I've plan to using Radius Server in Windows Server 2012.
I use 3 WLAN SSID that is :
- BOD (For BOD Access)
- Corporate (For the Employee using Notebook and access internal network)
- Guest (For Guest)
The Group Attribute are success to connect with roles+policies in Ruckus * Group Attribute in Windows Server 2012
- "Success! The user will be assigned a role of "Group Attribute AD-CBT". -
The Notebook Get the IP Address from DHCP Server , Gateway and DNS IP
The Problem is :
When i connected with "Corporate" SSID, i still cannot ping server in internal network.
(Notes : I'm using Dynamic IP)
Please help for urgent condition, haha. thanks everbody
Check that you really have proper corporate VLAN on switch port, to which AP is connected.
If it isn't the problem, than:
Check traffic on AP (use Wireshark capability in ZD diagnostic menu).
Check traffic on switch port (use switch port mirroring or monitoring feature.
Than you'll see where the communication is broken.
Do you have client isolation set to on? It may disable all communication between client and VLAN hosts before you create white list.
Hope it helps,
Thanks for reply my post.
There's no problem with VLAN Corporate ID, it was filled. and Client Isolation set to off
I'm using Windows Server 2012, and i try to build NPS for Radius Server.
Do you have any reference?
Thanks in advance,
There are something I would check:
1)check ur devices which IPs it get, what gateway, subnet....
2)If they not get the right IPs, mean the configuration is not correct. Either server or ZD.
3)if device get the right IPs, you should check again with your VLAN.
I would suggest you upload some pics in here, so we know what it's going on.
- IP Address, subnet, gateway , IP DNS have been broadcast to notebook (That's not problem)
- Check from ZD, Configure-AAA server (SS) - Not Problem and Success to connect with radius
- WLAN Config
- When i try to ping to internal network, the Result is Request Time Out.
I still doesn't have a solution.
It doesn't seem to be authentication -- as you are getting IP, it must be OK.
It seems that your VLAN tag is incorrect, when packets try to leave the AP, or communication is somehow disabled on VLAN side.
As far as I see on your pictures, all things on wireless side look correct.
To be 100% sure, I would check if in fact you have right VLAN communication on switch -- get another switch, configure on it trunk with proper VLANs, connect instead of AP, make aditional Access port in 58 Vlan, connect client there and check if everything works. If it works -- than you really have to proceed with traffic monitoring on AP, if not -- look for wired infrastructure (Access lists in switches may be the source of problem).
By the way, in what role your users are -- do they actually have Access to proper WLANs in the ZD?
I order to isolate .
- Could you create an TEST open SSID without encryption for same corp VLAN and test ?
- Also Do a trace route from the client to the internal server IP.
- Connect a laptop directly to the switch port in the same VLAN and see you can ping the internal network .