Is Client Management equivalent to Ruckus FlexConnect?

  • 1
  • Question
  • Updated 3 years ago
  • (Edited)
I have a prospect who has been evaluating Ruckus and Meraki solutions, now they are looking at Aerohive. One thing they liked with Ruckus is what I think they call FlexConnect (http://www.ruckuswireless.com/press/releases/20110822-introducing-flexconnect)

Basically what they want to do is have an open SSID that corporate users can connect CID or BYO devices to, they hit a CWP that asks for their AD credentials. If they get authenticated then some "magic" happens. The way they described it is that the wifi connection automatically becomes encrypted, I'm guessing some kind of PSK and wifi policy gets sent to the client, but the prospect indicated this didn't involve a separate SSID nor 802.1X. I am struggling to understand how this could possibly work.

I can imagine having two SSID's, one open for the authentication CWP, and second that is secured via 802.1X or PPSK, and if their authentication succeeds then the client associates with the second SSID, but this isn't how the prospect described it.

Looking at Aerohive's portfolio, it seems that Client Management might do something similar, but it only supports iOS and Android devices. The prospect also has a lot of Windows and OSX devices they need to include in this scheme. So I don't know if Client Management is the answer, whether there is some other way to do it, or the prospect is describing the Ruckus feature incorrectly. They have said they don't want to use 802.1X so I'm guessing the only way to secure the network is for some kind of PPSK to get sent to the client when the user has authenticated, but this feels like some kind of agent or supplicant is required.

Does anyone have any idea about this Ruckus FlexConnect feature, how it works and whether we can do something similar in Aerohive - unfortunately my knowledge of other wifi vendors is (severely) limited!

Cheers,

Paul
Photo of Paul

Paul

  • 19 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Paul

Paul

  • 19 Posts
  • 0 Reply Likes
Excerpt of the relevant feature:

Instead of manually configuring individual devices with encryption keys, 802.1X supplicants and wireless configuration information, Dynamic PSK automates and centralizes this process within the network. Once enabled for the entire system through a simple check box within the ZoneDirector WLAN controller, a new user simply connects to the wireless network through a provisioning SSID and authenticates via a captive portal. This information is checked against any standard back-end authentication system such as Active Directory, RADIUS or an internal user database on the ZoneDirector.

Once authenticated, a unique encryption key is generated for each user. Zero IT then pushes a configuration applet with the unique user key and other Wi-Fi configuration information to each device. This applet automatically configures the user’s device without human intervention. Once associated to the requisite WLAN, the Dynamic PSK (with a configurable lifetime) is bound to the user and the end device. Ruckus Dynamic PSK and Zero IT facilities are supported across a wide range of smart devices including Apple iPads, iPhones, Android OS, Windows Mobile, and Windows CE platforms.
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
I did a large amount of testing using Ruckus' Dynamic PSK solution and found that when it worked it worked really well but had the following limitations:

  • The automatic deployment of Dynamic PSKs is not supported on all devices.  I remember having some real issues with Android devices.
  • You can only have one Dynamic PSK validity period.  So if you were using Dynamic PSKs for guests, for example, every guest account would be valid for the same length of time.  This differs from Aerohive as the Private PSK solutions supports multiple Private PSK validity periods.