Bradford Network Sentry (NAC) setup with the ZD/SZ

Summary

This article explains configuration required on the ZD and Bradford side to isolate unauthenticated user's traffic and pointing it back to production network after a successful authentication.

Question

What do I need to setup to make ZD/SZ operate with the Bradford Network Sentry?

Customer Environment

Network access control on a wireless network provided by the Ruckus controller.

Root Cause

Ruckus and Bradford exchange 802.1x AAA authentication and upon successful client login, re-auth the client to an assigned DVLAN. Code changes over time with regard to exchange of information and client re-auth methods have changed on both sides.

Workaround

Follow instructions in attached interoperability guidelines.

Resolution

Here are the steps required for the NAC setup using Bradford Network Sentry:
1. Determine two VLANs to use - one for the production and other for the isolation.
2. Configure two SSIDs and associate each of them to above VLANs.
3. Production SSID should be setup as a 802.1x based network with Sentry providing the authentication service. Make sure DVLAN option is enabled under the Advanced Options.
4. Isolation SSID can be any type. VLAN should be isolation VLAN that you have determined in step 1. Make sure this SSID isn't made available on the network at all by disabling it from the WLAN group.
5. Setup SNMPv3 agent to interoperate with the Sentry.

On the Bradford side:
1. Setup a new domain.
2. Add ZD to this domain. Match SNMP settings and RADIUS shared secret settings.
3. Specify the isolation VLAN that was determined above for user registration.

Detailed instructions can be found in the attached PDF document.

Attachment 1

Ruckus-ZD-SZ-Bradford Interop.pdf
application/pdf
Download
(2.82 MB)

Related Articles

KBA-2776: Compatible versions of ZoneDirector / SmartZone and Bradford NAC

Article Number:
000004766

Updated:
June 08, 2021 12:03 AM (over 3 years ago)

Answer Attachment 1
Ruckus-ZD-SZ-Bradford Interop.pdf
application/pdf
Download
(2.82 MB)

Tags:
Configuration, Security, ZoneDirector

Votes:
0

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close