1. Home
  2. Knowledge Base
  3. FAQs
  4. Using GoZone SecurePass™ provided service

Using GoZone SecurePass™ provided service

The following article discusses how to set up your Ruckus Smartzone and Marketing4WiFi dashboard to utilize GoZone’s SecurePass services. The guide will cover configuring a secure WLAN on the Smartzone, and set up of Client settings in the Marketing4WiFi platform to provide a (pre-shared key) PSK to Guests who purchase a Multi Device Guest Plan from a hotspot.

This guide assumes that you have an existing Client and Hotspot already setup offering Mutli Device Guest Plans.

Section 1: Configuring Client settings

  1. Login to your Marketing 4 WiFi dashboard
  2. Use the navigation panel to the left to click Operator Settings > Add/Edit Clients
  3. Click on the toggle for Enable Cloudpath.
    Leave all CloudPath fields blank to inherit your GoZone provided service.
  4. Press Submit

  1. Login to your Marketing 4 WiFi dashboard
  2. Use the navigation panel to the left to click Operator Settings > Add/Edit Clients
  3. Click on the toggle for Enable Vault
  4. Leave the Vault Hostname, Vault Username, and Vault Password blank to inherit your GoZone provided service.
  5. Select Country: Enter the Country of this Client.
  6. State: Enter the State of this Client.
  7. City: Enter the City of this Client.
  8. Postal Code: Enter the Postal Code of this Client.
  9. Press Submit
  10. Once the page loads again, scroll to the value for "Vault NAS-Identifier" and save this for completing the hardware configuration in Section 3

Section 2: Configuring hotspot settings

Marketing 4 WiFi Hotspot setup

  1. Login to your Marketing 4 WiFi dashboard
  2. Use the navigation panel to the left to click Network > Hotspots
  3. Click on the edit icon for the hotspot with existing Multi Device Guest Plans that will utilize the SecurePass feature
    1. Click on the toggle for Enable SecurePass
    2. WPA Key Confirmation Page: Click the blue plus icon to create a page and then use the edit page body button to build your own template. This is the page that will be displayed to users after purchasing a Guest Plan to provide on that original device the details of their DPSK
    3. Guest Plan Expiration Email: Click the blue plus icon to create a page and then use the edit page body button to build your own template. This is the Email template that will be delivered to guests before their Guest Plan expires at the defined interval of the guest plan
    4. SSIDs: Enter the desired SSID that with be used when configuring the hardware in Section 3
    5. SecurePass Include VLAN: When enabled this feature allows you to provide guests who purchase a SecurePass plan their own dedicated VLAN for the duration of their plan. VLANs must be created on the local network before enabling this feature or guests will not be able to connect to the internet.
      1. SecurePass VLAN Range: Use this section to define the VLAN ranges that the platform can use for guests when a SecurePass plan is purchased.
      2. SecurePass Default VLAN: This is the VLAN ID that SecurePass plans should be created with if there is no available VLANs in the SecurePass VLAN Range.
      3. SecurePass Default VLAN Message: This message is displayed to guests when purchasing a plan to inform them that their SecurePass plan will not include their own private area network.
    6. Press Submit

Section 3: Hardware configuration guides

Ruckus SmartZone Configuration

Required Ports

UDP Port 3799 must be open to your SmartZone for DPSK revocations to work.

  1. Login to the Smartzone dashboard
  2. Using the navigation panel to the left, click Services & Profiles > Authentication
  3. Click the Proxy (SZ Authenticator) tab at the top and the click the ‘+ Create’ button
    1. Name: SecurePass-auth
    2. Service Protocol: RADIUS
    3. Primary Server
      • IP Address: You will be provided this
      • Port: 1812
      • Shared Secret: You will be provided this
    4. Secondary Server
      • IP Address: You will be provided this
      • Port: 1812
      • Shared Secret: You will be provided this
  4. Using the navigation panel to the left, click Services & Profiles > Accounting
  5. Click the Proxy tab at the top and the click the ‘+ Create’ button
    1. Name: SecurePass-acct
    2. Service Protocol: RADIUS
    3. Primary Server
      • IP Address: You will be provided this
      • Port: 1813
      • Shared Secret: You will be provided this
    4. Secondary Server
      • IP Address: You will be provided this
      • Port: 1813
      • Shared Secret: You will be provided this
  6. Using the navigation panel to the left, click Wireless LANs and click the ‘+ Create’ button
    1. General Options
      1. Name: SecurePass
      2. SSID: Enter the value used in Section 2 step 3.4
    2. Authentication Options
      1. Authentication Type: Standard usage
      2. Authentication Method: Open
    3. Encryption Options

      1. Encryption Method: WPA2
      2. Algorithm: AES
      3. 802.11w MFP: Disabled
      4. Dynamic PSK: External
    4. Authentication & Accounting Service
      1. Authentication Service: SecurePass-auth
      2. Accounting Service: SecurePass-acct
    5. Options

      1. Wireless Client Isolation: ON
  7. Press OK

Ruckus ZoneDirector configuration guide

  1. Login to your ZoneDirector dashboard
  2. Using the Navigation panel, select Services & Profiles > AAA Servers
    • On the Authentication/Accounting Servers page click the +Create button
      1. Name: securepass_auth
      2. Type: RADIUS
      3. Encryption: Unchecked
      4. Auth Method: CHAP
      5. Backup RADIUS: Checked
      6. First Server-
        • IP Address: You will be provided this
        • Port: You will be provided this
        • Shared Secret: You will be provided this
        • Confirm Secret: You will be provided this
      7. Second Server
        • IP Address: You will be provided this
        • Port: You will be provided this
        • Shared Secret: You will be provided this
        • Confirm Secret: You will be provided this
      8. Press OK
    • Back on the Authentication/Accounting Servers page click the +Create button again
      1. Name: securepass_acct
      2. Type: RADIUS Accounting
      3. Encryption: Unchecked
      4. Backup RADIUS: Checked
      5. First Server-
        • IP Address: You will be provided this
        • Port: You will be provided this
        • Shared Secret: You will be provided this
        • Confirm Secret: You will be provided this
      6. Second Server
        • IP Address: You will be provided this
        • Port: You will be provided this
        • Shared Secret: You will be provided this
        • Confirm Secret: You will be provided this
      7. Press OK
  3. Using the Navigation panel, select Wireless LANs
  4. Select your desired WLAN Group
  5. Press the +Create button (Or Edit your desired existing WLAN)
    1. General
      • Name: SecurePass(or whatever you wish)
      • ESSID: Enter the value used in Section 2 step 3.4
    2. WLAN Usages
      1. Type: Standard Usage
    3. Authentication
      1. Method: Open
      2. Dynamic-PSK: External
      3. DPSK Authentication Server: securepass_auth
    4. Encryption
      1. Method: WPA2
      2. Algorithm: AES
      3. 802.11w MFP: Disabled
    5. Advanced Options
      1. Wireless Client Isolation: Check both boxes
      2. Accounting Server: securepass_acct
      3. Send Interim-Update every: 10 minutes
  6. Press OK

Ruckus Cloud configuration guide

  1. Login to your Ruckus Cloud portal
  2. Using the navigation panel select Network Control> Policies & Profiles
  3. Click on the RADIUS Server tile
  4. Click the ‘Add RADIUS Server’ button
    • Profile Name: securepass_auth
    • Type: Authentication RADIUS Server
    • Primary Server
      • IP Address: You will be provided this
      • Port: You will be provided this
      • Shared Secret: You will be provided this
    • Click Add Secondary Server
    • Secondary Server
      • IP Address: You will be provided this
      • Port: You will be provided this
      • Shared Secret: You will be provided this
    • Click Add
  5. Click the ‘Add RADIUS Server’ button again
    • Profile Name: securepass_acct
    • Type: Accounting RADIUS Server
    • Primary Server
      • IP Address: You will be provided this
      • Port: You will be provided this
      • Shared Secret: You will be provided this
    • Click Add Secondary Server
    • Secondary Server
      • IP Address: You will be provided this
      • Port: You will be provided this
      • Shared Secret: You will be provided this
    • Click Add
  6. Using the navigation panel select Wi-Fi > Wi-Fi Networks List
  7. Click the ‘Add Wi-Fi Network’ button
    1. Network Details
      • Network Name: Enter the value used in Section 2 step 3.4
      • Network Type: Dynamic Pre-Shared Key
      • Press Next
    2. DPSK Settings
      • Security Protocol: WPA2
      • Use RADIUS Server
      • Authentication Server: securepass_auth
      • Accounting Service: Enabled
      • Accounting Server: securepass_acct
      • Click Show more settings
      • Dynamic VLAN: Disabled
      • Network Control > Client Isolation: Enabled
      • Press Next
    3. Venues
      • Select the venue you would like to enable the SecurePass network
      • Press Next
    4. Summary
      • Review the settings on the page to ensure everything matches this document and then press Add

Cambium configuration guide

  1. Login to your CnMaestro dashboard
  2. Using the navigation panel select Configuration > Wi-Fi Profiles
  3. Select the WLANS tab
  4. Click the Add button
    1. WLAN Tab
      • Type: Enterprise Wi-FI
      • Name: SecurePass WiFi(or whatever you wish)
      • Enabled: Checked
      • SSID: Enter the value used in Section 2 step 3.4
      • Client Isolation: Network Wide
    2. AAA Servers Tab
      • Authentication Server
        • #1. Host: You will be provided this
        • #1. Secret: You will be provided this
        • #1 Port: You will be provided this
        • #2. Host: You will be provided this
        • #2. Secret: You will be provided this
        • #2. Port: You will be provided this
      • Accounting Server
        • #1. Host: You will be provided this
        • #1. Secret: You will be provided this
        • #1 Port: You will be provided this
        • #2. Host: You will be provided this
        • #2. Secret: You will be provided this
        • #2. Port: You will be provided this
        • Accounting Mode: Start-Interim-Stop
        • Accounting Packet: Checked
      • Advanced Settings
        • NAS-Identifier: You will be provided this
        • Dynamic VLAN: Unchecked
    3. Press Save
  5. Using the navigation panel select Configuration > Wi-Fi Profiles
  6. On the AP Groups tab, select your desired AP Group
    1. Basic Tab
      • Use the Add WLAN button to add the WLAN created in step 4 to the AP Group.
      • Make sure you note what # the WLAN is in the order of your AP Group, as it is used in the next step You will use this in the next step.
    2. User-Defined Overrides tab
      • Paste the text below into the user defined overrides text area. You must replace the # in the text below with the order number of the WLAN in your AP Group as mentioned in the previous step.
        !
        wireless wlan #
        epsk RADIUS
        !

TP-Link Omada Pro configuration guide

  1. Login to your Omada Pro controller
  2. Using the navigation panel select Profiles > RADIUS Profiles
  3. Click the ‘Create New RADIUS Profile’ button
    1. Name: securepass
    2. Authentication Server IP/URL: You will be provided this
    3. Authentication Port: You will be provided this
    4. Authentication Password: You will be provided this
    5. RADIUS Accounting: Checked
    6. Accounting Server IP/URL: You will be provided this
    7. Accounting Port: You will be provided this
    8. Accounting Password: You will be provided this
    9. Press Save
  4. Using the navigation panel select Wireless Networks > WLAN
  5. Click the ‘Create New Wireless Network’ button
    1. Network Name: Enter the value used in Section 2 step 3.4
    2. Security: PPSK with RADIUS
    3. RADIUS Profile: securepass
    4. Authentication type: Generic RADIUS with unbound MAC
    5. NAS ID: You will be provided this
    6. Set all other values to best practices
    7. Press Apply

NetExperience configuration guide

  1. Login to the NetExperience customer portal
  2. Using the navigation bar select Configure> Profiles
  3. Click the ‘Add’ button
    1. Type: RADIUS
    2. Profile Name: securepass
    3. Click the ‘Add Authentication Server’ button
    4. Primary Authentication Server
      • Address: You will be provided this
      • Shared Secret: You will be provided this
      • Port: You will be provided this
    5. Secondary Authentication Server
      • Address: You will be provided this
      • Shared Secret: You will be provided this
      • Port: You will be provided this
    6. Click the ‘Add Accounting Server’ button twice
    7. Primary Accounting Server
      • Use the Same Primary Server for Accounting: Checked
      • Port: You will be provided this
    8. Secondary Accounting Server
      • Use the Same Primary Server for Accounting: Checked
      • Port: You will be provided this
    9. Click the ‘Add’ button at the top of the page
  4. The portal will redirect you back to the Profiles page after creating the RADIUS Profile. On this page click the ‘Add’ button again.
    1. Type: Wireless Network (SSID)
    2. Profile Name: SecurePass (or wahtever you wish)
    3. Mode: WPA2 RADIUS Multi-PSK
    4. RADIUS
      • RADIUS Proxy: Manual
      • RADIUS Profile: securepass
      • RADIUS Accounting Interval: 300
      • NAS ID: Manual
      • Enter NAS ID: You will be provided this
      • NAS IP: WAN
    5. SSID
      • SSID Name: Enter the value used in Section 2 step 3.4
      • Broadcast SSID: Show SSID
    6. Network Connectivity
      • Mode: NAT
    7. Set all other values to best practices
    8. Click the ‘Add’ button at the top of the page

Section 4: Guest Experience

Guest Experience

  1. When a guest selects a Multi Device Guest Plan to purchase from a hotspot with Cloudpath enabled they’ll be presented with options on how to receive their private password.
  2. After successfully purchasing the plan regardless of selection devices will be presented an interstitial page displaying key information about the PSK associated to their purchased plan.
  3. At the defined interval before the DPSK expires the hotspots Guest Plan Expiration Email will be sent to the contact information if it was provided.

Updated on April 18, 2024

Was this article helpful?

Related Articles

Need Support?
Can't find the answer you're looking for? Don't worry we're here to help!
CONTACT SUPPORT