When Brocade purchased Vyatta I was nervous, but they have done a really good job with it. They keep it updated, and now have added a lot of functionality and increased services with the 6400 version. Both the 5600 (pretty much old vyatta) and the newer 6400 Vyatta IOS are for free from Brocade fro 60 days.
This blog entry is just showing some very simple things such as adding a IP address to an interface and enabling the HTTPS and SSH service. In another entry i will show how to use other user authentication methods for user logins. Although all of these commands are very easy, this post could help someone who might be in a bind.
Configure an IP address.
The Vrouter CLI has always been intuitive for me. Each config option is really an objects configuration. You can delete the config altogether or just an individual config setting of the object. To set the IP address first you have to go into configure mode.
set int ethernet eth0 address 192.168.252.1/24
commit — remember nothing is set, until this is entered.
The image below shows these commands in the actual CLI.
We can also save the config in config mode by issuing the command “save”.
That’s, it we have now set an IP address.So on to enabling SSH and HTTPS access.
To enable HTTPS we need to issue the command (from config mode)
set service https
As you can see from the image below, after those commands are entered the Vyatta generates a certificate, and restarts its web server.
Enabling SSH is as easy as the other commands.
From config mode
set service ssh enable
You also have options to allow root login, set the listen address, and change the port.
Ruckus brought in the Guest Self Service portal in firmware 184.108.40.206 build 218 – so if you are looking to configure it please install this update first (Check release notes for proper upgrade path). After we are on build 218, lets get configuring.
So the Ruckus Guest self service portal is Ruckus’s first step in creating an “on boarding” process. It allows administrators to make sure that there is at least some kind of authentication on their guest WLANs. The portal gives guest users the ability to create their own guest pass, and the admin can set many options of the guest pass such as expiration, amount of devices that can be registered with this pass, and how the pass is given to the user – for example you can send it through text, email, just show it to them on the screen, or a combination of all. So this feature is great, and helps admins authenticate guest users with very minimal intervention.
So how do we configure this?
First we need to create a new Guest access policy. This is located under Configure – Guest Access. Create a new portal.
Lets now configure our portal page. A few options that are very important are:
Enable Zero IT Registration from the Guest Portal – Use this if you are also planning to register devices. I was confused by this at first. As you will see you have the option to use guest pass, or register a device. When you register a device you are just using Zero IT as normal to get on the secured network.
Authentication – Use guest pass for this. Since thats the goal.
Next you have a lot of options such as Terms of service and time out.
The main box you have to check is the “Guestpass Self-Service” box , you will then get a lot of options to do with that process and how to get the guest pass to the user. A few things to note, if you want to txt them, or send the pass through email you will need to configure a mail server and/or SMS server in the settings of the ZD.
If you notice there is a small “Restricted Subnet access” – Its kind of hidden in my opinion. This is very important. If this is used for guest access more than likely you will want to make sure that guests cannot access internal hosts. This is where that is done. This or the Layer 3 access list. Remember Ruckus does the filtering on the AP, so having to have a ACL on the router is not needed. Below if the full Guest access config.
That is about it for the Guest portal. Now we need to create a WLAN and use it for our guest access.
So, lets create a WLAN at configure – WLAN- create a new one.
Things to note – Select “Guest Access” Then select your Guest access Service portal you created.
Great!! All done, so what happens when you connect?
First you will be presented with the on boarding portal that asks if you would like to use Guest Access, or Register a device (Zero-IT).
Select “Guest Access”
On the next screen it will ask you for your Guest pass, but you don’t have one yet. Select the button to create a new pass. Note that you have the option to Query the status. This is a feature if you want to approve guests of getting a Guest pass before they do.
On the next screen you will be asked to fill out your information.
And here you go! you have your guest pass, which is valid for the length of time that you configured in the policy. Copy and keep this key. The ZD will automatically copy the key into the next page for you. Select to go to Guest Access portal.
You can see the the ZD copied the key for you. Just Press submit.
And there we go!! We are online. Ruckus does it again with making getting on Wifi easier. Now we have a built in On boarding portal.
You can view the Guest Pass and its config under Monitor-Guest pass to find out who the GP was assigned to, when it expires, and you can delete them from here as well.
Ruckus has done a great job giving us a simple but effective way to on board users for Guest and/or internal use.