Ruckus - Passpoint Configuration

Configure Passpoint (Hotspot 2.0) on Ruckus SmartZone, ZoneDirector, or Ruckus Cloud to enable automatic WiFi authentication through IronWifi's cloud RADIUS service. This provides seamless WPA2/WPA3-Enterprise connections with optional RadSec encryption.

Supported Platforms

• Ruckus SmartZone - SmartZone 100/144, Virtual SmartZone
• Ruckus ZoneDirector - ZoneDirector 1200, 3000, 5000
• Ruckus Cloud - Cloud-managed access points

Prerequisites

In Ruckus:

• Ruckus access points with Hotspot 2.0 support
• SmartZone 3.0+ or ZoneDirector 9.8+

In IronWifi Console (complete these first):

1. Log in to IronWifi Management Console
2. Navigate to Networks > select your network
3. Enable Passpoint
4. For RadSec (recommended), enable RadSec option
5. Note the following:
   • RADIUS/RadSec server address
   • Port (1812 for RADIUS, 2083 for RadSec)
   • Shared secret or certificate details

---

SmartZone Configuration

SmartZone Web Interface

Step 1: Configure AAA Server

1. Log in to SmartZone web interface
2. Go to Services & Profiles > Authentication
3. Click Create to add new AAA server:
   • Name: IronWifi
   • Type: RADIUS (or RadSec)
   • Primary Server IP: IronWifi RADIUS address
   • Port: 1812 (or 2083 for RadSec)
   • Shared Secret: Your RADIUS secret

For RadSec:

• Service Protocol: RadSec
• CN/SAN Identity: RadSec server hostname
• Upload CA certificate from IronWifi console

Step 2: Create Hotspot 2.0 Profile

1. Go to Services & Profiles > Hotspot Services > Hotspot 2.0
2. Click Create
3. Configure:

General:

• Name: IronWifi-Passpoint
• Internet Access: Available
• Network Type: Free public network

Operator:

• Operator Name: Your organization (lang: eng)
• Domain Names: ironwifi.net

Venue:

• Venue Group: Business
• Venue Type: Unspecified

Roaming Consortium: Click Add and enter:

• 5A03BA0000 (WBA OpenRoaming)
• 004096 (Cisco OpenRoaming)

NAI Realm: Click Add:

• Realm: ironwifi.com
• EAP Method: EAP-TTLS
• Auth Type: PAP, MSCHAPV2

4. Save the profile

Step 3: Create WLAN

1. Go to Wireless LANs

2. Click Create

3. Configure:

   • Name: Passpoint-Network
   • SSID: Your SSID name
   • Zone: Select appropriate zone
   • Authentication: 802.1X EAP
   • AAA Server: IronWifi
   • Hotspot 2.0 Profile: IronWifi-Passpoint

4. Save WLAN

SmartZone CLI Configuration

# AAA Server
ruckus(config)# aaa radius-server IronWifi
ruckus(config-aaa-radius)# ip-addr 1.2.3.4
ruckus(config-aaa-radius)# port 1812
ruckus(config-aaa-radius)# shared-secret your-secret
ruckus(config-aaa-radius)# exit

# Hotspot 2.0 Profile
ruckus(config)# hotspot20 IronWifi-HS20
ruckus(config-hotspot20)# internet-access
ruckus(config-hotspot20)# network-type free-public
ruckus(config-hotspot20)# domain-name ironwifi.net
ruckus(config-hotspot20)# operator-name eng "IronWifi"
ruckus(config-hotspot20)# roaming-consortium oi 5A03BA0000
ruckus(config-hotspot20)# nai-realm ironwifi.com eap-ttls auth-type pap
ruckus(config-hotspot20)# exit

# WLAN
ruckus(config)# wlan Passpoint-WLAN
ruckus(config-wlan)# ssid Passpoint
ruckus(config-wlan)# authentication aaa IronWifi
ruckus(config-wlan)# hotspot20 IronWifi-HS20
ruckus(config-wlan)# exit

---

ZoneDirector Configuration

Web Interface Setup

1. Log in to ZoneDirector

2. Go to Configure > AAA Servers

3. Add RADIUS server with IronWifi details

4. Go to Configure > Hotspot Services

5. Create Hotspot 2.0 profile:

   • Enable Hotspot 2.0
   • Configure operator, domain, venue information
   • Add roaming consortium OIs
   • Configure NAI realm

6. Go to Configure > WLANs

7. Create WLAN with:

   • 802.1X authentication
   • Hotspot 2.0 profile attached

---

Ruckus Cloud Configuration

Cloud Portal Setup

1. Log in to Ruckus Cloud
2. Navigate to WiFi Networks
3. Create new network or edit existing

Enable Passpoint

1. In network settings, find Hotspot 2.0

2. Enable and configure:

   • Access Network Type
   • Venue information
   • Operator details
   • Domain names
   • Roaming Consortium OIs
   • NAI Realms

3. Configure RADIUS with IronWifi server details

4. Save and sync to access points

---

RadSec Configuration (Recommended)

RadSec provides encrypted RADIUS communication:

IronWifi Setup

1. In IronWifi console, enable RadSec for your network
2. Download the certificate bundle
3. Note the RadSec server hostname and port (2083)

SmartZone RadSec Setup

1. Go to Services & Profiles > Authentication
2. Create new server with:
   • Type: RadSec
   • Server IP/FQDN: RadSec hostname from IronWifi
   • Port: 2083
   • CN/SAN Identity: Server hostname
3. Upload CA certificate from IronWifi
4. Save configuration

---

Troubleshooting

Passpoint Not Working

1. Verify Hotspot 2.0 is enabled on WLAN
2. Check AP firmware supports Hotspot 2.0
3. Verify client device Passpoint support
4. Review ANQP query responses

Authentication Failures

1. Test RADIUS connectivity:

   ruckus# test aaa IronWifi user@ironwifi.com password

2. Check shared secret
3. Review IronWifi authentication logs
4. Verify NAI realm matches user credentials

Debug Commands

# Show Hotspot 2.0 status
ruckus# show hotspot20

# Show AAA server status
ruckus# show aaa

# Show connected clients
ruckus# show station

# Debug authentication
ruckus# debug aaa all

RadSec Issues

1. Verify certificate is correctly uploaded
2. Check CN/SAN matches server certificate
3. Ensure port 2083 is not blocked
4. Test TLS connectivity

Related Topics

• Ruckus SmartZone Configuration
• Ruckus Cloud Configuration
• Ruckus SmartZone RadSec & OpenRoaming
• Passpoint Overview