Ruckus ZoneDirector WLC Configuration

The following steps give configuration of Ruckus ZoneDirector WLC:

  1. Configure IPS as Radius Sever.
  2. Select Configuration > AP Zone > Zone Name > AAA servers > Create New.
  3. Enter Name, select “Type” as “Radius”, IP Address, Shared Secret and Confirm Secret.

To configure Hotspot (WISPr) service:

  1. Select Configuration > AP Zone > Zone Name > Hotspot Services>Create New.
  2. Configure Name, Login page text box with https://IPS-ip/guest.
  3. Select authentication server configured in AAA servers.

To configure WLAN:

  1. Go to Configuration > AP Zone > Zone Name >WLAN > Create New.
  2. Enter the Name, SSID, Authentication type as “Hotspot (WIPSr)“, Authentication method as “Open” and Encryption as “None”.
  3. Select Hotspot services as “Guest PS” from drop down list.
  4. Click OK to save changes to the settings.

Verifying Device Certificates

Ruckus device certificate validation enhances the security between IPS and the Ruckus device for guest access. It allows IPS to verify whether the server certificate is from a trusted source. This topic describes how to configure the IPS for validating device certificates, create certificates on Ruckus, and check the validity of the certificate.

Step1: Creating a Server Certificate

To create a CSR:

  1. From Certificate Server generate a Server Certificate with private key and import the certificate on Ruckus SmartZone.
  2. To import the certificate on Ruckus, select Configuration > System > Certificate Store > Import.

Step2: Importing the Certificate on IPS

To import the certificate on IPS:

  1. Obtain the root CA from the certificate server for the generated certificate.
  2. Select System > Configuration > Certificates > Trusted Server CAs > Import Trusted Server CA and import the certificate.

Step3: Adding Ruckus Wireless device as RADIUS Client

To add Ruckus wireless device to IPS:

  1. Select Endpoint policy > Network Access > RADIUS Client > New RADIUS Client.
  2. Select Ruckus Wireless as a Radius client and enable Ruckus Server Certificate Validation.
  3. (Optional) From client machine, perform a guest authentication, if the guest user is able to authenticate then the certificate is valid. Otherwise it is an invalid certificate or certificate is not available.
  4. (Optional) Verify the event logs to check if there are any certificate invalid logs.