Onboarding (Zero IT) with vSZ. Authentication issue.

  • 1
  • Question
  • Updated 2 years ago
Hi,
We are trying to set up a BYOD WLAN with Onboarding (Zero IT) but cant seem to get the register device authentication to work.

Ruckus Support have spent a lot of time to try to help with this issue remotely. They have verrified that our vSZ is configured correct and that our NPS (2012) which we use as RADIUS-server have the right policies.

Despite this we cant get the authentication to work. 
When we try to authenticate in the register device portal we get "Internal server error".
The NPS logs 2 events every time; 6278 and 6272. Both with Audit Success. Both logs says that the user is granted full network access and match the policy we have set up for Secure Wireless Connection.

Ruckus Support ran a tcpdump on our vSZ to see what traffic passes during authentication and there we can see an Access Reject " Access Reject (3), id: 0x0d, Authenticator:xxxxxxxx"

vSZ is located externally and our NPS is local.
On NPS side we have port 1812 and 1813 open and we have all ports open for vSZ services on that side.

According to Ruckus Support the issue is on our RADIUS side but I cant seem to figure out where to contiune troubleshoot this as "everything is configured by the book". 

If anyone would have some suggestions or input that could point me in the right direction I would appreciate it a lot.
Thank you.
Photo of Niklas Ejderfjäll

Niklas Ejderfjäll

  • 7 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Gerard

Gerard

  • 20 Posts
  • 1 Reply Like
Have you tried turning off the external firewall, and internal { vSZ firewall.}  { Redhat }.. Just to see if its something to do with the firewall settings..  Suggestion..
Photo of Niklas Ejderfjäll

Niklas Ejderfjäll

  • 7 Posts
  • 0 Reply Likes
Thank you for the suggestion Gerard. We disabled the firewall completely on vSZ-side with no change. Today we will set up a seperate RADIUS server on a virtual client so we can se if it is our NPS that is causing this.
Photo of Gerard

Gerard

  • 20 Posts
  • 1 Reply Like
What is the account back link command ( *.  )?
Photo of Niklas Ejderfjäll

Niklas Ejderfjäll

  • 7 Posts
  • 0 Reply Likes
Hello Gerard,
Im not sure what you are reffering to here. Please clarify. I am not the one handling the server on vSZ side and I am not used to Linux. Thank you.
Photo of Gerard

Gerard

  • 20 Posts
  • 1 Reply Like
Best asking one of the more experienced members, I could be pointing you in the wrong direction.  I was thinking along the lines of the wall garden, and the allowed list. But I don't believe that applies in your case.