2013-07-09

I recently converted my standalone Ruckus AP to controller based mode. The specific model of controller I am using is the ZoneDirector 1100 running software version 9.4. I wanted to expand the capabilities of my wireless network and allow temporary Wireless Guest access. The process was quite intuitive and I found the ZoneDirector interface easy to navigate. This article will walk through the process I used for configuring a Wireless Guest network using the Ruckus ZoneDirector.

ZoneDirector Interface


The ZoneDirector interface is fairly simple and intuitive. After connecting to the web interface, an administrator will find four primary tabs across the top of the page. Most of this article will focus subcomponents of the Configuration tab. After choosing this tab, a vertical menu appears on the left side of the page. The features that are used in this article are found within the WLANs, Users and Guest Access tabs.

Configuring Guest Access

The Guest Access option on the vertical menu provides access to the parameters that will control the behavior seen right after a guest connects to the wireless network. The first option I chose forces users of the guest network to authenticate. As shown below, I have also enabled a feature that allows the creation of “shared” credentials and checked the option to display a legal disclaimer.



All other parameters on this page were left to their default settings. I do want to mention the restricted subnet section allows for traffic filters to be configured. By default, communications to all private addresses is filtered.



Configuring the Guest WLAN

After configuring the appropriate Guest Access parameters, the next step involved creating a WLAN (which is bound to an SSID) to enable as a “Guest” network. The one I created is called PGUEST. This was done by clicking WLAN and Create New. Then I simply filled out the applicable information. Under Type, I changed the radio button to Guest Access. I left Wireless Client Isolation set to Full to provide protection between wireless clients.

Worth noting, I left Authentication set to open and Encryption Method set to None. This does not provide any encryption to your guest users. If you have regard for the privacy of your guest users, this should be rectified by choosing a current authentication and encryption method. While this will increase the difficulty of the connection process for the users, it will further secure the wireless environment.

Create User Account for Creating Access Tokens

At this point, the only thing left is to generate some guest password tokens and test the process. A prerequisite to this is creating a local user account that will be used to request access tokens for the Guests. The default administrative account doesn’t seem to have that ability. These local user accounts are not required for the guests. I created the an account by choosing Users from the horizontal menu, then clicking Create New.

Creating Guest Passwords

Using the newly created user account, guest passwords can be generated by pointing a browser toward the following url.

https://192.168.1.4/guestpass  (where 192.168.1.4 is the ZoneDirector IP Address)

After authenticating with the local user account, a web form will be presented. I created a token for a fictitious user. If more than one guest network is configured, it is important confirm that the correct one is shown. After clicking Next, the interface presents the option to view and print the instructions  and password for the guest users.

Testing Guest Network

To test, I simply connected to the PGUEST SSID. The first access to a website was properly intercepted and redirected. The redirected page prompted for the Guest Password. After entering the provided password, I was presented with the terms of use. Accepting the terms allowed me to access the Internet but restricted access to all other internal IP addresses.

Conclusion

This article has demonstrated the process of allowing controlled guest access in a Ruckus Wireless environment. This method provides administrators of any size network a starting point to solving the associated challenges. While there are additional methods that can be employed for traffic segregation and authentication, Ruckus provides filtering tools to protect other Wireless users as well as the internal private address space. As with any solution, administrators should test and understand the guest wireless configuration prior enabling it on a production network.

Disclaimer: Ruckus was a sponsor for Networking Field Day 5. As a result, their sponsorship covered a portion of the cost of my travel and expenses associated with my attendance to this event. This article itself was written without any restrictions or requirement to do so. My opinions on this product are my own and are accurately reflected.

The post Configuring Ruckus ZoneDirector for Wireless Guest Access appeared first on PacketU.

Show more