Hello everyone, we use ruckus in our K-12 environment. We have a zone director and roughly 200 AP's. These are implemented across 31 school and 6000 students, and approx 1000 staff. We have a great fiber network between all the buildings.
We use freeradius for against our LDAP, for WPA2 Enterprise Authentication. Currently, we have a radius server at each site, and then the School SSID points to that freeradius server, as a AAA radius server from the zonedirector. All school radius servers point to the top of our LDAP server, so any user walking in, can log in with thier LDAP credentials, and be on the wireless.
This is great for redundancy and load, however, over time, we have found that although staff and students can use the same credentials, to login into school SSID's, they seem to not like, or have trouble, re-entering in their same credentials, when they go to a different school site, it should be an easy task, since it is the same credentials everywhere, but it dosen't seem to work out that way for staff. So this leads me to my question.
We are going to do a redesign this summer, and have basically two SSID's everywhere. It will look somthing like this:
NTPS-Wireless (WPA2 Enterprise SSID, Auth against Radius) - This SSID will be the internal SSID for all trusted staff, and school owned devices, and will be rolled out at EVERY site
NTPS-BYOD (An isolated BYOD Network for everyone else coming in with thier own devices)
For the NTPS-Wireless network, I have some questions, that I am hoping someone has some solutions to.
1. How can I associate my NTPS-Wireless SSID with MORE than one radius server for redundency and load? For example, is there any way to do something like this:
Lets talk about zones. Is there a way to define a zone or rule, and then associate the SSID with a rule, so more than one zone can apply IE: Something like this:
Highschool ZONE is 10.3.0.1 - 10.3.6.254
Middle School Zone is 10.12.0.1 - 10.12.6.254
Then for the NTPS-Wireless:
If client is Highschool Zone use highschoolRADIUS (name of AAA defined freeradius server)
If client is Middle School Zone use middleschoolRAIDUS (name of AAA defined freeradius server)
This would REALLY solve my load problem, and I wouldn't have to worry about overload and using the same SSID everywhere, is there ANYTHING or ANYWAY to do something like this in the Zonedirector. I know it's possible, as I have seen it in other systems. Can I do something like this with the zone director?I know that the user probably dosen't have the IP yet for the handshake, so I looking to do something similar to the above, as it would solve all of my problems with the redesign. Similar ideas that accomplish the same result and solve the problem, would be VERY welcome 🙂 I really look forward to hearing from you all.
