cancel
Showing results for 
Search instead for 
Did you mean: 

cloudpath property management user traffic profile

norbert_k_hinna
New Contributor II

Hello,

Is there any way to select different user traffic profiles (smartzone) when creating users based on cloudpath property management system?

Thanks.

1 ACCEPTED SOLUTION

christopher_moh
New Contributor III

Hi Norbert,

 

Yes, you can use the Policy engine in Cloudpath to return a different user-role to SmartZone.  You can use the UNIT name as the DPSK reference name in a policy.  Using that policy, you can provide different Filter ID’s back to SmartZone.

 

I have a guide here, that will show an example of providing a Bronze level of service to users (25 Mbps up and down) vs Gold level of service (100 Mbps up and down) to users, but the user roles can be defined however you need to in SmartZone.

 

Let us use an example of a Bronze vs Gold service.

Overview:

 

In Cloudpath we will create units and pre-pend that unit with a service level bronze vs gold.

In Cloudpath we will create a policy that returns the Ruckus-User-Group as "bronze" to SmartZone and likewise for "Gold"

In SmartZone we will create two Traffic Profiles; Bronze giving 25 Mbps up and 25 Mbps down, and Gold giving 100 Mbps up and 100 Mbps down.

 

Cloudpath; create a bronze and a gold unit.

  1. Click on Managed Access | Property Management
  2. Click on the property that you want to change a unit to
  3. Click on Units Tab
  4. Create a Unit; pre-pend the word “bronze” in the unit number:

 

Image_ images_messages_6092b45fa31fd9684f29c596_074e0afc58007d012abd543057e1c8be_1-3d4e3fb3-8c8c-4e08-9f67-e12a8d084fe8-46734060.png

  1. Do the same for a “gold” unit:

Image_ images_messages_6092b45fa31fd9684f29c596_303b8b8d1d6393c7ca90e00f52f9d9dd_2-1f28c074-0cdd-4888-a933-55672e307c8a-47657581.png

If you look at the bronze unit, you can see that the DPSK reference name is named as <property_name>_<unit number>.  We can use this value to build a RADIUS DPSK policy on:

 

 

Image_ images_messages_6092b45fa31fd9684f29c596_49af98fe6d6cea4d05195cb10cb897bb_3-b7bfafbb-6abf-4b8d-8edb-52bc80d300fb-48581102.png
Image_ images_messages_6092b45fa31fd9684f29c596_20ce40379a8e9ec3a1c76da93004835b_4-6e4ead65-e5f8-4589-b5db-d2f92c2a8c9f-49504623.png

 

In Cloudpath, let’s create 2 RADIUS policies to return the user-role to SmartZone

  1. Click on Configuration | Policies
  2. Click the RADIUS Attribute Groups Tab

 

Image_ images_messages_6092b45fa31fd9684f29c596_a5c06f41a29a4b9a6c658ec18a0d0a19_5-e0f870fb-3c8a-4ff8-ba88-8c99d69bdc79-50428144.png

 

 

  1. Click on Add RADIUS Attribute Group

 

 

Image_ images_messages_6092b45fa31fd9684f29c596_17f9a2ff2138c9ec907a1d2bafe8d5cb_6-915e9f6f-5c70-461d-ac85-2f53d3f1e259-51351665.png

 

  1. Create a attribute group that returns the “Filter ID” as “bronze”

 

Image_ images_messages_6092b45fa31fd9684f29c596_a3b1b7fd6b74c8011a0ea24edb17f02c_7-dbd7e2d6-b7a8-44e1-89fa-5917846d8d64-52275186.png

  1. Click on Save
  2. Let’s do another policy for “gold”, so click on “Add RADIUS Attribute Group” again
  3. Create a gold attribute group that returns the “Filter ID” as “gold”

 

Image_ images_messages_6092b45fa31fd9684f29c596_a93d50746b61445fee2cb224039f086e_8-06215419-86a9-4348-96f8-ba30976ad97b-53198707.png

 

 

  1. Click on Save
  2. Click the Policies Tab | Add Policy

 

 

Image_ images_messages_6092b45fa31fd9684f29c596_ace0dbe90de7afc7ef271fdc7036e342_9-a70c810d-bbc9-41d8-8e97-b1e9c02605e7-54122228.png

  1. Create a “bronze_policy” that returns the Bronze Attribute group that you just created. We are going to use the DPSK reference name for the Unit (remember, we pre-pended the word “bronze” to it):
    Image_ images_messages_6092b45fa31fd9684f29c596_3949f5b20e465c4a19d3c975c230b70e_10-462e4137-8d4b-400a-bcdf-f3c621cff25d-1448638938.png
  2. Make sure that you have a “.*” at the beginning and end, which means, match anything, then the word bronze, and match anything after that. This is REGEX, and I typically use a few different sites to test these things.
  3. Make sure that you select the correct RADIUS attribute group you just created for BRONZE
  4. Click on Save.

 

NOTE:

To test REGEX, I like to use “https://regex101.com”; this can help with syntax, example; lets make sure the regex I wrote will catch the DPSK reference name of the bronze unit and not the gold unit:

 

Image_ images_messages_6092b45fa31fd9684f29c596_a4cc32e633dbbc2a11ccf38f4ee471da_11-229a8f42-ac92-4f0d-ba31-3848d36ebb66-1449562459.png

 

We can see that the REGEX will only match the first entry.

 

  1. Lets do a policy for “gold” users

 

Image_ images_messages_6092b45fa31fd9684f29c596_0cc2f34b2534e73350e5cf697de70230_12-56f8bcd2-63a2-437e-833b-0efc33635d8c-1450485980.png

 

  1. Click on Save
  2. You should have 2 policies now:

 

Image_ images_messages_6092b45fa31fd9684f29c596_010d233b98bb29af4d304214302a1465_13-4cd6c77d-60e6-4b43-9c83-e896c3ead861-1451409501.png
  1. Let’s apply the policies to your DPSK pools, click on Configuration | DPSK Pools
  2. Click the wrench beside you DPSK pool for the unit
  3. Click the RADIUS Policies tab
  4. Click on “+ Assign Policy” button
  5. Select the Bronze Policy and click on Save

 

Image_ images_messages_6092b45fa31fd9684f29c596_4f61d93ed9c104adb9e791e40702beff_14-94055c94-dca0-4e5e-b96d-53cf593d1982-1452333022.png

 

  1. Do the same for the gold policy
  2. You should have 2 policies now

 

Image_ images_messages_6092b45fa31fd9684f29c596_e0baefab04b0b3fce29c7d64d8f1fe72_15-629f306d-1e94-4e6c-b842-dab450d2330b-1453256543.png

 

 

SmartZone:

Now that Cloudpath is setup with policies to return a different Filter ID to SmartZone, SmartZone has to be configured  to take that value and apply it to a user role.

 

  1. In SmartZone, edit the Cloudpath Authentication Server
  2. Scroll to the bottom of the Cloudpath Authentication server window to “User Role Mapping”
  3. Click on the Create button

 

Image_ images_messages_6092b45fa31fd9684f29c596_397739bde3184d64f0139757b4160435_16-26787e1c-b31b-46b5-ab46-840e98c0fd19-1454180064.png

 

  1. The Group Attribute Value MUST match the Filter ID returned from Cloudpath (“bronze”):

 

Image_ images_messages_6092b45fa31fd9684f29c596_7e0519751b5ce08347be763b16b739b1_17-db721dcb-414e-42a5-ab93-a28a7415d822-1455103585.png
  1. Click on the + button to setup your parameters for the user.
  2. We are going to add a role name of “bronze_units” and add a firewall profile for 25 Mbps service

 

Image_ images_messages_6092b45fa31fd9684f29c596_871abb96eadacd434827f73dc50481df_18-5b67a71e-4c1d-4aa3-a760-72deac7f97a5-1456027106.png
Image_ images_messages_6092b45fa31fd9684f29c596_fc356763415d6b5245095091dd263c52_19-c45ef141-0da0-4f30-bcf4-60b612c8402f-1456950627.png
  1. Click on OK
  2. Click on OK
  3. Click on OK to return to the user Role Mapping screen
  4. Create another one for “gold” with 100 Mbps FW traffic profile
  5. Group attribute Value needs to match the “Filter ID” returned from Cloudpath, in our case “gold”

 

Image_ images_messages_6092b45fa31fd9684f29c596_c4efb439e8b62fa099d10c97137df612_20-060e64a8-e864-46df-8363-7ecd767fe8b2-1477268089.png
  1. Create a User Role and a FW profile like we did for bronze, but for 100 Mbps service

 

Image_ images_messages_6092b45fa31fd9684f29c596_57f35dee62bcdac3021e49214745b865_21-925c8b95-2529-45ac-99cf-fe62698c0f66-1478191610.png
  1. Click on OK
  2. Click on OK
  3. Click on OK
  4. You should have two user-role mappings

 

Image_ images_messages_6092b45fa31fd9684f29c596_4e60ff6844ce5dc704e78ce3cde8a534_22-78015f7d-2d26-4a7f-9c76-f47fb7d7e83c-1479115131.png
  1. Click on OK to close the Cloudpath Authentication Server.

 

 

Testing!

 

You can test this using the CCD of SmartZone:

 

  1. Example of a “bronze” unit returned Filter ID attribute:
Image_ images_messages_6092b45fa31fd9684f29c596_9c4621e46262ca3688070a1bfc8dc9f0_23-c1643817-7131-4ea2-9d2f-79572b7e6303-1480038652.png

 

You can see the radius policy being hit in Cloudpath:

 

 

Image_ images_messages_6092b45fa31fd9684f29c596_b81ddec68134898d7cd457cd46e45d8d_24-368d136d-3dcd-48b8-b16b-8b1712a0d12c-1480962173.png

 

 

 

 

 

 

 

 

 

View solution in original post

2 REPLIES 2

christopher_moh
New Contributor III

Hi Norbert,

 

Yes, you can use the Policy engine in Cloudpath to return a different user-role to SmartZone.  You can use the UNIT name as the DPSK reference name in a policy.  Using that policy, you can provide different Filter ID’s back to SmartZone.

 

I have a guide here, that will show an example of providing a Bronze level of service to users (25 Mbps up and down) vs Gold level of service (100 Mbps up and down) to users, but the user roles can be defined however you need to in SmartZone.

 

Let us use an example of a Bronze vs Gold service.

Overview:

 

In Cloudpath we will create units and pre-pend that unit with a service level bronze vs gold.

In Cloudpath we will create a policy that returns the Ruckus-User-Group as "bronze" to SmartZone and likewise for "Gold"

In SmartZone we will create two Traffic Profiles; Bronze giving 25 Mbps up and 25 Mbps down, and Gold giving 100 Mbps up and 100 Mbps down.

 

Cloudpath; create a bronze and a gold unit.

  1. Click on Managed Access | Property Management
  2. Click on the property that you want to change a unit to
  3. Click on Units Tab
  4. Create a Unit; pre-pend the word “bronze” in the unit number:

 

Image_ images_messages_6092b45fa31fd9684f29c596_074e0afc58007d012abd543057e1c8be_1-3d4e3fb3-8c8c-4e08-9f67-e12a8d084fe8-46734060.png

  1. Do the same for a “gold” unit:

Image_ images_messages_6092b45fa31fd9684f29c596_303b8b8d1d6393c7ca90e00f52f9d9dd_2-1f28c074-0cdd-4888-a933-55672e307c8a-47657581.png

If you look at the bronze unit, you can see that the DPSK reference name is named as <property_name>_<unit number>.  We can use this value to build a RADIUS DPSK policy on:

 

 

Image_ images_messages_6092b45fa31fd9684f29c596_49af98fe6d6cea4d05195cb10cb897bb_3-b7bfafbb-6abf-4b8d-8edb-52bc80d300fb-48581102.png
Image_ images_messages_6092b45fa31fd9684f29c596_20ce40379a8e9ec3a1c76da93004835b_4-6e4ead65-e5f8-4589-b5db-d2f92c2a8c9f-49504623.png

 

In Cloudpath, let’s create 2 RADIUS policies to return the user-role to SmartZone

  1. Click on Configuration | Policies
  2. Click the RADIUS Attribute Groups Tab

 

Image_ images_messages_6092b45fa31fd9684f29c596_a5c06f41a29a4b9a6c658ec18a0d0a19_5-e0f870fb-3c8a-4ff8-ba88-8c99d69bdc79-50428144.png

 

 

  1. Click on Add RADIUS Attribute Group

 

 

Image_ images_messages_6092b45fa31fd9684f29c596_17f9a2ff2138c9ec907a1d2bafe8d5cb_6-915e9f6f-5c70-461d-ac85-2f53d3f1e259-51351665.png

 

  1. Create a attribute group that returns the “Filter ID” as “bronze”

 

Image_ images_messages_6092b45fa31fd9684f29c596_a3b1b7fd6b74c8011a0ea24edb17f02c_7-dbd7e2d6-b7a8-44e1-89fa-5917846d8d64-52275186.png

  1. Click on Save
  2. Let’s do another policy for “gold”, so click on “Add RADIUS Attribute Group” again
  3. Create a gold attribute group that returns the “Filter ID” as “gold”

 

Image_ images_messages_6092b45fa31fd9684f29c596_a93d50746b61445fee2cb224039f086e_8-06215419-86a9-4348-96f8-ba30976ad97b-53198707.png

 

 

  1. Click on Save
  2. Click the Policies Tab | Add Policy

 

 

Image_ images_messages_6092b45fa31fd9684f29c596_ace0dbe90de7afc7ef271fdc7036e342_9-a70c810d-bbc9-41d8-8e97-b1e9c02605e7-54122228.png

  1. Create a “bronze_policy” that returns the Bronze Attribute group that you just created. We are going to use the DPSK reference name for the Unit (remember, we pre-pended the word “bronze” to it):
    Image_ images_messages_6092b45fa31fd9684f29c596_3949f5b20e465c4a19d3c975c230b70e_10-462e4137-8d4b-400a-bcdf-f3c621cff25d-1448638938.png
  2. Make sure that you have a “.*” at the beginning and end, which means, match anything, then the word bronze, and match anything after that. This is REGEX, and I typically use a few different sites to test these things.
  3. Make sure that you select the correct RADIUS attribute group you just created for BRONZE
  4. Click on Save.

 

NOTE:

To test REGEX, I like to use “https://regex101.com”; this can help with syntax, example; lets make sure the regex I wrote will catch the DPSK reference name of the bronze unit and not the gold unit:

 

Image_ images_messages_6092b45fa31fd9684f29c596_a4cc32e633dbbc2a11ccf38f4ee471da_11-229a8f42-ac92-4f0d-ba31-3848d36ebb66-1449562459.png

 

We can see that the REGEX will only match the first entry.

 

  1. Lets do a policy for “gold” users

 

Image_ images_messages_6092b45fa31fd9684f29c596_0cc2f34b2534e73350e5cf697de70230_12-56f8bcd2-63a2-437e-833b-0efc33635d8c-1450485980.png

 

  1. Click on Save
  2. You should have 2 policies now:

 

Image_ images_messages_6092b45fa31fd9684f29c596_010d233b98bb29af4d304214302a1465_13-4cd6c77d-60e6-4b43-9c83-e896c3ead861-1451409501.png
  1. Let’s apply the policies to your DPSK pools, click on Configuration | DPSK Pools
  2. Click the wrench beside you DPSK pool for the unit
  3. Click the RADIUS Policies tab
  4. Click on “+ Assign Policy” button
  5. Select the Bronze Policy and click on Save

 

Image_ images_messages_6092b45fa31fd9684f29c596_4f61d93ed9c104adb9e791e40702beff_14-94055c94-dca0-4e5e-b96d-53cf593d1982-1452333022.png

 

  1. Do the same for the gold policy
  2. You should have 2 policies now

 

Image_ images_messages_6092b45fa31fd9684f29c596_e0baefab04b0b3fce29c7d64d8f1fe72_15-629f306d-1e94-4e6c-b842-dab450d2330b-1453256543.png

 

 

SmartZone:

Now that Cloudpath is setup with policies to return a different Filter ID to SmartZone, SmartZone has to be configured  to take that value and apply it to a user role.

 

  1. In SmartZone, edit the Cloudpath Authentication Server
  2. Scroll to the bottom of the Cloudpath Authentication server window to “User Role Mapping”
  3. Click on the Create button

 

Image_ images_messages_6092b45fa31fd9684f29c596_397739bde3184d64f0139757b4160435_16-26787e1c-b31b-46b5-ab46-840e98c0fd19-1454180064.png

 

  1. The Group Attribute Value MUST match the Filter ID returned from Cloudpath (“bronze”):

 

Image_ images_messages_6092b45fa31fd9684f29c596_7e0519751b5ce08347be763b16b739b1_17-db721dcb-414e-42a5-ab93-a28a7415d822-1455103585.png
  1. Click on the + button to setup your parameters for the user.
  2. We are going to add a role name of “bronze_units” and add a firewall profile for 25 Mbps service

 

Image_ images_messages_6092b45fa31fd9684f29c596_871abb96eadacd434827f73dc50481df_18-5b67a71e-4c1d-4aa3-a760-72deac7f97a5-1456027106.png
Image_ images_messages_6092b45fa31fd9684f29c596_fc356763415d6b5245095091dd263c52_19-c45ef141-0da0-4f30-bcf4-60b612c8402f-1456950627.png
  1. Click on OK
  2. Click on OK
  3. Click on OK to return to the user Role Mapping screen
  4. Create another one for “gold” with 100 Mbps FW traffic profile
  5. Group attribute Value needs to match the “Filter ID” returned from Cloudpath, in our case “gold”

 

Image_ images_messages_6092b45fa31fd9684f29c596_c4efb439e8b62fa099d10c97137df612_20-060e64a8-e864-46df-8363-7ecd767fe8b2-1477268089.png
  1. Create a User Role and a FW profile like we did for bronze, but for 100 Mbps service

 

Image_ images_messages_6092b45fa31fd9684f29c596_57f35dee62bcdac3021e49214745b865_21-925c8b95-2529-45ac-99cf-fe62698c0f66-1478191610.png
  1. Click on OK
  2. Click on OK
  3. Click on OK
  4. You should have two user-role mappings

 

Image_ images_messages_6092b45fa31fd9684f29c596_4e60ff6844ce5dc704e78ce3cde8a534_22-78015f7d-2d26-4a7f-9c76-f47fb7d7e83c-1479115131.png
  1. Click on OK to close the Cloudpath Authentication Server.

 

 

Testing!

 

You can test this using the CCD of SmartZone:

 

  1. Example of a “bronze” unit returned Filter ID attribute:
Image_ images_messages_6092b45fa31fd9684f29c596_9c4621e46262ca3688070a1bfc8dc9f0_23-c1643817-7131-4ea2-9d2f-79572b7e6303-1480038652.png

 

You can see the radius policy being hit in Cloudpath:

 

 

Image_ images_messages_6092b45fa31fd9684f29c596_b81ddec68134898d7cd457cd46e45d8d_24-368d136d-3dcd-48b8-b16b-8b1712a0d12c-1480962173.png

 

 

 

 

 

 

 

 

 

Hello Christopher,
Thank you for your reply and detailed guide.


I did actually manage to create a similar solution. But I put all the units in the regex as a list, like this:


\b(?:unit1|unit2|unit3|unit4)\b

This will of course become an operational nightmare since you have to move users in and out of the different list when they change there subscription (could possible automate this with API). I was afraid that your solution would make a new DPSK for the tenant so they would need to change password (or change it back in the tenant portal). But i noticed that the DPSK also change name when you change unit name. So I prefer your solution. Thanks.