Hello again, hopefully after reading this you'll be able to understand how RUCKUS ZoneDirector does certain things under the hood. I will cover 4 things in this little Gist, first of all I will show you how to authenticate using PowerShell and keep the session stored. As a base for this guide I will be using this writeup so be sure to read that for the details I will surely miss out on mentioning. This is for a basic SysAdmin who wants to let users do certain things with ZoneDirector without having to give any control of the actual system itself.
Since in my enviroment we use a valid SSL certificate you may or may not need to add this simple hack to the top of your PowerShell.
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
This stops PowerShell validating certificates and goes through anyway.
Moving on we'll want to setup the beginning of the script, it is awfully similar to the one in the article linked above, don't worry I will stray away from that towards the end, this isn't a blatant copy&paste!
$URL = 'https://x.x.x.x/admin/' #Replace X with Hostname or IP of ZoneDirector.
$Username = 'admin'
$Password = 'X' #Replace X with the ZoneDirector Password
$LoginBody = "username=$($Username)&password=$($Password)&ok=Log+In"
$Request = Invoke-WebRequest ($BaseURL + "login.jsp") -SessionVariable RuckusSession -Method Post -Body $LoginBody -UseBasicParsing
So what we're doing here is invoking a WebReques to the Ruckus ZoneDirector and posting the Sign-In Information, assuming you've got everything correct thus far it should log us in and store the session in a variable called RuckusSession. This part of the script is the baseline and used to just get us talking with Ruckus, in the next 3 sessions I'll show you how to do the specifics we're all here for.
NOTE: Don't put a $ infront of RuckusSession, it doesn't need one!
This is where I will stray slightly from the article above, in his example I found that my PID had to be different from what was in his, so keep that in mind I found my works only when it is set to 1. So for example if we add to the script above something like this:
$StatBody = '<ajax-request action="getstat" comp="stamgr"><client LEVEL="1"/><pieceStat start="0" pid="1" number="1000" requestId="clientsummary.1542690192161"/></ajax-request>'
You can see I am requesting 1000 clients starting from 0, you may only have 50 active clients at the current time so this will only return 50. It returns all the data you see in the Active Clients window inside Zone Director. To use this in action just throw this at the bottom of your script
$Request = Invoke-RestMethod ($BaseURL + "_cmdstat.jsp") -WebSession $RuckusSession -Method Post -Body $StatBody
$Request.'ajax-response'.response.'apstamgr-stat'.ChildNodes
If your Zone Director is happy with the request it will return all active clients :).
To disconnect a Client copy the abvoe script upto the $StatBoby and put
$StatBody = '<ajax-request action="docmd" comp="stamgr" updater="rid.0.4572582756167287" xcmd="delete" checkAbility="10"><xcmd cmd="delete" tag="client" client="MAC"/></ajax-request>'
in it's place, and replace the MAC with the MAC Address of the client you're wanting to disconnect, this will simply let the client reconnect after a few seconds unless it is setup to not reconnect.
To ban a Client copy the abvoe script upto the $StatBoby and put
$StatBody = '<ajax-request action="docmd" comp="stamgr" updater="rid.0.19497076422937598" xcmd="block" checkAbility="10"><xcmd cmd="block" tag="client" client="MAC" acl-id="1"/></ajax-request>'
in it's place, and replace the MAC with the MAC Address of the client you're wanting to ban,
WARNING: Make sure you're not banning your own IP if your device only has Wireless or you'll need to go into the Admin interfae and remove it.
So, you've made it this far, hopefully this works for you as well as it did for me, I'd like to thank Fiddler, it's such a good tool that helps with working this all out. Until the next time I decide to write about something this is me for now. Catch Ya'll!n