Step-by-step instructions to set up a Radius-based captive portal with Ruckus SmartZone controller v6.x and Cloudi-Fi for user authentication.
You will require Commscope Ruckus vSZ Controller v6.x to continue.
There is separate documentation for v5.x
Integration tested on a vSZ controller 6.0.0.0.1331 & 6.1.1.0.959
Table of contents
Step 1: Get the Cloudi-Fi required URL
Step 2: Get Radius information
Step 3: Create Hotspot WISPr Service
Step 4: Create Authentication Services
Step 6: Disable MAC-Address Encryption
Step 7: Configure the Northbound Interface (NBI) credentials
Step 8: Provide NBI credentials to Cloudi-Fi
Prerequisites:
Before starting, ensure that you have the following prerequisites:
- CommScope Ruckus Access points connected to Ruckus Virtual SmartZone controller.
- Access to the Ruckus Virtual SmartZone controller.
- Access to Cloudi-Fi’s admin console
- Cloudi-Fi Radius IPs and Secret
- Knowledge of your network’s IP addressing scheme.
- Firewall ports allowed:
- For WISPr: TCP 8090, 8099, 8100, 8111, 9997, 9998
- For Northbound API (NBI): TCP 9080, 9443
- RADIUS: UDP 1812, 1813
Step 1: Get the Cloudi-Fi required URL
Location URL: this URL will be used to configure an External Captive Portal
Go to Cloudi-Fi administration UI > Locations and create your location
- Location_name
- Type: select Redirect_URL
- Portal: Select Default
- Country
And Save.
Then, select your location, click the location's menu button (...) and select "Copy Splash page URI."
-
Transform the URI as shown in the following screenshot
Cloudi-fi
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/spsomething.com
Ruckus Virtual SmartZone
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/spruckusnbi.com
Step 2: Get Radius information
You will need the Radius information (Server IPs, Secret, Ports) to proceed with the setup.
- IP addresses of the Radius servers
- Ports: UDP 1812 (Authentication) & 1813 (Accounting)
You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information.
- What shared secret is used for the Radius server with Ruckus Virtual SmartZone? (Please save this confidential information securely, and do not share it publicly.)
Then go to Configuration > Company Account :
-
Copy your Cloudi-Fi public key
Step 3: Create Hotspot WISPr Service
- Navigate to Services Hotspots & Portals Hotspot (WISPr).
- Create a new object.
- Configure as follows
-
Portal Name: Cloudi-Fi Captive Portal
-
Smart Client Support: None
-
Login URL: External
-
Redirect unauthenticated user, Primary:
-
Start Page, Redirect to the following URL: https://login.cloudi-fi.net/success.php
-
HTTPS Redirect: ON
-
Session Timeout: Same value as Cloudi-Fi Session lifetime
-
Grace Period: Same value as Cloudi-Fi Session Lifetime
-
Walled Garden: Add the URLs below (Additional URLs may be added in case of Social Media connector on your captive portal)
-
*.cloudi-fi.net
*.cloudi-fi.com
Step 4: Create Authentication Services
- Navigate to Security Authentication Proxy (SZ Authenticator)
- Create a new object.
- Configure as follows.
-
Name: Cloudi-FI Radius
-
Service Protocol: Radius
-
IP Address, Port and Secret will be provided by the Cloudi-FI Support team
-
Step 5: Create the Guest WLAN
- Navigate to Network Wireless Wireless LANs.
- Select the Zone/WirelessGroup
- Create a new object
- Configure as follows
-
Name: Your Guest SSID’s Name
-
SSID: Your Guest SSID’s Name
-
Authentication Type: Hotspot (WISPr)
-
Method: Open
-
Encryption options: None
-
Hotspot (WISPr) portal: Cloudi-Fi Captive Portal
-
Bypass CNA: OFF
-
Authentication service: Use the controller as a proxy and select Cloudi-Fi Radius
-
NAS ID: User-defined
-
Called Station ID: AP MAC
- NAS IP: SZ Control IP
-
Step 6: Disable MAC-Address Encryption
By default, the Ruckus vSZ controller will encrypt the device's mac-address.
Cloudi-Fi needs to see the actual mac-address of the client’s device.
To disable this feature, connect in CLI to your vSZ controller and run the following command in config mode :
no encrypt-mac-ip
Step 7: Configure the Northbound Interface (NBI) credentials
To allow Cloudi-Fi to communicate with your vSZ controller, we use the NBI.
Navigate to Administration, External Services, WISPr Northbound Interface
-
Enable Northbound Portal Interface Support: ON
-
Then, you can configure your Username and password.
Step 8: Provide NBI credentials to Cloudi-Fi
Navigate to Cloudi-Fi Administration interface Configuration > Integrations > Commscope Ruckus SmartZone.
Fill out the username and password fields.