This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Method of connecting remote AP to SZ 100

alexander_moise
New Contributor III

‎08-26-2015 10:37 AM

Hello everyone!
I still don't understand the method of connection the remote AP(at branch office, for example) to the SZ 100 controller at main office (or at datacenter).
Could it be done just with Ruckus devices?
 Or do I need a VPN server at controller side to build tonnels between remote AP and controller?
Thanks in advance.
11 REPLIES 11

dionis_taveras
Contributor II
In response to dionis_taveras

‎08-26-2015 04:25 PM

To put it simply and in a way I can post it in a short reply here, with the SZ, the AP forms two separate tunnels.  One is SSH and the other is GRE (if required). 

The SSH tunnel is used to communicate with the controller securely and for the AP to download configuration, firmware and send stats, etc.. 

The GRE tunnel is formed when you chose to send the data of wireless clients to the controller via a GRE tunnel instead of sending it locally to a switch in what we call Local Break Out (LBO).  During this process, the AP forms a tunnel with the controller using a Ruckus proprietary process that allows the AP to be behind NAT if needed.  The data from the clients is encapsulated into a VLAN and sent via this tunnel to the controller where the VLAN is then removed from the tunnel and sent natively to the switch attached at the core, behind the SZ100 or SCG-200 controller.  Effectively, this creates a layer 2 tunnel over layer 3 and preserves the client MAC addresses and other needed information.  Which means, that this client can now have IPs from the core DHCP server, be sent to a session manager or gateway, sent to NAT, AAA, Active Directory or whatever you need to do the same way you would do if the client was connected locally to a switch port in your enterprise network.

Here is the datasheet for this controller. 

http://a030f85c1e25003d7609-b98377aee968aad08453374eb1df3398.r40.cf2.rackcdn.com/datasheets/ds-smart...


The ZD however uses LWAPP (Lightweight Access Point Protocol) as its tunneling mechanism.  That is a bit different than GRE and can be read about briefly in this Wiki page.

https://en.wikipedia.org/wiki/Lightweight_Access_Point_Protocol

It is a standard protocol a bit older and uses more overhead than SSH which is why it is not being used in our newer controllers today.

Hope this helps!

alexander_moise
New Contributor III
In response to dionis_taveras

‎08-27-2015 12:19 AM

Thank you very much! 🙂 Now I understand the mechanism.
Also, if we are talking about GRE tonnel, how much users can sz-100 work with? 20000?
0 Kudos

dionis_taveras
Contributor II
In response to dionis_taveras

‎08-27-2015 06:33 AM

No problem.  The SZ100 is built to handle 1024 APs per Unit and up to 25k clients per unit.  However, it can also be cluster with up to three more other units for a total of 3k AP capacity and 60k clients with up to 2k WLAN per node.  The infrastructure can grow as needed.

alexander_moise
New Contributor III
In response to dionis_taveras

‎08-27-2015 02:00 PM

Thank you again! Remote AP is connected and working right now!

alexander_moise
New Contributor III
In response to dionis_taveras

‎08-29-2015 12:55 AM

Hehe, It is not the end.:)
Everything worked fine, until the SZ is connected directly to provider port without any firewall.
We put SZ behind Mikrotik 2011, open all ports according to the manual. And what happens next: AP migrating -> AP migrated -> AP discovery sucseeded -> AP connected ... one minute passed.. -> AP heartbeat lost -> AP disconnected.
0 Kudos
Copyright © 2025 Khoros, LLC
Top

Type a product name