Fortinet black logo

Ruckus Smart Zone Device Integration

Home FortiNAC-F 7.2.0 Ruckus Smart Zone Device Integration
7.2.0
7.4.0
7.4.0
7.2.0

How it Works

How it Works

Visibility

FortiNAC learns where endpoints are connected on the network using the following methods:

  • RADIUS communication

  • L2 Polling (MAC address table read)

  • L3 Polling (ARP cache read)

Control

FortiNAC provisions an endpoint’s network access by managing VLAN assignments based on the Ruckus Smart Zone’s model configuration or an applicable network access policy and the host state of the device. The VLAN configuration is modified using the appropriate method based upon the vendor and model (see chart below).

Device Support Methods

Endpoint Connectivity Notification

Reading MAC Address Tables

(L2 Poll)

Reading IP Tables

(L3 Poll)

Reading VLANs

VLAN Assignment

Reading SSIDs

De-auth

RADIUS (802.1x or MAC-auth)

SNMP

SNMP

API

RADIUS

API

RADIUS CoA

RADIUS Authentication

FortiNAC learns of endpoints connecting <and disconnecting> from the Ruckus Smart Zone using RADIUS Authentication. When a wireless client attempts to connect, the Ruckus Smart Zone sends a RADIUS request to FortiNAC.

  • MAC-based Authentication: Endpoints are authenticated based on the MAC address. This requires no configuration on the endpoint.

  • 802.1x Authentication: Endpoints are authenticated based on user information. This requires supplicant configuration on the endpoint and an authentication server (either FortiNAC local RADIUS server or a third party server).

Authentication Modes in FortiNAC

Two RADIUS Authentication modes are available for determining how RADIUS requests are processed. These modes can be configured in FortiNAC on a per-device basis.

  • Proxy

    • Authentication: FortiNAC processes RADIUS MAC but proxies 802.1x EAP authentication to a customer-owned (external) RADIUS server.

    • Accounting: FortiNAC proxies accounting traffic to a customer-owned (external) RADIUS server.

    • For more information on this option, see Proxy in the Administration Guide.

  • Local

    • Authentication: FortiNAC’s Local RADIUS Server processes RADIUS MAC and 802.1x EAP authentication without the need to proxy to an external RADIUS server.

    • Accounting: The Local RADIUS server does not provide accounting. If accounting is required, FortiNAC can be configured to proxy Accounting traffic to an external RADIUS server.

For more information on this option, see Local Servers in the Administration Guide.

Previous
Next

How it Works

Visibility

FortiNAC learns where endpoints are connected on the network using the following methods:

  • RADIUS communication

  • L2 Polling (MAC address table read)

  • L3 Polling (ARP cache read)

Control

FortiNAC provisions an endpoint’s network access by managing VLAN assignments based on the Ruckus Smart Zone’s model configuration or an applicable network access policy and the host state of the device. The VLAN configuration is modified using the appropriate method based upon the vendor and model (see chart below).

Device Support Methods

Endpoint Connectivity Notification

Reading MAC Address Tables

(L2 Poll)

Reading IP Tables

(L3 Poll)

Reading VLANs

VLAN Assignment

Reading SSIDs

De-auth

RADIUS (802.1x or MAC-auth)

SNMP

SNMP

API

RADIUS

API

RADIUS CoA

RADIUS Authentication

FortiNAC learns of endpoints connecting <and disconnecting> from the Ruckus Smart Zone using RADIUS Authentication. When a wireless client attempts to connect, the Ruckus Smart Zone sends a RADIUS request to FortiNAC.

  • MAC-based Authentication: Endpoints are authenticated based on the MAC address. This requires no configuration on the endpoint.

  • 802.1x Authentication: Endpoints are authenticated based on user information. This requires supplicant configuration on the endpoint and an authentication server (either FortiNAC local RADIUS server or a third party server).

Authentication Modes in FortiNAC

Two RADIUS Authentication modes are available for determining how RADIUS requests are processed. These modes can be configured in FortiNAC on a per-device basis.

  • Proxy

    • Authentication: FortiNAC processes RADIUS MAC but proxies 802.1x EAP authentication to a customer-owned (external) RADIUS server.

    • Accounting: FortiNAC proxies accounting traffic to a customer-owned (external) RADIUS server.

    • For more information on this option, see Proxy in the Administration Guide.

  • Local

    • Authentication: FortiNAC’s Local RADIUS Server processes RADIUS MAC and 802.1x EAP authentication without the need to proxy to an external RADIUS server.

    • Accounting: The Local RADIUS server does not provide accounting. If accounting is required, FortiNAC can be configured to proxy Accounting traffic to an external RADIUS server.

For more information on this option, see Local Servers in the Administration Guide.

Previous
Next