cancel
Showing results for 
Search instead for 
Did you mean: 

MAC Registration Redirection

b_g
New Contributor II

With Cloudpath, I've set up an enrollment workflow for MAC Registration according to the document "Cloudpath Enrollment System MAC Registration Configuration Guide, 5.8".

What doesn't work is the step "Register the MAC Address". I've filled out the URL of my vSZ, however, there is no port 9998 (as filled in when choosing the button "Ruckus SZ HTTPS") open on my vSZ. So I alway get a connection timeout when being redirected. Is there something I missed during configuration?

Also, can somebody explain, why this redirection is even needed since Cloudpath is used for MAC authentication?

7 REPLIES 7

eightohtwoeleve
Contributor III

Did you setup the WISPr Northbound Interface? What settings do you have for the Redirect Information under MAC Registration List? 

b_g
New Contributor II

Thanks for your answer. I've tried a little more and found a FW rule that was blocking this port. After opening this port, the redirect works, but somehow I'm being redirected back to Cloudpath, where I get a loop page asking me to continue to redirect or start over. This is how it look in enrollments:

Image_ images_messages_606dc5f187892d410a616d2c_edd028a1bbca999829165fd99ee53c1e_cloudpath_loop_page-bad63fff-e56e-40a4-91d8-e58d05b94f7d-783225376.png

And to your questions. No, I hadn't setup the WISPr Northbound Interface. I did now (with the User/PW of Cloudpath) but it doesn't look like it changes anything.

My redirect settings are as follows:

Image_ images_messages_606dc5f187892d410a616d2c_192fb39ba100ed8327a6a8b37c3c0675_cloudpath_redirect-8c252753-f478-4189-9ff5-5730d1a62a77-2070044324.png

That's interesting. Have you cleared out that MAC from Users and Devices to get back to a "clean" setup, then attempt it again. Your settings are the same that we have in production and it seems to work correctly. 

This can happen if RADIUS is not configured correctly in SmartZone.  Make sure that the IP address is correct and that the shared secrets are as well.  SZ (in proxy) or AP (non-proxy) and Cloudpath should be able to talk to each other.

You can run a RADIUS auth test in SmartZone to your Cloudpath server, if you get a timeout, you know something is amiss (shared secret/fw issue/wrong ip address).

If you are unsure of what ports are required for ingress/egress of Cloudpath, you can also use the Administration / Firewall Requirements page.  This page will change dynamically as well depending on your workflow.  This is also on-prem only.