This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ZeroIT redirect and Smart Redundancy

rob_coote
New Contributor III

‎01-08-2014 07:50 AM

In the Hotspot settings a redirect URL is set for unauthenticated clients to be sent for authentication. For us, this is the hostname of our primary ZD3000.

If Smart Redundancy is triggered however, and all AP's and clients fail over to the secondary ZD - with a different IP and hostname - the redirect fails (obviously).

Is there a way to ensure ZeroIT will still function properly if the primary ZD has failed?
17 REPLIES 17

albert_pierson
RUCKUS Team Member

‎01-15-2014 06:19 AM

Using the management (shared) IP for other than accessing the ZD management WEBB UI can be problematic. It works but was originally not designed for use other than convenience of having a single IP that always redirects to the Active ZD.

The correct solution is to use the sip variable that is sent in the URL enhancement when the ZD redirects the user to the Hotspot login page. The sip variable will always have the device IP of the Active ZD.

in the Post commands of the WEB server login page you use this sip variable to post the credentials to the correct IP.

Here is a snipit from a sample Java script post command:

');

ed_hynds
New Contributor II

‎01-15-2014 06:41 AM

Hi Albert,

It looks like the Javascript didn't post correctly, could you try again (perhaps via a screenshot)? Also where / how would I use this sip variable?

Thanks for your response.

Ed
0 Kudos

albert_pierson
RUCKUS Team Member

‎01-15-2014 07:03 AM

The ZD will enrich the URL with several variables (last url, sip, uip)

The Login page coding can extract the sip variable and use it as the destination in the Post command.

The sample page can be downloaded:
http://ftp.ruckuswireless.com/downloa....

Also, if the client is connected with a NAT between the AP and the ZD then the ZD also needs to know the clients actual IP address. This is the uip variable. A sample page using this varialbe can be downloaded:

http://ftp.ruckuswireless.com/downloa...

The application note describing Hotspot configuration can be found:

http://www.ruckuswireless.com/library...

Enabling WISPr (Hotspot Services) in the ZoneDirector PDF

ed_hynds
New Contributor II

‎01-15-2014 07:59 AM

Hi Albert,

Reading those application notes has been very helpful.

It is a shame that the devices can't handle this themselves, for the smaller deployments having a separate web server for the login page just adds another point of complexity and weakness.

Thanks again,

Ed
0 Kudos

albert_pierson
RUCKUS Team Member

‎01-15-2014 08:11 AM

Ruckus Zone Director does have a built in captive portal login page. You can add WEB Authentication to a Standard type WLAN. Users will get redirected to a secure (https) simple login page served by the ZD and can authenticate to a local data base or an external AAA (RADIUS, Active Directory, LDAP). This page is not configurable.

Since this page is sent with SSL security users will receive a security alert if you have not uploaded a digital certificate signed by a well known Certificate Authority into the Zone Director..
Copyright © 2024 Khoros, LLC