Ruckus-Bradford Interop Setup



Similar documents
Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

VLANs. Application Note

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Installation Guides - Information required for connection to the Goldfields Institute s (GIT) Wireless Network

Controller Management

Seamless and Secure Access (SSA) Manual Configuration Guide for Windows 7

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Wireless Network Configuration Guide

How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

User Guide for eduroam

MSC-131. Design and Deploy AirDefense Solutions Exam.

Penn State Wireless 2.0 and Related Services for Network Administrators

Integrating Citrix EasyCall Gateway with SwyxWare

WIRELESS SETUP FOR WINDOWS 7

How to connect to NAU s WPA2 Enterprise implementation in a Residence Hall:

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

WIRELESS SETUP GUIDES FOR WINDOWS 8

CruzNet Secure Set-Up Instructions for Windows Vista

How to configure your Thomson SpeedTouch 780WL for ADSL2+

Using LiveAction with Cisco Secure ACS (TACACS+ Server)

Configuring Global Protect SSL VPN with a user-defined port

How to connect to the diamonds wireless network with Vista.

Configure your firewall for administrative access via RADIUS authentication

Error and Event Log Messages

AP6511 First Time Configuration Procedure

Ruckus Wireless ZoneDirector Command Line Interface

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Configuring Internet Authentication Service on Microsoft Windows 2003 Server

Lab Configuring LEAP/EAP using Local RADIUS Authentication

Configuring Wireless Security on ProSafe wireless routers (WEP/WPA/Access list)

How to Access Coast Wi-Fi

Automatic Setup... 1 Manual Setup... 2 Installing the Wireless Certificates... 18

Interlink Networks Secure.XS and Cisco Wireless Deployment Guide

Developing Network Security Strategies

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

If you are unable to set up your Linksys Router by using one of the above options, use the steps below to manually configure your router.

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

Windows Vista: Connecting to the wireless network at Hood College

2014 TECHNOLOGY SOLUTIONS. Loews Royal Pacific Resort. Hard Rock Hotel. Loews Portofino Bay Hotel

Management, Logging and Troubleshooting

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

TE100-P21/TEW-P21G Windows 7 Installation Instruction

How To Set Up Isu-Oit-Wpa On Windows 7 For Wireless Access (Isu- Oit- Wpa) On A Pc Or Mac Or Ipa (Windows 7) On An Ipa Or Ipac (Windows

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

How To Connect To A Wireless Network On Windows 7 (Windows 7) On A Pc Or Mac Or Ipad (Windows) On Pc Or Ipa (Windows 8) On Your Computer Or Mac (Windows). (Windows.7) On An

Connecting to UNOSECURE using Windows 7

Chapter 2 Configuring Your Wireless Network and Security Settings

How to set up the HotSpot module with SmartConnect. Panda GateDefender 5.0

Using WPA Enterprise on Windows XP to Access Cleveland State University s Wireless Network (WoWnet)

AeroLab Wireless Network Code of Conduct. Connecting to the AeroLab Wireless Network

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

To add Citrix XenApp Client Setup for home PC/Office using the 32bit Windows client.

Configuring the WT-4 for ftp (Ad-hoc Mode)

Setting up Windows XP for WPA Wireless Access (ISU-OIT-WPA)

Palo Alto Networks User-ID Services. Unified Visitor Management

Configuration of Cisco Autonomous Access Point with 802.1x Authentication for Avaya 3631 Wireless Telephone

The back story of our Wireless (reading will help you understand what is going on in the building):

Step-by-Step Setup Guide Wireless File Transmitter

Extension Wireless Access (EWA) v2.0

Introduction to Junos Space Network Director

RAP Installation - Updated

Wireless LAN Client Configuration Guide for Windows Configuring 802.1X Authentication Client for Windows 7

Wireless icon on task bar has asterisk or exclamation? Go to #2

NetBeat NAC Version 9.2 Build 4 Release Notes

How To Set Up Wireless Network Security Part 1: WEP Part 2: WPA-PSK Part 3-1: RADIUS Server Installation Part 3-2: 802.1x-TLS Part 3-3: WPA

1.1.1 Security The integrated model will provide the following capabilities:

NetMotion + YubiRADIUS Quick Start Guide

How To Use 1Bay 1Bay From Awn.Net On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Network Box (For Mac) With An Ipad Or Ipod (For Ipad) With The

Eduroam wireless network Windows Vista

Introduction to Virtual Datacenter

Network Services One Washington Square, San Jose, CA

VX 9000E WiNG Express Manager INSTALLATION GUIDE

Symantec VIP Integration with ISE

Deployment Guide: Cisco Guest Access Using the Cisco Wireless LAN Controller

CLEARPASS ONGUARD CONFIGURATION GUIDE

There are two methods for setting up your Cisco or Linksys SPA phones outlined in this document.

CONNECTING THE RASPBERRY PI TO A NETWORK

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Section 4 Application Description - LDAP

Securing your Linksys Wireless Router BEFW11S4 Abstract

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Best Practices for Outdoor Wireless Security

Chapter 3 Safeguarding Your Network

WiNG5 DESIGN GUIDE By Sriram Venkiteswaran. WiNG5 Wireless Association Filters. How To Guide

estadium Project Lab 8: Wireless Mesh Network Setup with DD WRT

Policy Management: The Avenda Approach To An Essential Network Service

Using Cisco UC320W with Windows Small Business Server

WLAN Outdoor CPE For 2.4G. Quick Installation Guide

Using LAN Wi-Fi (WLAN) 3-2 Connecting Wi-Fi Devices via Wi-Fi (WLAN) 3-3 Connecting Windows 3-5 Connecting Mac 3-8

Wireless Router Quick Start Guide Rev. 1.0a Model: WR300NQ

Case Study - Configuration between NXC2500 and LDAP Server

Connecting to the University Wireless Network

Secure Networks for Process Control

Snom 720 and Elastix Server

Ruckus Wireless access point set up from an Audio Everywhere streaming perspec;ve. Lance Glasser 6 June 2015

Dramatically simplifying voice and data networking HOW-TO GUIDE. Bundle Quick Start Guide

Quickstart guide to Authentication

MFC6490CW Windows Network Connection Repair Instructions

Preparing the Computers for TCP/IP Networking

Transcription:

Ruckus-Bradford Interop Setup Bradford Network Sentry was purpose-built to deliver Network Access Control (NAC). It dynamically leverages the continuously growing library of security commands and controls built into today s switches, routers, wireless controllers and wireless access points to perform pre-connect risk assessments on every device attempting to connect to the network. Unlike alternative approaches that depend on 802.1x specific hardware, Network Sentry leverages the existing network infrastructure to manage up to 20,000 concurrent devices from a single physical or virtual appliance. A manager of managers ensures growth and provides scalability to secure larger scale networks. Setup wizards, seamless integration, and intuitive workflows make installation and configuration simple. This note provides step by step instructions on setting up a Ruckus-Bradford test environment. Given below is an oveview of the environment. 1. Two VLANs: "Production" and "Isolation". Unauthenticated users are placed into the Isolation VLAN and authenticated users are placed into the Production VLAN. 2. Two SSIDs/VLANs are setup corresponding to the Production and Isolation VLANs. The Production SSID is broadcast over the air whereas the Isolation SSID is a dummy. 3. MAC Authentication is used in our example. 3. The Production SSID/VLAN is set up with with Dynamic VLAN (DVLAN) capabilities and Mac Authentication. The Bradford Network Sentry appliance acts as the Radius Server. 4. The Isolation SSID/WLAN is a "dummy" and is not broadcast over the air. 5. The Network Sentry Appliance acts as the DHCP/DNS server for the Isolation VLAN. The Production VLAN uses the organization's regular DHCP/DNS servers. 6. The Network Sentry Appliance "reads" the WLAN/VLAN configuration from the Zone Director via SNMP commands. Basic User Experience Steps 1. New user connects to the SSID and is placed into the Isolation VLAN by the Network Sentry appliance (via the Radius response and DVLAN capabilities of the SSID/WLAN). The user is assigned an IP address on the Isolation VLAN by the Network Sentry Appliance. 2. User authenticates 3. Network Sentry sends Radius DM message to the Ruckus Controller and the user is disconnected from the SSID. In older versions, the Network Sentry would disconnect Ruckus Wireless, Inc. Page 1

the user via CLI commands issued to the Ruckus Zone Director. 4.User automatically reconnects and now the Network Sentry Appliance places this authenticated user into the Production VLAN. The IP address is obtained from the organization's regualr DHCP/DNS servers. Ruckus Zone Director Setup This involves the following: 1. Setting up the Production and Isolation SSIDs/WLANs (the latter as a dummy). 2. Setting up the Network Sentry Appliance as the Radius Server. 3. Enabling SNMP with the appropriate accounts/passphrases. Ruckus Wireless, Inc. Page 2

Network Sentry As Radius Server After logging into the Zone Director, go to Configure->AAA Servers and set up the Network Sentry Appliance as a Radius Server (IP Address, shared secret, etc.) Ruckus Wireless, Inc. Page 3

Production SSID/WLAN From the Configure->WLANs tab, create a new SSID for the Production WLAN/VLAN. This should be set up for (a) Mac Authentication (b) Network Sentry Appliance as the Authentication Server (c) VLAN corresponding to the desired VLAN and (d) Dynamic VLAN capabilities. Ruckus Wireless, Inc. Page 4

Ruckus Wireless, Inc. Page 5

Isolation SSID/WLAN Simialrly create an Isolation SSID/WLAN of any type with the VLAN being set to the correct desired Isolation VLAN. Also, ensure that this does not belong (is unchecked) to Default WLAN Group, so that it is not broadcast over the air. Ruckus Wireless, Inc. Page 6

Ruckus Wireless, Inc. Page 7

Enable SNMP From Configure->System->Network Management (towards the bottom of the page), enable the SNMP v3 Agent together with the appropriate users, authentication and privacy types and passphrases. These will be used for the corresponding entries in the Network Sentry appliance. Network Sentry Setup It is assumed that the Network Sentry Appliance has been setup and needs to be only configured for interoperability with the Ruckus Zone Director. It is best to use IE/ WIndows as several screens require the requisite plugins. The overall steps are: 1. Create new domain for Ruckus 2. Add Zone Director to this domain and model its configuration 3. Read VLANs from Zone Director 4. Set up Test User Accounts Ruckus Wireless, Inc. Page 8

Create Ruckus Domain From Network Devices->Network Devices create a new domain called Ruckus. Add Zone Director to Ruckus Domain In Network Devices->Topology, right click the Ruckus Domain and add the Zone Director as a device together with its IP address and the correct SNMP users/ authentication/privacy types and settings used earlier. Ruckus Wireless, Inc. Page 9

Read Zone Director Information Once the Zone Director has been created, right click it and Resync Interfaces. This makes the Network Sentry read the configuration information from the Zone Director. Ruckus Wireless, Inc. Page 10

Model Zone Director Configuration Model the Zone Director Configuration as shown below. Here you specify the Radius shared secret as well as the VLAN ID of the Isolation VLAN. The CLI access credentials to the ZOne Director are also entered here. Ruckus Wireless, Inc. Page 11

Ruckus Wireless, Inc. Page 12

Add Test User Accounts Add some test user accounts as shown below. Ruckus Wireless, Inc. Page 13

Test Clients You can now test by connecting a client to the SSID. It will first be placed in the Isolation VLAN and the user will be asked for credentials (per the test accounts setup in the prior step). Upon authentication, the device will disconnect and be placed in the desired Production VLAN. As shown below, the client device can be seen in the Host View. Ruckus Wireless, Inc. Page 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information