Showing results for 
Search instead for 
Did you mean: 

Method of connecting remote AP to SZ 100

New Contributor III
Hello everyone!
I still don't understand the method of connection the remote AP(at branch office, for example) to the SZ 100 controller at main office (or at datacenter).
Could it be done just with Ruckus devices?
 Or do I need a VPN server at controller side to build tonnels between remote AP and controller?
Thanks in advance.

To put it simply and in a way I can post it in a short reply here, with the SZ, the AP forms two separate tunnels.  One is SSH and the other is GRE (if required). 

The SSH tunnel is used to communicate with the controller securely and for the AP to download configuration, firmware and send stats, etc.. 

The GRE tunnel is formed when you chose to send the data of wireless clients to the controller via a GRE tunnel instead of sending it locally to a switch in what we call Local Break Out (LBO).  During this process, the AP forms a tunnel with the controller using a Ruckus proprietary process that allows the AP to be behind NAT if needed.  The data from the clients is encapsulated into a VLAN and sent via this tunnel to the controller where the VLAN is then removed from the tunnel and sent natively to the switch attached at the core, behind the SZ100 or SCG-200 controller.  Effectively, this creates a layer 2 tunnel over layer 3 and preserves the client MAC addresses and other needed information.  Which means, that this client can now have IPs from the core DHCP server, be sent to a session manager or gateway, sent to NAT, AAA, Active Directory or whatever you need to do the same way you would do if the client was connected locally to a switch port in your enterprise network.

Here is the datasheet for this controller.

The ZD however uses LWAPP (Lightweight Access Point Protocol) as its tunneling mechanism.  That is a bit different than GRE and can be read about briefly in this Wiki page.

It is a standard protocol a bit older and uses more overhead than SSH which is why it is not being used in our newer controllers today.

Hope this helps!

Thank you very much! 🙂 Now I understand the mechanism.
Also, if we are talking about GRE tonnel, how much users can sz-100 work with? 20000?

No problem.  The SZ100 is built to handle 1024 APs per Unit and up to 25k clients per unit.  However, it can also be cluster with up to three more other units for a total of 3k AP capacity and 60k clients with up to 2k WLAN per node.  The infrastructure can grow as needed.

Thank you again! Remote AP is connected and working right now!

Hehe, It is not the end.:)
Everything worked fine, until the SZ is connected directly to provider port without any firewall.
We put SZ behind Mikrotik 2011, open all ports according to the manual. And what happens next: AP migrating -> AP migrated -> AP discovery sucseeded -> AP connected ... one minute passed.. -> AP heartbeat lost -> AP disconnected.