Ethernet 802.1X configuration – Ruckus

In this topic, you will learn how to configure Ruckus switches to work together with Portnox™ Cloud and 802.1X RADIUS authentication for Ethernet connections.

Warning: This topic contains documentation prepared by our support agents more than 12 months ago. It may not cover the newest models or the newest interfaces of NAS devices. We’re working on bringing you updated documentation for NAS devices in the near future. However, the methods of setting up third-party devices may still change when the manufacturers update their firmware or release new models. Therefore, to get the most accurate and current configuration guidance, we strongly recommend that you refer to the documentation provided by the manufacturer. If you need help setting up newer equipment that does not match the description in this topic, contact us at support@portnox.com.
Important: All values in this configuration are examples. Make sure to adjust the configuration to your individual profile names, RADIUS server addresses, ports, and keys by replacing the values that are presented as underlined italics.

Ruckus ICX (Fastiron)

This is a general configuration template for Ruckus ICX (Fastiron) switches including the ICX 7000 series.

  1. Add the Portnox Cloud RADIUS servers to the configuration. 
    aaa authentication dot1x default radius
    radius-server host 20.119.69.248 auth-port 10322 
                            acct-port 10323 default key rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1 dot1x
    radius-server host 52.232.122.157 auth-port 10476 
                            acct-port 10477 default key fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt dot1x
  2. Configure the authentication and restricted VLANs. 
    vlan 2 name auth-default-vlan
    vlan 20 name restricted-vlan
  3. Configure the authentication process. 
    authentication
      auth-default-vlan 2
      restricted-vlan 20
      auth-fail-action restricted-vlan
      dot1x enable
      dot1x enable ethernet 1/1/11
  4. Configure MAC-based authentication if needed. 
    mac-authentication enable
    mac-authentication enable ethernet 1/1/11
  5. Configure the port to authenticate users. 
    interface ethernet 1/1/11
      dot1x port-control auto
  6. Configure the critical VLAN.
    Note: If, for any reason, your NAS device is temporarily unable to connect to Portnox Cloud RADIUS servers, the client device attempting 802.1X authentication is assigned to this VLAN. This lets your network administrators maintain client connectivity to certain resources without compromising security in circumstances such as an Internet connection failure.
    Note: This function may be supported only on some switches. Consult Ruckus documentation on commands critical-vlan and authentication timeout-action for more information about their availability for your specific switch model and FastIron version.
    authentication
      critical-vlan 10
    interface ethernet 1/1/11
      authentication timeout-action critical-vlan