Describes how to configure your Commscope Ruckus SmartZone 5.x environment to enable Cloudi-Fi's captive portal.
You will require Commscope Ruckus vSZ Controller v5.x to continue. There is separate documentation for v6.x
Integration tested on a vSZ controller 5.2.1.0.515
1. Get Cloudi-Fi required URL and RADIUS secret
You can go to your Cloudi-Fi administration interface and get the URL for external authentication.
Go to Locations Menu
Click on the menu button of the location and select "Copy Splash page URI"
-
Copy the URI
-
Change the URI just like this :
Then Go to Settings :
-
Copy your Cloudi-Fi Company Key
Go to the chat interface and ask for your Radius secret
-
Copy the secret as well
,
2. Create Hotspot WISPr Service
Go to Services & Profiles Hotspots & Portals Hotspot (WISPr) Create
-
Portal Name: Cloudi-FI Captive Portal
-
Logon URL: External
-
Redirect unauthenticated user, Primary:
-
Start Page: Redirect to the following URL: https://login.cloudi-fi.net/success.php
-
HTTPS Redirect: ON
-
Session Timeout: Same value as Cloudi-Fi Session lifetime
-
Grace Period: Same value as Cloudi-Fi Session Lifetime
-
Walled Garden: Add only the below URL (Additional URL may be added in case of Social Media connector on your captive portal)
*.cloudi-fi.net
*.cloudi-fi.com-
Save
3. Create an Authentication Service
Go to Services & Profiles Authentication Proxy (SZ Authenticator)
-
Name: Cloudi-FI Radius
-
Service Protocol: Radius
-
IP Address, Port, and Secret will be provided by the Cloudi-FI Support team
-
Save
4. Create the Guest WLAN
Go to Wireless LANs. Select the correct Zone/WirelessGroup Create
-
Name: Your Guest SSID Name
-
SSID: Your Guest SSID Name
-
Authentication Type: Hotspot (WISPr)
-
Method: Open
-
Encryption Options: None
-
Hotspot WISPr Portal: Cloudi-Fi Captive Portal
-
Bypass CNA: OFF
-
Authentication Service: Use the controller as a proxy and Select Cloudi-FI Radius
-
Radius Option NAS-ID: Select Custom:
-
Called Station ID: AP MAC
5. Disable MAC-Address Encryption
By default, the Ruckus vSZ controller will encrypt the device's mac-address.
Cloudi-Fi needs to see the actual mac-address of the client's device.
To disable this feature, connect in CLI to your vSZ controller and run the following command in config mode :
no encrypt-mac-ipSave the configuration.
6. Configure the Northbound Interface (NBI) credentials
To allow Cloudi-Fi to communicate with your vSZ controller, we use the NBI.
It prevents redirection issues (Security Warning due to HTTP Redirection or Certificate warning with HTTPS redirection).
Go to System General Settings WISPr Northbound Interface
-
Enable Northbound Portal Interface Support: ON
-
Then configure your Username and password
7. Provide NBI credentials to Cloudi-Fi
Go to Cloudi-Fi Admin interface Settings Integrations Commscope Ruckus SmartZone.
And fill out the username and password fields.
7. (Optional) - Install an SSL certificate
Before starting, why should you use a certificate? TLS/SSL certificates secure internet connections by encrypting your data. They ensure data is transmitted privately, without modification, loss, or theft. By adding a certificate, you will provide a safer internet experience for your users.
Moreover, some browsers might block authentication on HTTP pages. Using a certificate will permit access to HTTPS pages, and your users can authenticate, improving the user's experience.
You can go to System Certificates SZ as a Server Certificate and then import a new Certificate.
Give it a name and import the following :
-
Server Certificate
-
All the Intermediate CA Certificate
-
Private Key
Click on Validate. You should have PASS on every line, and click OK to save
Go to System Certificates Certificate as Service Mapping
Apply the imported certificate to Hotspot (WISPr), then click OK to save
Necessary: This will reboot the controller, so make the changes during non-working hours.