Ruckus Cloudpath Configuration

The following article discusses how to set up  Ruckus Cloudpath, SmartZone, ZoneDirector, and Cloud environments to use with the Marketing4WiFi SecurePass feature. The guide will cover the initial setup of CloudPath appliance, configuring a secure WLAN on the designated controller, and set up of Client settings in the Marketing4WiFi platform to provide a PSK to Guests who purchase a Multi Device Guest Plan from a hotspot.

Preconfiguration Checklist

Please confirm the following before proceeding with the configuration steps in this article.

  1. You will need a valid admin username and password to be used as part of the Client configuration in the dashboard.
  2. Cloudpath is an add on that must be enabled for your dashboard before the option will appear under Client Settings.
  3. Cloudpath options will not appear in Client settings until Payments have been enabled.
  4. UDP Port 3799 must be open to your SmartZone for DPSK revocations to work.
  5. The platform will make API requests to CloudPath from IP 18.233.247.3 for US-A and 3.13.114.17 for US-B.

Ruckus CloudPath Configuration

  1. Login to the Cloudpath dashboard
  2. Using the navigation panel to the left click Configuration > RADIUS Server
    • Collect the RADIUS hosts, Authentication & Accounting Ports, and Shared Secret from this page to use later in the hardware configuration process
  3. Click on the Clients tab and edit the default client
    1. Enable COA: Checked
    2. Coa Port: 3799
    3. COA Attributes: Press the add button and configure with
      • Acct-Session-ID(string)
      • Add If It Doesn’t Exist
      • ${ACCT_SESSION_ID}
  4. Click on the Attributes tab at the top
  5. Click show to make the following attributes visible
    • WISPr-Bandwidth-Max-Down
    • WISPr-Bandwidth-Max-Up
  6. Using the navigation panel to the left click Configuration > API Keys
  7. Click Add API Key
  8. Create an enabled API Key with an expiration date sufficiently far out from today’s date. If a key expires it will have to be re-enabled for the integration to work. Record the API Key for use later during the Marketing 4 WiFi configuration

Ruckus SmartZone Configuration

  1. Login to the Smartzone dashboard
  2. Using the navigation panel to the left, click Services & Profiles > Authentication
  3. Click the Proxy (SZ Authenticator) tab at the top and the click the ‘+ Create’ button
    1. Name: SecurePass-auth
    2. Service Protocol: RADIUS
    3. Primary Server
      • IP Address: Use the public IP of your CloudPath appliance
      • Port: Use the Authentication Port of your CloudPath appliance
      • Shared Secret: Use the RADIUS secret collected in step 3 of the Cloudpath configuration
    4. Using the navigation panel to the left, click Services & Profiles > Accounting
    5. Click the Proxy tab at the top and the click the ‘+ Create’ button
    6. Primary Server
      • IP Address: Use the public IP of your CloudPath appliance
      • Port: Use the Accounting Port of your CloudPath appliance
      • Shared Secret: Use the Shared secret collected in step 3 of the Cloudpath configuration
  4. Using the navigation panel to the left, click Wireless LANs and click the ‘+ Create’ button
    1. General Options
      1. Name: SecurePass (or whatever you wish)
      2. SSID: Enter your desired network name.
        This value will be used during the Marketing 4 WiFi Platform configuration
    2. Authentication Options
      1. Authentication Type: Standard usage
      2. Authentication Method: Open
    3. Encryption Options

      1. Encryption Method: WPA2
      2. Algorithm: AES
      3. 802.11w MFP: Disabled
      4. Dynamic PSK: External
    4. Authentication & Accounting Service
      1. Authentication Service: SecurePass-auth
      2. Accounting Service: SecurePass-acct
    5. Options

      1. Wireless Client Isolation: ON
  5. Press OK


The following command must be issued to the APs broadcasting the SecurePass SSID where # is the WLANID to reduce the amount of time required before Ruckus APs will send a new PSK.

set rpmkey wlans/wlan#/wlan-ext-macauth-acl-timeout 2
Ruckus ZoneDirector

  1. Login to your ZoneDirector dashboard
  2. Using the Navigation panel, select Services & Profiles > AAA Servers
    • On the Authentication/Accounting Servers page click the +Create button
      1. Name: securepass_auth
      2. Type: RADIUS
      3. Encryption: Unchecked
      4. Auth Method: CHAP
      5. Backup RADIUS: Checked
      6. First Server-
        • IP Address: You will be provided this by your Service Provider
        • Port: You will be provided this by your Service Provider
        • Shared Secret: You will be provided this by your Service Provider
        • Confirm Secret: You will be provided this by your Service Provider
      7. Second Server
        • IP Address: You will be provided this by your Service Provider
        • Port: You will be provided this by your Service Provider
        • Shared Secret: You will be provided this by your Service Provider
        • Confirm Secret: You will be provided this by your Service Provider
      8. Press OK
    • Back on the Authentication/Accounting Servers page click the +Create button again
      1. Name: securepass_acct
      2. Type: RADIUS Accounting
      3. Encryption: Unchecked
      4. Backup RADIUS: Checked
      5. First Server-
        • IP Address: You will be provided this by your Service Provider
        • Port: You will be provided this by your Service Provider
        • Shared Secret: You will be provided this by your Service Provider
        • Confirm Secret: You will be provided this by your Service Provider
      6. Second Server
        • IP Address: You will be provided this by your Service Provider
        • Port: You will be provided this by your Service Provider
        • Shared Secret: You will be provided this by your Service Provider
        • Confirm Secret: You will be provided this by your Service Provider
      7. Press OK
  3. Using the Navigation panel, select Wireless LANs
  4. Select your desired WLAN Group
  5. Press the +Create button (Or Edit your desired existing WLAN)
    1. General
      • Name: SecurePass(or whatever you wish)
      • ESSID: Enter your desired network name.
        This value will be used during the Marketing 4 WiFi Platform configuration
    2. WLAN Usages
      1. Type: Standard Usage
    3. Authentication
      1. Method: Open
      2. Dynamic-PSK: External
      3. DPSK Authentication Server: securepass_auth
    4. Encryption
      1. Method: WPA2
      2. Algorithm: AES
      3. 802.11w MFP: Disabled
    5. Advanced Options
      1. Wireless Client Isolation: Check both boxes
      2. Accounting Server: securepass_acct
      3. Send Interim-Update every: 10 minutes
  6. Press OK

Ruckus Cloud

  1. Login to your Ruckus Cloud portal
  2. Using the navigation panel select Network Control> Policies & Profiles
  3. Click on the RADIUS Server tile
  4. Click the ‘Add RADIUS Server’ button
    • Profile Name: securepass_auth
    • Type: Authentication RADIUS Server
    • Primary Server
      • IP Address: You will be provided this by your Service Provider
      • Port: You will be provided this by your Service Provider
      • Shared Secret: You will be provided this by your Service Provider
    • Click Add Secondary Server
    • Secondary Server
      • IP Address: You will be provided this by your Service Provider
      • Port: You will be provided this by your Service Provider
      • Shared Secret: You will be provided this by your Service Provider
    • Click Add
  5. Click the ‘Add RADIUS Server’ button again
    • Profile Name: securepass_acct
    • Type: Accounting RADIUS Server
    • Primary Server
      • IP Address: You will be provided this by your Service Provider
      • Port: You will be provided this by your Service Provider
      • Shared Secret: You will be provided this by your Service Provider
    • Click Add Secondary Server
    • Secondary Server
      • IP Address: You will be provided this by your Service Provider
      • Port: You will be provided this by your Service Provider
      • Shared Secret: You will be provided this by your Service Provider
    • Click Add
  6. Using the navigation panel select Wi-Fi > Wi-Fi Networks List
  7. Click the ‘Add Wi-Fi Network’ button
    1. Network Details
      • Network Name: Enter your desired network name.
        This value will be used during the Marketing 4 WiFi Platform configuration
      • Network Type: Dynamic Pre-Shared Key
      • Press Next
    2. DPSK Settings
      • Security Protocol: WPA2
      • Use RADIUS Server
      • Authentication Server: securepass_auth
      • Accounting Service: Enabled
      • Accounting Server: securepass_acct
      • Click Show more settings
      • Dynamic VLAN: Disabled
      • Network Control > Client Isolation: Enabled
      • Press Next
    3. Venues
      • Select the venue you would like to enable the SecurePass network
      • Press Next
    4. Summary
      • Review the settings on the page to ensure everything matches this document and then press Add

Marketing4WiFi Platform Configuration

This guide assumes your Client has Guest Plans enabled and configured with a Hotspot already live with Guest Plans enabled. offering Multi Device Guest Plans.

If you change the settings of a Guest Plan you must submit the hotspot again to sync the changes to CloudPath.

    1. Login to your Marketing 4 WiFi dashboard
    2. Use the navigation panel to the left to click Operator Settings > Add/Edit Clients
    3. Click Edit on the Client you want to enable Cloudpath on.
    4. Click on the toggle for Enable Cloudpath
      1. Cloudpath Hostname: Enter the hostname for your Cloudpath
      2. Cloudpath Username: Enter an valid admin username for your Cloudpath
      3. Cloudpath Password: Enter an valid admin password for your Cloudpath
      4. Cloudpath API Key: Enter the API Key created in step 8 of the Ruckus Cloudpath configuration
    5. Press Submit
    6. Use the navigation panel to the left to click Network > Guest Plans. Click ‘Add Plan’.
      1. Select the Client with Cloudpath enabled
      2. Give the plan a name and a clear description for guests
      3. Select the intended session profile
      4. Enter the intended price for this plan
      5. Registration Header Text and Registration Button Text are used if a guest is using a Voucher
      6. Enable Multi Devices: Yes
      7. No. of Devices per Plan can be set to the amount of
      8. Pre-expiration Message Time: Select the amount of time before a plan expires you want a guest to receive a warning message about their plan expiring.
      9. Press Submit.
    7. Repeat step 6 to create as many Multi device guest plans as desired
    8. Use the navigation panel to the left to click Network > Hotspots
    9. Click on the edit icon for the hotspot that will utilize the CloudPath integration
      • Click on the toggle for Enable SecurePass
      • WPA Key Confirmation Page: Click the blue plus icon to create a page and then use the edit page body button to build your own template. This is the page that will be displayed to users after purchasing a Guest Plan to provide on that original device the details of their DPSK
      • SSIDs: Enter the network name used during the configuration of your hardware
      • Add the Guest Plans created in step 6
      • Press Submit

Guest Experience

  1. When a guest selects a Multi Device Guest Plan to purchase from a hotspot with Cloudpath enabled they’ll be presented with options on how to receive their private password.
  2. After successfully purchasing the plan regardless of selection devices will be presented an interstitial page displaying key information about the PSK associated to their purchased plan.
  3. At the defined interval before the DPSK expires the hotspots Guest Plan Expiration Email will be sent to the contact information if it was provided.

Updated on February 15, 2024

Was this article helpful?

Related Articles

Need Support?
Can't find the answer you're looking for? Don't worry we're here to help!
CONTACT SUPPORT