Ruckus Virtual SmartZone Captive Portal Integration

Aug 3, 2015


This doc is outdated. Please view our new documents here:
docs.ct-networks.io


Getting the CT WiFi Dashboard working with your Ruckus Virtual SmartZone

The Ruckus Virtual SmartZone is a really fantastic piece of kit. This walk-through demonstrates how to integrate it with our splash pages, view your Ruckus wireless clients and, even view the status of your Ruckus APs!


Things you need:

  • Publicly available Ruckus VSZ (trial ok)
  • Compatible Ruckus AP
  • CT WiFi account

PLEASE DO NOT

Please don’t use the built-in radius test tool in your VSZ. This sends a partial request to our servers. After doing so, CT will block access for security reasons.

The only way to fix this is to contact us.

Lets go….

Open Your Firewall Ports

You must have a public facing VSZ with the following ports open:

  • 9080, 9443 & 7443 for the VSZ integration
  • 8090, 8099, 8100, 8111, 9997, 9998 to ensure the splash pages work

Add your Access Points to your CT WiFi dashboard.

You'll need to add each one. Once you've done this, you will need to make a note of some credentials which are needed when your set up your VSZ.

Make sure you create a splash page too. And, if you're setting up zones, please ensure the boxes are all added to the correct zone. There's documentation about doing this in the green sidebar within your dash.

Get your Nas ID

Firstly change the box type to Ruckus on the settings page. Click the advanced settings link to reveal your unique NasID. This is unique to your account. You must use the same NAS id for all your locations.

Radius secret

Click Radius Settings on the home page for your box.

Next, get your Ruckus VSZ setup.

Login to your VSZ and create a zone if you don't have one. You don't have to create a new one.

Accounting and Authentication Radius Servers

Configuration > Service and Profiles > Authentication

Create a new server and fill in the following fields. You will need the information you just found in Cucumber.

  • IP Address: 146.148.7.43
  • Port: 1812
  • Secret: enter your secret

Next create your accounting server with the same details as above but replace the port with 1813.

Create a Hotspot

Configuration > AP Zones > Your Zone > Hotspot WISPr > Create New

You can either use our default url app.my-wifi.co or you can use your own brand. For example, if your brand name is Tony Time, the url will be tony-time.my-wifi.co. You can find this in your branding settings within your CT WiFi dashboard.

Ensure you Redirected Mac Format is as so: ``` aa-bb-cc-dd-ee-ff ```

Before you save, you need to add some walled gardens. Enter the following.

You can find the most up to date list of Walled Gardens here.

Update your WLAN

Click WLAN in the left-hand menu. Create a new WLAN or edit an existing one.

  • Authentication: Hotspot WISPr
  • NAS ID: Enter the one from your CT WiFi dashboard.
  • Enter the accounting and authentication servers you created just now. You must select "Use the controller as a proxy"

Northbound API

You need to change the password for your northbound API.

``` Click Configuration > System > Northbound Portal Interface. Enter your password. ```

Create an Admin Account

We'll use this to communicate with your Ruckus VSZ and provide a list of online wireless clients and the status of your access points. You can use your normal credentials however we recommend creating a second role, just for the API access.

``` Click configuration > Administrators. Click create a new Admin account and fill in your details. ```

Next, you should create a new role for the user. We'd recommend the following as a minimum.

Assign the user to a role. Click on Configuration > Management Domains. Then click the Add Account and Assign Role button. You will need to choose the user you just created and assign to the role for the API.

Add your credentials to your CT WiFi dashboard

Go back to your CT dashboard. In your Location settings, scroll down until you see the Ruckus VSZ section.

Enter your VSH public IP or hostname and also your Northbound API password. You should also add your admin user and password. After you click save, we'll run a test on your server.

Please ensure you use https for security reasons.

Your VSZ must be accessible from the internet. Please do not enter a port number. If all went well, you will see a confirmation message on the page.

Create a splash page for your Ruckus Gateway

Still in your CT dashboard, click on Splash Pages and then hit create new. Fill in a few details, choose from a number of access types including Social logins, click through and email capture.

Test Your Splash Pages

Connect to your Ruckus Wi-Fi network and navigate to a website. Watch out for https sites - sometimes they don't redirect correctly.

Verify you can see your clients and access points

Now you've added your API credentials, you can check the status of your access points and clients.

To view your clients, click on Clients in the left-hand menu. Your Ruckus clients are identified by the Dog Icon on the right hand side. You can see all your different clients online in the same place!

Your boxes will appear in your Boxes list and you can see their current status, IP information and more.

ALL DONE

That's all you need to do! We hope you enjoyed the tutorial. If you need some help, please get in touch! You can chat to us using the support widget within your Dashboard.

## Troubleshooting & Questions ### Why captive portal redirection is not working in vSCG? The wireless clients were able to get an IP address, however they are not able to get the redirection page when they open the web browser. Solution: Add the ports required at the top of this document have been added to your firewall. For more information, visit the Ruckus support pages here.

Green Screen

If you are seeing a green screen when you login, usually the messages will help you find the problem.

Cannot Connect to VSZ Server

Why?! This is because our servers are unable to connect to your Ruckus server. And this is usually a firewall issue.

  • Confirm the host in your settings is correct.
  • Confirm you have added 9443, 7443, 8090, 8099, 8100, 8111, 9080, 9997 & 9998 to your firewall

If you’re sure these are ok, open a terminal and try and telnet to your host:

telnet your-host 9443
telnet your-host 9080

The response should look like this:

Trying 23.21.142.138...
Connected to my.fab.host.
Escape character is '^]'.

If it doesn’t, your ports are not open.

We insist you use SSL but it’s a good test to telnet to 9080.

Failed to Communicate With VSZ 5 Times

If you’re seeing this, it means we’ve tried 5 times to access your VSZ and failed. You should follow the steps above to fixed this issue.

The only way to reset this error is to change the host in your location settings within your CT dashboard.

Can’t login - In a Loop

You can see the login page but when you login, it sends you back to the login page. Here’s what you can do:

  • • Swap the access type to clickthrough to rule out password issues
  • • Ensure your radius secrets match the ones in your VSZ radius settings
  • • Ensure your Nas-Id from your CT Wi-Fi account matches the one in your VSZ

If none of these worked, login to your CT Wi-Fi dashboard and head over to the splash page in question.

At the top of the top, it should show your VSZ host. If you cannot see this, go back to your location settings and re-save the VSZ settings. That should resync the settings.

What IPs does CT traffic come from?

Traffic comes from a number of servers and the IPs rotate frequently. We therefore recommend allowing access to the ports from all IPs.

Problems connecting your APs to your VSZ.

This is the biggest issue customers have right now. To get your APs connected, follow these steps:

Reset your AP.

Stick a pin in the back of the device and wait for 10 seconds.

SSH to your AP

ssh super@ip-of-the-device

Enter super and sp-admin as the default passwords.

Change your VSZ Host

Type this on the command line after you’ve logged in.

set scg ip ip-of-your-vsz

Hit return and confirm the changes were made with:

get scg

Move your AP from staging to production

When you login to your VSZ, you’ll probably notice the AP is in the staging list. All you need to do is move it to your production zone.

Is this compatible with CloudRuckus?

You bet. The CT dashboard works with any Smart Zone Gateway. Just enter your details as described above.



Sign-up for a CT WiFi dashboard. It's free for unlimited access points!

Join