Are you using the captive portal capabilities of Ruckus? Otherwise, you can use the "classic" radius based mac-authentication on smart-zone and have either the APs or SZ send radius access requests to PF. On the raidus response, customers will be assigned the portal vlan and the portal is presented in PF. Once the user auth's ... then PF sends a disconnect via API to smartzone (using the northbound API credentials) and the user is moved to the correct vlan (via a disconnect message since there is no COA support on the ruckus API). Otherwise, if using the SZ as radius proxy, you can do it all following the "legacy/ZoneDirector" model even when using a SZ.
On Wed, Dec 19, 2018 at 11:46 PM Durand fabrice via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello Eric, > > as i remember with Ruckus web auth you need to have the management ip be > able to reach the device. > > Let's say when you want to go on www.cnn.com the ruckus reply to the syn > of the client with the source ip 151.101.209.67 (cnn) and create a 302 to > redirect the device. > > What you can try is to put the vlan associated to the ssid in the same > vlan than the management interface of the ruckus and make a try. > > If it works then you probably need to be able to have a interface of the > ruckus on the vlan where the device is and "enable" the mechanism to make > the redirection (ruckus config) or to find a way to make the communication > between the mgmt interface and the device (acl). > > I did that a long time ago and it something similar to that > https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/117278-troubleshoot-ise-00.html > > Regards > > Fabrice > > > > Le 18-12-18 à 19 h 26, Eric Rolleman via PacketFence-users a écrit : > > I had a dns-enforcement interface on the VLAN that the captive portal is > supposed to operate on. I think the captive portal brought up was a result > of the dns-enforcement rather than Ruckus performing redirection. I changed > the interface to just portal and find that no captive portal appears. It > seems that Ruckus is not performing the captive portal redirection. I have > a support case open with Ruckus, so I’ll see where that goes. > > > > I presume that the PacketFence to Ruckus communication to authorize the > client will only happen if Ruckus does the redirecting to the captive > portal rather than PacketFence’s dns-enforcement. > > > > *From:* Eric Rolleman > *Sent:* Tuesday, December 18, 2018 2:52 PM > *To:* 'packetfence-users@lists.sourceforge.net' > <packetfence-users@lists.sourceforge.net> > <packetfence-users@lists.sourceforge.net> > *Subject:* RE: [PacketFence-users] Captive Portal authorization Ruckus > Interface logging > > > > I started tcpdump on packetfence to filter for traffic to my Ruckus > controller. tcpdump didn’t catch any traffic between PacketFence and the > Ruckus Controller. There was no signal from PacketFence to Ruckus to > indicate that the computer is authorized. PacketFence didn’t even try to > communicate. > > > > Is the hotspot feature of PacketFence broken in in 8.1? > > > > *From:* Caique Araujo via PacketFence-users > <packetfence-users@lists.sourceforge.net> > <packetfence-users@lists.sourceforge.net> > *Sent:* Tuesday, December 18, 2018 4:20 AM > *To:* packetfence-users@lists.sourceforge.net > *Cc:* Caique Araujo <caiquearauj...@gmail.com> <caiquearauj...@gmail.com> > *Subject:* Re: [PacketFence-users] Captive Portal authorization Ruckus > Interface logging > > > > Friend, I have this same problem ... If I can identify I help you, if you > can, could you help me too? > > > > Em ter, 18 de dez de 2018 às 00:20, Eric Rolleman via PacketFence-users < > packetfence-users@lists.sourceforge.net> escreveu: > > I followed the directions here: > https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ruckus_smartzone > > > > It seems the instructions are missing something as I can’t get this to > work. If I type in the address manually after connecting to the wireless > network I get the following message (: > > > > The instructions tell me to type in a URL that is not supported… > > > > *From:* Eric Rolleman via PacketFence-users < > packetfence-users@lists.sourceforge.net> > *Sent:* Wednesday, December 12, 2018 5:07 PM > *To:* packetfence-users@lists.sourceforge.net > *Cc:* Eric Rolleman <eric.rolle...@cmsd.bc.ca> > *Subject:* [PacketFence-users] Captive Portal authorization Ruckus > Interface logging > > > > Is there a log anywhere that I can look at to find out why clients aren’t > getting authorized? I found the following dir: “ /usr/local/pf/logs “, but > none of the logs appear to contain any data on why the my Ruckus Controller > isn’t authorizing the client. Or if my configuration for the Web Services > communication is correct. > > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > -- > > Atenciosamente, > > Caique Araujo > > > _______________________________________________ > PacketFence-users mailing > listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
