This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Vscg SSH tunnels

othmane_douiri_
New Contributor II

‎12-21-2015 05:10 AM

Hi Guys,

I have a remote vSCG to which I would like to connect APs located in different sites. I would like also to bridge the traffic locally.
The APs are all behind a firewall and a NAT device, I guess that I should use Ruckus GRE tunnels in order to traverse the NAT. As I am new to the vSCG, I would like to know if the user traffic is also going to be encapsulated in the GRE tunnel or it is just the management traffic that will flow through the tunnel.

Many thanks in advance guys!
5 REPLIES 5

monnat_systems
Valued Contributor II

‎12-21-2015 05:30 AM

by default vSCG controlled AP's switch the traffic locally and ONLY management traffic goes to vSCG

you can also tunnel both data and management to Vscg.
0 Kudos

othmane_douiri_
New Contributor II

‎12-21-2015 05:35 AM

Thank you Monnat!
So, as I understand:
By default the vSCG will communicate with the APs using SSH (TCP/22) and https (TCP/443) for management traffic. these are the ports I should open on my firewall on both sides (AP side and vSCG side). This will work even if my APs and my vSCG are behind NAT devices.

In case I want to tunnel user data, then I have to use GRE+UDP.
0 Kudos

dionis_taveras
Contributor II

‎12-21-2015 06:31 AM

Couple of things here, AP to vSZ communication requires ports 91,22,443 and if version 3.2 11443 is then required as well.

Second, only on the vSZ side and inbound direction is this required unless you are blocking these at the AP side as well normally you don't need to open them at the AP side or source.

Third, if vSZ is behind Nat, you need to specify what is the outside public IP that the vSZ should be using when replying to the APs. Otherwise it will send its private IP configured on it and the AP won't be able to form an SSH tunnel to a private IP over the internet. This can be set on the vSZ under system cluster configuration section.

Last, data can't be tunneled to the vSZ directly if you want to tunnel traffic to the controller. You will need to set up a virtual data place for that.

monnat_systems
Valued Contributor II

‎12-21-2015 06:33 AM

well its better you  refer to admin guide for that...there are many ports to be kept open for various reasons...not just SSH and https

download the file from here -- http://s000.tinyupload.com/?file_id=07957357372619860888

page no 503 on pdf file
0 Kudos
Copyright © 2024 Khoros, LLC