This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ruckus Radius and Smoothwall

simon_smith_661
New Contributor II

‎12-16-2014 08:32 AM

Hi,

I am a little confused with how to set this up. I have a Smoothwall box doing filtering and dishing out DHCP leases on VLAN 30. I have setup a VLAN SSID on 30 which works fine. Now I want to use Radius before they get on the WIFI.

My main IP range is 192.168.100.*
My VLAN 30 is 192.168.30.*
My Controller is 192.168.100.180 and has the VLAN 30 set on its port
The AP which the PC attaches to has the VLAN 30 set

When I try and connect I get a 'additional logon is required message' on my Windows laptop but it does not redirect to the logon page. If it disconnect and reconnect I don't even get the logon message. A tablet didn't even come up with that message.

I am confused.

Do I need intervlan routing setup? Be easier if the controller would have addition IPs allowed.
2 REPLIES 2

michael_brado
Esteemed Contributor II

‎12-16-2014 04:39 PM

Think of the ZoneDirector as a WLAN management appliance hanging off your
network. We do assume that you have routing/switching in place for VLANs and
a DHCP server servicing each. Your WLANs that specify a VLAN, will tag the
authenticated clients packet with that VLAN-ID, so from the AP directly or the
ZD (if tunneling your WLAN), the client DHCP discovers should be seen and
answered by the DHCP server on VLAN 30.

If you take off the 802.1x/RADIUS authentication, using just Open Auth for a test,
do clients connect right away, and get a VLAN 30 subnet IP address ok? If yes,
that is a good start.

Which type of EAP you employ for 802.1x/RADIUS will determine what your client
needs, either a certificate (EAP-TLS), or username/password (EAP-PEAP, with or
without a client side cert). It sounds like you wish to use PEAP. A Windows PC
should pop-up a login balloon, requesting username/password. You ought to be
able to configure the Properties of your wireless Profile, to get this first-time login
prompt. Say not to use PC credentials.

Due to 802.1x complexity, please open a ticket with tech support if you need
further troubleshooting assistance.
0 Kudos

simon_smith_661
New Contributor II

‎12-17-2014 12:39 AM

I am using 2 DHCP servers, one for each VLAN so the tagging is a bit complicated.
0 Kudos
Copyright © 2023 Khoros, LLC