Ruckus ZoneDirector

Set up Ruckus ZoneDirector wireless controller with IronWifi for centralized WiFi management. This guide covers AAA server configuration, Hotspot service setup with external login pages, walled garden configuration, WLAN creation for guest and WPA-Enterprise networks, and WISPr authentication integration.

Prerequisites

In Ruckus ZoneDirector:

• ZoneDirector controller (any version supporting Hotspot services)
• Administrative access to ZoneDirector web interface
• At least one managed access point

In IronWifi Console (complete these first):

1. Create a Network

   • Navigate to Networks and click Create Network
   • Note the RADIUS server details:
     • Primary RADIUS Server IP
     • Backup RADIUS Server IP (optional)
     • RADIUS Authentication Port (1812)
     • RADIUS Accounting Port (1813)
     • Shared Secret

2. Create a Captive Portal

   • Navigate to Captive Portals and click Create Captive Portal
   • Select Vendor: Ruckus
   • Note the Splash Page URL provided
   • Copy the Walled Garden domains list

ZoneDirector Configuration

Step 1: Configure AAA Server

1. Navigate to Configure → AAA Servers
2. Click Create New
3. Configure:
   • Name: IronWifi
   • Type: RADIUS
   • Auth Server Address: {Primary IP}
   • Port: 1812
   • Shared Secret: {Secret}
4. Click OK

Step 2: Configure Hotspot Service

1. Navigate to Configure → Hotspot Services
2. Click Create New
3. Configure:
   • Name: IronWifi-Hotspot
   • Login Page: {Splash Page URL}
   • Authentication Server: IronWifi

Step 3: Configure Walled Garden

In Hotspot Service settings:

1. Enable Walled Garden

2. Add the following required entries:

   • 107.178.250.42
   • *.ironwifi.com
   • *.ironwifi.net
   • splash.ironwifi.com

3. If using social login providers, add their domains:

Provider	Required Entries
Google	*.google.com, *.googleapis.com, *.gstatic.com, accounts.google.com
Facebook	*.facebook.com, *.fbcdn.net, connect.facebook.net, facebook.com
LinkedIn	*.linkedin.com, *.licdn.com, linkedin.com
Twitter/X	*.twitter.com, *.twimg.com, twitter.com, *.x.com, x.com
Apple	*.apple.com, *.icloud.com, appleid.apple.com
Microsoft/Azure AD	*.microsoft.com, *.microsoftonline.com, *.msftauth.net, login.microsoftonline.com
Stripe	*.stripe.com, js.stripe.com
PayPal	*.paypal.com, *.paypalobjects.com
Twilio (SMS)	*.twilio.com

Step 4: Create WLAN

1. Navigate to Configure → WLANs
2. Click Create New
3. Configure:
   • Name: Guest-WiFi
   • Type: Hotspot Service (WISPr)
   • Hotspot Service: IronWifi-Hotspot

WPA-Enterprise

For 802.1X authentication without captive portal:

1. Create WLAN
2. Set Type: Standard Usage
3. Configure:
   • Authentication Type: 802.1X EAP
   • Authentication Server: IronWifi
   • Encryption: WPA2-AES

Testing

Once configuration is complete, verify everything is working properly:

Test Captive Portal

1. Connect a test device to the Guest WiFi network
2. Open a web browser
3. You should be automatically redirected to the IronWifi splash page
4. Complete the authentication process
5. Verify internet access is granted after authentication

Test Enterprise Authentication

1. Connect a device to the WPA-Enterprise network
2. Enter valid credentials when prompted
3. Verify successful connection
4. Check authentication logs in IronWifi Console

Troubleshooting

If you encounter issues during setup or operation, use this reference to diagnose and resolve common problems:

Symptom	Possible Cause	Solution
Hotspot not working	Hotspot Service not applied	Verify Hotspot Service is selected in WLAN settings
Hotspot not working	Incorrect Login Page URL	Check that Login Page URL matches the Splash Page URL from IronWifi
Hotspot not working	Missing Walled Garden entries	Add all required IronWifi domains to Walled Garden
Authentication failed	AAA server unreachable	Test AAA server connectivity from ZoneDirector
Authentication failed	Incorrect shared secret	Verify shared secret matches exactly in both systems (case-sensitive)
Authentication failed	Invalid user credentials	Check user credentials in IronWifi Console
Authentication failed	Firewall blocking traffic	Ensure ports 1812 and 1813 are open between ZoneDirector and IronWifi
Portal redirects incorrectly	DNS resolution issues	Verify DNS settings on client devices
Portal redirects incorrectly	Browser caching	Clear browser cache and test in incognito/private mode
Social login not working	Missing provider domains	Add all required domains for the social provider to Walled Garden
Clients disconnecting	Session timeout too short	Adjust session timeout in Hotspot Service settings

For detailed error information:

1. Review ZoneDirector logs: Monitor → Event Logs
2. Review IronWifi logs: Analytics → Authentication Logs
3. Check active client sessions: Monitor → Clients

Related Topics

• Ruckus SmartZone Configuration
• Ruckus Cloud Configuration
• Ruckus Flex Configuration
• Passpoint Configuration
• Captive Portal Setup