cancel
Showing results for 
Search instead for 
Did you mean: 

Ruckus & Radius Server in Windows Server 2012

perdianto_halim
New Contributor II
Hi All,

I've plan to using Radius Server in Windows Server 2012.
I use 3 WLAN SSID that is :
- BOD (For BOD Access)
- Corporate (For the Employee using Notebook and access internal network)
- Guest (For Guest)

The Group Attribute are success to connect with roles+policies in Ruckus * Group Attribute in Windows Server 2012

- "Success! The user will be assigned a role of "Group Attribute AD-CBT". -
The Notebook Get the IP Address from DHCP Server , Gateway  and DNS IP
 
The Problem is :
When i connected with "Corporate" SSID, i still cannot ping server in internal network.
(Notes : I'm using Dynamic IP)

Please help for urgent condition, haha. thanks everbody

Perdianto
(Indonesia)
8 REPLIES 8

perdianto_halim
New Contributor II
Hi Hoang Tung

- IP Address, subnet, gateway , IP DNS have been broadcast to notebook (That's not problem)
- Check from ZD, Configure-AAA server (SS) - Not Problem and Success to connect with radius
Image_ images_messages_5f91c410135b77e24794440b_c7bfaaeee819e05b09aa22e36f1c023c_RackMultipart20150317151451fiq-4d7d88b6-6af1-48fc-b29f-0e1add3ca977-851925820.jpg1426573334
- WLAN Config 
Image_ images_messages_5f91c410135b77e24794440b_026ea01a800c5fba9949d6191cda852c_RackMultipart2015031722976mvwp-0e0abda7-728c-4a24-84da-f70b0ca32fba-1684397248.jpg1426573461
- When i try to ping to internal network, the Result is Request Time Out.
I still doesn't have a solution.

Many Thanks,
Perdianto

It's not make sense that you test success the RADIUS but can't ping the internal.
Do you have proxy or any firewall rule?
Because if you can get correct IP address, which mean VLAN works good. 
Can you ping to outside? try ping google.com and see how it goes.
I you can ping google, I think you should check with proxy or firewall.

Secondly, I can see in your screenshot about Access Control, at L2/MAC, you choose Wireless Device? What your purpose for that, and I think it might cause you the problem. I would choose No ACLs, and test again.

Give me  screenshots so we can track it.

eizens_putnins
Valued Contributor II

Hello,

It doesn't seem to be authentication -- as you are getting IP, it must be OK.

It seems that your VLAN tag is incorrect, when packets try to leave the AP, or communication is somehow disabled on VLAN side.

As far as I see on your pictures, all things on wireless side look correct.

To be 100% sure, I would check if in fact you have right VLAN communication on switch -- get another switch, configure on it trunk with proper VLANs, connect instead of AP, make aditional Access port in 58 Vlan, connect client there and check if everything works. If it works -- than you really have to proceed with traffic monitoring on AP, if not -- look for wired infrastructure (Access lists in switches may be the source of problem).

By the way, in what role your users are -- do they actually have Access to proper WLANs in the ZD?

Regards,

Eizens

munish_munish
Contributor
Hi Perdianto Halim,

I order to isolate . 
  1. Could you create an TEST open SSID without encryption for same corp VLAN and test ?
  2. Also Do a trace route from the client to the internal server IP. 
  3. Connect a laptop directly to the switch port in the same VLAN and see you can ping the internal network . 
Thanks 
Munish