Skip to main contentSkip to search
Skip to main content

Ruckus - Passpoint Configuration

Configure Passpoint (Hotspot 2.0) on Ruckus SmartZone, ZoneDirector, or Ruckus Cloud to enable automatic WiFi authentication through IronWiFi's cloud RADIUS service. This provides seamless WPA2/WPA3-Enterprise connections with optional RadSec encryption.

Supported Platforms

  • Ruckus SmartZone - SmartZone 100/144, Virtual SmartZone
  • Ruckus ZoneDirector - ZoneDirector 1200, 3000, 5000
  • Ruckus Cloud - Cloud-managed access points

Prerequisites

In Ruckus:

  • Ruckus access points with Hotspot 2.0 support
  • SmartZone 3.0+ or ZoneDirector 9.8+

In IronWiFi Console (complete these first):

  1. Log in to IronWiFi Management Console
  2. Navigate to Networks > select your network
  3. Enable Passpoint
  4. For RadSec (recommended), enable RadSec option
  5. Note the following:
    • RADIUS/RadSec server address
    • Port (
      {AUTH_PORT}
      for RADIUS, 2083 for RadSec)
    • Shared secret or certificate details

SmartZone Configuration

SmartZone Web Interface

Step 1: Configure AAA Server

  1. Log in to SmartZone web interface
  2. Go to Services & Profiles > Authentication
  3. Click Create to add new AAA server:
    • Name: IronWiFi
    • Type: RADIUS (or RadSec)
    • Primary Server IP: IronWiFi RADIUS address
    • Port: 
      {AUTH_PORT}
      (or 2083 for RadSec)
    • Shared Secret: Your RADIUS secret

For RadSec:

  • Service Protocol: RadSec
  • CN/SAN Identity: RadSec server hostname
  • Upload CA certificate from IronWiFi console

Step 2: Create Hotspot 2.0 Profile

  1. Go to Services & Profiles > Hotspot Services > Hotspot 2.0
  2. Click Create
  3. Configure:

General:

  • Name: IronWiFi-Passpoint
  • Internet Access: Available
  • Network Type: Free public network

Operator:

  • Operator Name: Your organization (lang: eng)
  • Domain Names: 
    ironwifi.net

Venue:

  • Venue Group: Business
  • Venue Type: Unspecified

Roaming Consortium: Click Add and enter:

  • 5A03BA0000
    (WBA OpenRoaming)
  • 004096
    (Cisco OpenRoaming)

NAI Realm: Click Add:

  • Realm: 
    ironwifi.com
  • EAP Method: EAP-TTLS
  • Auth Type: PAP, MSCHAPV2
  1. Save the profile

Step 3: Create WLAN

  1. Go to Wireless LANs

  2. Click Create

  3. Configure:

    • Name: Passpoint-Network
    • SSID: Your SSID name
    • Zone: Select appropriate zone
    • Authentication: 802.1X EAP
    • AAA Server: IronWiFi
    • Hotspot 2.0 Profile: IronWiFi-Passpoint

  4. Save WLAN

SmartZone CLI Configuration

ZoneDirector Configuration

Web Interface Setup

  1. Log in to ZoneDirector

  2. Go to Configure > AAA Servers

  3. Add RADIUS server with IronWiFi details

  4. Go to Configure > Hotspot Services

  5. Create Hotspot 2.0 profile:

    • Enable Hotspot 2.0
    • Configure operator, domain, venue information
    • Add roaming consortium OIs
    • Configure NAI realm

  6. Go to Configure > WLANs

  7. Create WLAN with:

    • 802.1X authentication
    • Hotspot 2.0 profile attached

Ruckus Cloud Configuration

Cloud Portal Setup

  1. Log in to Ruckus Cloud
  2. Navigate to WiFi Networks
  3. Create new network or edit existing

Enable Passpoint

  1. In network settings, find Hotspot 2.0

  2. Enable and configure:

    • Access Network Type
    • Venue information
    • Operator details
    • Domain names
    • Roaming Consortium OIs
    • NAI Realms

  3. Configure RADIUS with IronWiFi server details

  4. Save and sync to access points

RadSec provides encrypted RADIUS communication:

IronWiFi Setup

  1. In IronWiFi console, enable RadSec for your network
  2. Download the certificate bundle
  3. Note the RadSec server hostname and port (2083)

SmartZone RadSec Setup

  1. Go to Services & Profiles > Authentication
  2. Create new server with:
    • Type: RadSec
    • Server IP/FQDN: RadSec hostname from IronWiFi
    • Port: 2083
    • CN/SAN Identity: Server hostname
  3. Upload CA certificate from IronWiFi
  4. Save configuration

Troubleshooting

Passpoint Not Working

  1. Verify Hotspot 2.0 is enabled on WLAN
  2. Check AP firmware supports Hotspot 2.0
  3. Verify client device Passpoint support
  4. Review ANQP query responses

Authentication Failures

  1. Test RADIUS connectivity: 
    ruckus# test aaa IronWiFi user@ironwifi.com password
  2. Check shared secret
  3. Review IronWiFi authentication logs
  4. Verify NAI realm matches user credentials

Debug Commands

RadSec Issues

  1. Verify certificate is correctly uploaded
  2. Check CN/SAN matches server certificate
  3. Ensure port 2083 is not blocked
  4. Test TLS connectivity

Same vendor

Standards & reference

Was this page helpful?