Ruckus Flex Configuration

Configure Ruckus Flex (formerly Ruckus Unleashed) controller-less access points with IronWifi for distributed WiFi management. This guide covers AAA server configuration, external captive portal setup, walled garden configuration for guest access, WPA2/WPA3-Enterprise deployment, and CLI configuration options for advanced settings.

Overview

Ruckus Flex is a controller-less wireless solution where one AP acts as the master controller. It supports:

External RADIUS authentication
External captive portal
WPA2/WPA3-Enterprise
Guest network isolation

Prerequisites

In Ruckus Flex:

Ruckus Flex network with master AP
Ruckus Flex firmware 200.7 or later
Access to Flex web interface or CLI
Administrative credentials

In IronWifi Console (complete these first):

Create a Network
- Navigate to Networks and click Create Network
- Note the RADIUS server details:
  - RADIUS Server IP
  - RADIUS Authentication Port (1812)
  - RADIUS Accounting Port (1813)
  - Shared Secret
Create a Captive Portal
- Navigate to Captive Portals and click Create Captive Portal
- Select Vendor: Ruckus
- Note the Splash Page URL provided
- Copy the Walled Garden domains list

Ruckus Flex Configuration

Step 1: Access Flex Web Interface

Connect to the Flex network
Open browser and navigate to the master AP IP (default: unleashed.ruckuswireless.com or 192.168.0.1)
Log in with admin credentials

Step 2: Configure RADIUS Server

Navigate to Admin & Services > Services > AAA Servers
Click Create New
Configure Authentication Server:
- Name: IronWifi
- Type: RADIUS
- Auth Method: PAP
- IP Address: Your IronWifi RADIUS IP
- Port: 1812
- Shared Secret: Your RADIUS secret
Configure Accounting Server:
- Accounting Server: Enable
- IP Address: Same as authentication
- Port: 1813
- Shared Secret: Same secret
Click OK to save

Step 3: Create WLAN for Enterprise Authentication

Navigate to WiFi Networks
Click Create
Configure Basic Settings:
- Name/SSID: Your network name
- Type: Standard Usage
Configure Security:
- Authentication Method: 802.1X EAP
- Encryption Method: WPA2
- Algorithm: AES
- Authentication Server: IronWifi
Click OK to save

Step 4: Create Guest WLAN with Captive Portal

Navigate to WiFi Networks
Click Create
Configure Basic Settings:
- Name/SSID: Guest WiFi
- Type: Guest Access
Configure Security:
- Authentication Method: Open
- Encryption: None (or WPA2-Personal for basic security)
Configure Guest Access:
- Guest Access Service: Enable
- Authentication Type: WISPr or External Captive Portal

Step 5: Configure External Captive Portal

In Guest WLAN settings, go to Guest Access section
Configure:
- Guest Access Service: Enabled
- Portal Type: External
- Authentication Server: IronWifi
Configure Portal Settings:
- Start Page: External URL
- Start URL: Your IronWifi Splash Page URL
- Redirect to Start URL: After guest authentication

Step 6: Configure Walled Garden

In the Guest WLAN settings:

Find Walled Garden section
Add the following required entries:
- *.ironwifi.com
- *.ironwifi.net
- splash.ironwifi.com
- 107.178.250.42
If using social login providers, add their domains:

Provider	Required Entries
Google	`.google.com`, `.googleapis.com`, `*.gstatic.com`, `accounts.google.com`
Facebook	`.facebook.com`, `.fbcdn.net`, `connect.facebook.net`, `facebook.com`
LinkedIn	`.linkedin.com`, `.licdn.com`, `linkedin.com`
Twitter/X	`.twitter.com`, `.twimg.com`, `twitter.com`, `*.x.com`, `x.com`
Apple	`.apple.com`, `.icloud.com`, `appleid.apple.com`
Microsoft/Azure AD	`.microsoft.com`, `.microsoftonline.com`, `*.msftauth.net`, `login.microsoftonline.com`
Stripe	`*.stripe.com`, `js.stripe.com`
PayPal	`.paypal.com`, `.paypalobjects.com`
Twilio (SMS)	`*.twilio.com`

Click OK to save

Configuration via CLI

Access Flex CLI via SSH for advanced configuration:

Configure RADIUS Server

ruckus# config
ruckus(config)# aaa-server IronWifi
ruckus(config-aaa)# type radius
ruckus(config-aaa)# ip 1.2.3.4
ruckus(config-aaa)# port 1812
ruckus(config-aaa)# secret your-shared-secret
ruckus(config-aaa)# end

Configure WLAN with 802.1X

ruckus# config
ruckus(config)# wlan "Enterprise-WiFi"
ruckus(config-wlan)# ssid "Enterprise-WiFi"
ruckus(config-wlan)# authentication-method 802.1x-eap
ruckus(config-wlan)# encryption-method wpa2
ruckus(config-wlan)# algorithm aes
ruckus(config-wlan)# aaa IronWifi
ruckus(config-wlan)# end

Configure Guest WLAN

ruckus# config
ruckus(config)# wlan "Guest-WiFi"
ruckus(config-wlan)# ssid "Guest-WiFi"
ruckus(config-wlan)# type guest
ruckus(config-wlan)# guest-access
ruckus(config-wlan-guest)# portal-type external
ruckus(config-wlan-guest)# start-url https://us-east1.ironwifi.com/...
ruckus(config-wlan-guest)# end

Configuration Summary

RADIUS Settings

Setting	Value
Server IP	IronWifi RADIUS IP
Auth Port	1812
Acct Port	1813
Secret	Your shared secret

Enterprise WLAN Settings

Setting	Value
Security	WPA2-Enterprise
Authentication	802.1X EAP
RADIUS Server	IronWifi

Guest WLAN Settings

Setting	Value
Portal Type	External
Start URL	IronWifi Splash Page
Walled Garden	IronWifi domains

Testing

Once configuration is complete, verify everything is working properly:

Check AAA Server Status

Navigate to Admin & Services > Services > AAA Servers
Verify IronWifi server shows as configured
Check connection status

Test Enterprise Authentication

Connect device to Enterprise WLAN
Enter credentials when prompted
Verify authentication in IronWifi Console

Test Guest Portal

Connect device to Guest WLAN
Browser should redirect to splash page
Complete authentication
Verify in IronWifi Console logs

Check Connected Clients

Navigate to Clients
View connected clients
Verify authentication status

Troubleshooting

If you encounter issues during setup or operation, use this reference to diagnose and resolve common problems:

Symptom	Possible Cause	Solution
RADIUS timeout	Network connectivity issue	Verify AP can reach IronWifi RADIUS server, check firewall rules
RADIUS timeout	Incorrect server IP	Check server IP address in AAA server configuration
Auth rejected	Wrong shared secret	Verify shared secret matches exactly in both systems (case-sensitive)
Auth rejected	Incorrect ports	Ensure ports 1812 (auth) and 1813 (acct) are configured
Portal not redirecting	Guest access disabled	Verify guest access service is enabled in WLAN settings
Portal not redirecting	Portal URL wrong	Check that captive portal Start URL is correct
Portal not redirecting	DNS issues	Ensure DNS is working properly on client devices
Cannot complete authentication	Missing walled garden domains	Verify all required IronWifi domains are in walled garden
Cannot complete authentication	HTTPS/SSL issues	Check HTTPS works properly, verify certificates
Cannot complete authentication	Browser cache	Clear browser cache or test in incognito/private mode
Social login failures	Missing provider domains	Add all social provider domains to walled garden
Social login failures	OAuth not configured	Verify OAuth is configured in IronWifi Console
SSL error	Certificate issue	Add all required domains to walled garden
No redirect after auth	RADIUS server issue	Review Flex event logs and IronWifi authentication logs

Review Logs

For detailed error information:

Check Flex event logs in web interface
Review IronWifi authentication logs: Analytics → Authentication Logs
Check RADIUS communication in system logs

Advanced Configuration

This section covers optional advanced features for enhanced functionality:

VLAN Assignment

In WLAN settings, configure VLAN:
- VLAN ID: Specify VLAN for this WLAN
- Dynamic VLAN: Enable for RADIUS-assigned VLANs
Configure VLAN attributes in IronWifi user/group settings

Rate Limiting

In WLAN settings, find Rate Limiting
Configure:
- Downlink Rate Limit: Max download speed
- Uplink Rate Limit: Max upload speed

Access Control

Configure Access Control in WLAN settings
Set allowed/denied MAC addresses
Configure time-based access if needed

Best Practices

Firmware Updates: Keep Flex firmware current
Strong Secrets: Use complex RADIUS shared secrets
Monitoring: Check Flex dashboard regularly
Backup Config: Export configuration before changes
Test Changes: Verify in lab before production
Documentation: Record all configuration settings

Overview​

Prerequisites​

In Ruckus Flex:​

In IronWifi Console (complete these first):​

Ruckus Flex Configuration​

Step 1: Access Flex Web Interface​

Step 2: Configure RADIUS Server​

Step 3: Create WLAN for Enterprise Authentication​

Step 4: Create Guest WLAN with Captive Portal​

Step 5: Configure External Captive Portal​

Step 6: Configure Walled Garden​

Configuration via CLI​

Configure RADIUS Server​

Configure WLAN with 802.1X​

Configure Guest WLAN​

Configuration Summary​

RADIUS Settings​

Enterprise WLAN Settings​

Guest WLAN Settings​

Testing​

Check AAA Server Status​

Test Enterprise Authentication​

Test Guest Portal​

Check Connected Clients​

Troubleshooting​

Review Logs​

Advanced Configuration​

VLAN Assignment​

Rate Limiting​

Access Control​

Best Practices​

Related Topics​

Overview

Prerequisites

In Ruckus Flex:

In IronWifi Console (complete these first):

Ruckus Flex Configuration

Step 1: Access Flex Web Interface

Step 2: Configure RADIUS Server

Step 3: Create WLAN for Enterprise Authentication

Step 4: Create Guest WLAN with Captive Portal

Step 5: Configure External Captive Portal

Step 6: Configure Walled Garden

Configuration via CLI

Configure RADIUS Server

Configure WLAN with 802.1X

Configure Guest WLAN

Configuration Summary

RADIUS Settings

Enterprise WLAN Settings

Guest WLAN Settings

Testing

Check AAA Server Status

Test Enterprise Authentication

Test Guest Portal

Check Connected Clients

Troubleshooting

Review Logs

Advanced Configuration

VLAN Assignment

Rate Limiting

Access Control

Best Practices

Related Topics