CommScope RUCKUS Community Forums

patrick_schroff · ‎03-15-2016

The vSZ runs on an server with a public ip. Once a new AP is added to the customers network with an 100.... Firmware, it cannot connect to the vSZ via public IP.

We tried

· DHCP option 43 as described in https://support.ruckuswireless.com/answers/000003197

· manually add the director ip (set director ip x.x.x.x) on the ap

but the AP doesn’t connect and/or perform no firmware update.

When we first connect the AP internally to the vSZ and move the AP to the appropriate Zone, it will work at the customer ́s Network.

Did we miss something or doing it wrong?

bernie_reynoso · ‎03-15-2016

Have you applied this to the controller?

Enabling LWAPP2SCG

If the LWAPP2SCG application is pre-installed but disabled in your controller

release, do the following to enable it:

1 Log on to the controller’s console.

2 Enter en to enable privileged mode.

3 Enter config.

4 Enter lwapp2scg.

5 Enter policy accept-all.

You have completed enabling the LWAPP2SCG application on the controller.

eizens_putnins · ‎03-15-2016

Hi, probably one of 2 reasons:
1. From some version (I think 3.2) you need additional ports to be opened on firewall for firmware download (16384-65000 Tcp). When AP is already initially connected to v-SZ (and has proper v-SZ image), it works without troubles, but firmware upgrade to the next version will fail.
2. If you have out of box APs which has been delivered for use with ZD, you need both Ruckus vendor options on DHCP, directing to same v-SZ IP. ZD APs are interested in one option, v-SZ - in second. So in the beginning AP with universal image gets v-SZ IP as a ZD IP, contacts v-SZ and gets converted.

Ports to be forwarded are:

443 TCP, 22 tcp, 91 tcp, 123 tcp, 1812-1813, tcp 23233 udp, 23232 Tcp, 80 tcp, 6868 tcp, 12223 Tcp, 161 Tcp, 21 Tcp, 8080 Tcp, 8443 Tcp, 8099-8111 Tcp, 9997-9998 Tcp, 9080 Tcp, 9443 Tcp, 1143 Tcp, udp, 8090 Tcp, 12223 Tcp, 16384-65000 Tcp.

Additional comment -- if AP was in fact connected to ZD, even after factory reset, when connected to vSCG, it will not work properly. You need to reset it to factory default again after it get's v-SZ firmware, only than it will work properly.

Hope it helps,

Eizens

seanmuir · ‎03-16-2016

Firewall Ports are follows:

Image_ images_messages_5f91c476135b77e247a9fa92_740bd9bf4ae790ef0ca4115145ccfe53_RackMultipart2016031694019h77r-259a1661-ce11-45b8-adb3-c5bc1cb3dec0-246035430.png1458126809

Note: Taken from SCG/vSZ-H 3.2 Administrator Guide

patrick_schroff · ‎03-16-2016

All required Ports are opened/forwarded to the vSZ.

LWAPP2SCG is active for all APs.

We configured 03 as well as 06 in DHCP option 43

Here a picture of our configuration:

But it still does not work...

seanmuir · ‎03-16-2016

AP's in this environment need to use Ruckus GRE and a GRE Tunnel Profile:

Zone Config Example

Image_ images_messages_5f91c41d135b77e24796c09b_a355a1acf5d94b9904bb6ffdf3ce7ddc_RackMultipart20160316118161lmn-0a975649-42af-497b-bebc-3931cc554a25-485294349.png1458144846

Ruckus GRE Profile Example

Image_ images_messages_5f91c41d135b77e24796c09b_a7c58709da876c2e6b816658c23b1bb8_RackMultipart2016031624412ac7s-124cbfb2-3447-4b85-9b5c-00b349731e46-1596461203.png1458144981

I have had this working but my data plane on the SCG had a public facing IP and the AP' pointed to that IP.

Note: the Ruckus GRE Profile needs to be configured prior to choosing it in the zone.

As a side measure I would recommend that you sniff to see what's happening with the lwapp frame from the AP i.e. is the AP sending one as I have seen it before when certain AP's dont and you haev to factory reset them in this case.

Also sniff the SCG data plane and see if the SCG is recieving the lwapp frame and what is happening with it when recieved if its being received at all.

Good luck

CommScope RUCKUS Community Forums

Connection between AP and vSZ