I recently converted my standalone Ruckus Access Point to controller based mode. The specific model of controller I am using is the ZoneDirector 1100 running software version 9.5.1.0s I wanted to expand the capabilities of my wireless network and allow temporary Wireless Guest access. The process was quite intuitive and I found the ZoneDirector interface easy to navigate. This article will walk through the process I used for configuring a Wireless Guest network using the Ruckus ZoneDirector.
ZoneDirector Interface
The ZoneDirector interface is fairly simple. After connecting to the web interface need to login as administrator. Once login can see few tabs on top like Dashboard, Monitor, Configure, and Administrator. After choosing Configure tab, a vertical menu appears on the left side of the page. Most of the configuration found within the WLANs, Users and Guest Access tabs.
Configuring Guest Access
The Guest Access option on the left side vertical menu provides access to the parameters that will control the behavior seen right after a guest connects to the wireless network. The first option I chose forces users of the guest network to authenticate. As shown below, I have also enabled a feature that allows the creation of “shared” credentials and checked the option to display a legal disclaimer.
All other parameters on this page were left to their default settings. I do want to mention the restricted subnet section allows for traffic filters to be configured. By default, communications to all private addresses is filtered.
Configuring the Guest WLAN
After configuring the appropriate Guest Access parameters, the next step involved creating a WLAN (which is bound to an SSID) to enable as a “Guest” network. The one I created is called PGUEST. This was done by clicking WLAN and Create New. Then I simply filled out the applicable information. Under Type, I changed the radio button to Guest Access. I left Wireless Client Isolation set to Full to provide protection between wireless clients.
Worth noting, I left Authentication set to open and Encryption Method set to None. This does not provide any encryption to your guest users. If you have regard for the privacy of your guest users, this should be rectified by choosing a current authentication and encryption method. While this will increase the difficulty of the connection process for the users, it will further secure the wireless environment.
Create User Account for Creating Access Tokens
At this point, the only thing left is to generate some guest password tokens and test the process. A prerequisite to this is creating a local user account that will be used to request access tokens for the Guests. The default administrative account doesn’t seem to have that ability. These local user accounts are not required for the guests. I created the an account by choosing Users from the horizontal menu, then clickingCreate New.
Creating Guest Passwords
Using the newly created user account, guest passwords can be generated by pointing a browser toward the following url.
https://192.168.0.2/guestpass (where 192.168.0. is the ZoneDirector IP Address)
After authenticating with the local user account, a web form will be presented. I created a token for a fictitious user. If more than one guest network is configured, it is important confirm that the correct one is shown. After clicking Next, the interface presents the option to view and print the instructions and password for the guest users.
Testing Guest Network
To test, I simply connected to the PGUEST SSID. The first access to a website was properly intercepted and redirected. The redirected page prompted for the Guest Password. After entering the provided password, I was presented with the terms of use. Accepting the terms allowed me to access the Internet but restricted access to all other internal IP addresses.