Guest access – Ruckus ZoneDirector

In this topic, you will learn how to configure Ruckus ZoneDirector to work together with the Portnox™ Cloud captive portal for guest user authentication.

Before you begin configuring your access point, you must configure the guest network in Portnox Cloud and note down the values of the fields: IP (for walled garden), Captive Portal URL, and Shared secret.

Important:
To run a captive portal in Ruckus ZoneDirector, you must install Portnox LDAP Broker on a physical or virtual Windows machine that is in the same subnet as your controller. AD Broker is necessary for this setup because it serves as the channel of communication between Portnox Cloud and the ZoneDirector API.
Important:
This guide gives general instructions for integrating Portnox Cloud with specific third-party devices. We try to provide useful examples for common models, but settings can differ between manufacturers, models, and environments. Because of this, we cannot guarantee these steps will work in every case. For questions or problems with RADIUS setup – which is an industry standard and not specific to Portnox – or with device-specific settings and troubleshooting, we recommend checking the device manufacturer’s documentation and contacting their support team. Portnox Support can help when possible, but detailed setup of third-party devices is usually best handled by the manufacturer. We also recommend updating your NAS device firmware to the latest version, as old firmware can cause issues.
Important:
All values in this configuration are examples. Make sure to adjust the configuration to your individual profile names, RADIUS server addresses, ports, and keys by replacing the values that are presented as underlined italics.

This configuration was tested on Ruckus ZoneDirector ZD1200.

  1. In the ZoneDirector web interface, in the left-hand side menu, select the Services & Profiles > AAA Servers option.

  2. In the Authentication/Accounting Servers pane, click on the Create button.

  3. In the Create New pane:

    1. Specify a Name for the RADIUS authentication server.
    2. In the Type field, select the RADIUS option.
    3. In the Auth Method field, select the PAP option.
    4. In the Request Timeout field, enter 20.
    5. In the IP Address, Port, Shared Secret and Confirm Secret fields, enter the details of the Portnox Cloud RADIUS server that you created earlier: Cloud RADIUS IP, Authentication port, and Shared Secret respectively.
    6. Click on the OK button to save your settings.
  4. In the Authentication/Accounting Servers pane, click on the Create button again.

  5. In the Create New pane:

    1. Specify a Name for the RADIUS accounting server.
    2. In the Type field, select the RADIUS Accounting option.
    3. In the Request Timeout field, enter 20.
    4. In the IP Address, Port, Shared Secret and Confirm Secret fields, enter the details of the Portnox Cloud RADIUS server that you created earlier: Cloud RADIUS IP, Accounting port, and Shared Secret respectively.
    5. Click on the OK button to save your settings.
  6. Optional: Repeat the steps above for the other Portnox Cloud RADIUS server, if needed.
  7. In the left-hand side menu, select the Services & Profiles > Hotspot Services option.

  8. In the Hotspot Services pane, click on the Create button.

  9. In the Create New pane, in the General tab:

    1. Specify a Name for the hotspot service.
    2. In the Login Page field, enter the Captive Portal URL that you obtained when you configured the guest network in Portnox Cloud.
    3. In the Start Page field, select the redirect to the following URL option, and enter a URL that you want the user to see after they authenticated, for example, your company homepage.
  10. In the Authentication tab, in the Authentication Server and Accounting Server fields, select the configurations that you created earlier for the authentication server and the accounting server.

  11. In the Walled Garden tab:

    1. Click on the Create New button and create a walled garden entry with the first IP address from the IP (for walled garden) field that you obtained when you configured the guest network in Portnox Cloud.
    2. Repeat the step above with the second IP address from the IP (for walled garden) field.
    3. Click on the OK button to save your settings.
  12. In the left-hand side menu, select the Wireless LANs option.

  13. In the Wireless LANs pane, click on the Create button.

  14. In the Create WLAN pane:

    1. Enter the Name for this WLAN configuration.
    2. Enter the guest network ESSID.
    3. In the WLAN Usages > Type field, select the Hotspot Service (WISPr) option.
    4. In the WLAN Usages > Hotspot Services field, select the hotspot service that you created earlier.
    5. In the Authentication > Method field, select the Open option.
    6. In the Encryption > Method field, select the None option.
    7. Click on the OK button to save your settings.
  15. In the left-hand side menu, select the System > System Setting option.

  16. Scroll down the System Setting pane, expand the Network Management section on the bottom, and in the Northbound Portal Interface section, activate the Enable northbound portal interface support checkbox, and in the Password field, paste the Shared secret that you obtained when you configured the guest network in Portnox Cloud. Then, click on the Apply button to apply your changes.
    Note:
    Do not confuse the captive portal’s shared secret with the RADIUS server’s shared secret. These are two different values.