I am using RADIUS directly from the APs and de-auth via web-services from PF to SZ. I had to do some small changes to PF but nothing huge.