Configuring Ruckus ZoneDirector for Wireless Guest Access

I recently converted my standalone Ruckus AP to controller based mode. The specific model of controller I am using is the ZoneDirector 1100 running software version 9.4. I wanted to expand the capabilities of my wireless network and allow temporary Wireless Guest access. The process was quite intuitive and I found the ZoneDirector interface easy to navigate. This article will walk through the process I used for configuring a Wireless Guest network using the Ruckus ZoneDirector.

ZoneDirector Interface
Ruckus Menus

The ZoneDirector interface is fairly simple and intuitive. After connecting to the web interface, an administrator will find four primary tabs across the top of the page. Most of this article will focus subcomponents of the Configuration tab. After choosing this tab, a vertical menu appears on the left side of the page. The features that are used in this article are found within the WLANs, Users and Guest Access tabs.

Configuring Guest Access

The Guest Access option on the vertical menu provides access to the parameters that will control the behavior seen right after a guest connects to the wireless network. The first option I chose forces users of the guest network to authenticate. As shown below, I have also enabled a feature that allows the creation of “shared” credentials and checked the option to display a legal disclaimer.

Guest Access

All other parameters on this page were left to their default settings. I do want to mention the restricted subnet section allows for traffic filters to be configured. By default, communications to all private addresses is filtered.

Restricted Subnets

Configuring the Guest WLAN

After configuring the appropriate Guest Access parameters, the next step involved creating a WLAN (which is bound to an SSID) to enable as a “Guest” network. The one I created is called PGUEST. This was done by clicking WLAN and Create New. Then I simply filled out the applicable information. Under Type, I changed the radio button to Guest Access. I left Wireless Client Isolation set to Full to provide protection between wireless clients.

PGUEST

Worth noting, I left Authentication set to open and Encryption Method set to None. This does not provide any encryption to your guest users. If you have regard for the privacy of your guest users, this should be rectified by choosing a current authentication and encryption method. While this will increase the difficulty of the connection process for the users, it will further secure the wireless environment.

Create User Account for Creating Access Tokens

At this point, the only thing left is to generate some guest password tokens and test the process. A prerequisite to this is creating a local user account that will be used to request access tokens for the Guests. The default administrative account doesn’t seem to have that ability. These local user accounts are not required for the guests. I created the an account by choosing Users from the horizontal menu, then clicking Create New.

Creating Guest Passwords

Using the newly created user account, guest passwords can be generated by pointing a browser toward the following url.

https://192.168.1.4/guestpass  (where 192.168.1.4 is the ZoneDirector IP Address)


Guest Inrormation

After authenticating with the local user account, a web form will be presented. I created a token for a fictitious user. If more than one guest network is configured, it is important confirm that the correct one is shown. After clicking Next, the interface presents the option to view and print the instructions  and password for the guest users.

Testing Guest Network

Ruckus PW

To test, I simply connected to the PGUEST SSID. The first access to a website was properly intercepted and redirected. The redirected page prompted for the Guest Password. After entering the provided password, I was presented with the terms of use. Accepting the terms allowed me to access the Internet but restricted access to all other internal IP addresses.

Conclusion

This article has demonstrated the process of allowing controlled guest access in a Ruckus Wireless environment. This method provides administrators of any size network a starting point to solving the associated challenges. While there are additional methods that can be employed for traffic segregation and authentication, Ruckus provides filtering tools to protect other Wireless users as well as the internal private address space. As with any solution, administrators should test and understand the guest wireless configuration prior enabling it on a production network.

Disclaimer: Ruckus was a sponsor for Networking Field Day 5. As a result, their sponsorship covered a portion of the cost of my travel and expenses associated with my attendance to this event. This article itself was written without any restrictions or requirement to do so. My opinions on this product are my own and are accurately reflected.

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in How-To. Bookmark the permalink.

17 Responses to Configuring Ruckus ZoneDirector for Wireless Guest Access

  1. Taleb says:

    Very good article

  2. Greek Latinos says:

    How to remove or edit guests accounts?

  3. Raghu says:

    how to disable the creation type : multiple Guest Creation portal of ruckus

  4. ogopotse says:

    I want to know which cable do I use to connect the controller to my laptop for configuring. Do I use a console cable or Ethernet cable.

    • This article was written with the assumption that you would have already bootstrapped the ZoneDirector. That process would require a console cable. Once it is bootstrapped, the UI shown is accessible using a browser over whatever IP network is available. The connection between the network and the ZoneDirector would be Ethernet. Your PC would just reach that over whatever underlying IP infrastructure is built.

  5. Randy says:

    I follow the instructions up to the creation of the local user and point the “https://192.168.1.4/guestpass” to the browser but kept coming back with “page cannot be display”

    • Ann says:

      Change the IP address field to match yours. If the IP address of your ZD is 192.168.0.2, then try “https://192.168.0.2/guestpass”.

  6. David Gonzalez says:

    Is it possible to not have the guest access page? I’d like users to be able to connect to the guest network and never see the Ruckus splash page.

  7. Chris C says:

    David – On the WLAN configuration you can just change the Type to Standard Usage instead of Guest Access. This will allow anyone direct access to the network.

  8. Ana Cristina says:

    When i generate a guest pass of 365 days, why the contoller keeps me asking about the voucher? how can i configure the option of remember the vouchers? Thank you

  9. akuoka says:

    hye there
    can we configure guess access without password
    just forward user to landing page and landing page will says “just free wifi from university xxx ”
    then user will click ok

    and one more i cant bypass your captcha, tried it 10 times already with my blog link

  10. Aidan says:

    Is there a limit on the number of concurrent clients connected via the guestpass?
    If allot of clients are connected together with guestpass it will hang-up

  11. okay i practise this on my company, but my guest have a problem need to key in this password every morning. how to set up to make they always connected?

Comments are closed.