Manage a Ruckus network of AP's connected to a zonedirector. All clients are given an IP over a VLAN (seperate to managment VLAN). Clients joining the network are taken to Ruckus Login page, details are verified against Radius server located off site.
We have one client wanting to connect PS3. The PS3 connects, is given a valid IP and through the WWW browser login in with their details. We can see that the request is validated as OK by the Radius server.
However, it look like the PS3 authentication times out on the PS3. Also, Dashboard shows device as unauthenticated. After a few minutes (5) Ruckaus dashboard shows client disconnected due to timeout. The person has authenticated other devices like his phone OK. Nothing wrong with Username/Password combination. But I would envisage that once AAA sends acceptance, the Zone Director would note MAC as authorised so that when PS3 connects again it automatically passes through (we have a long grace period).
I am wondering what route the AAA message comes back? does the AAA message accepting the client go via Zonedirector. Would Zonedirector therefore not register the device as authorised even if device has 'timed out'?
Zonedirector shows AAA packets sent and no missed and no retries.
Yes, the ZoneDirector is the NAS on behalf of wireless clients, to your RADIUS
server. To see the complete exchange between them, go to Administer/Diagnostics
page and enable the debug components RADIUS, 802.1x, Dynamic VLAN, Web
Authentication and Client Association (if your version has it), with the PS3 MAC
address in the bottom box.
Have the user turn off their PS3. Clear any session info seen on Monitor/Wireless
Clients. Determine which AP they are near and will be connecting to (from Monitor/
Access Points page).
Start the PS3, go thru login procedure and note the msgs reported back to the
user during the login process.
Save Debug Info, from Administer/Diagnostics, and the Support Info from the
AP the client tried to connect to.
Open a ticket with Tech Support and provide your ZD debug, AP support info,
and the PS3 client Mac address. We'll have to analyze logs to determine if
the 802.1x authentication did or didn't complete from the ZD side. Look too,
on the Win server's Event Viewer, for this client authentication attempt, to add
another data point towards understanding.