Vscg SSH tunnels
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2015 05:10 AM
Hi Guys,
I have a remote vSCG to which I would like to connect APs located in different sites. I would like also to bridge the traffic locally.
The APs are all behind a firewall and a NAT device, I guess that I should use Ruckus GRE tunnels in order to traverse the NAT. As I am new to the vSCG, I would like to know if the user traffic is also going to be encapsulated in the GRE tunnel or it is just the management traffic that will flow through the tunnel.
Many thanks in advance guys!
I have a remote vSCG to which I would like to connect APs located in different sites. I would like also to bridge the traffic locally.
The APs are all behind a firewall and a NAT device, I guess that I should use Ruckus GRE tunnels in order to traverse the NAT. As I am new to the vSCG, I would like to know if the user traffic is also going to be encapsulated in the GRE tunnel or it is just the management traffic that will flow through the tunnel.
Many thanks in advance guys!
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2015 05:30 AM
by default vSCG controlled AP's switch the traffic locally and ONLY management traffic goes to vSCG
you can also tunnel both data and management to Vscg.
you can also tunnel both data and management to Vscg.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2015 05:35 AM
Thank you Monnat!
So, as I understand:
By default the vSCG will communicate with the APs using SSH (TCP/22) and https (TCP/443) for management traffic. these are the ports I should open on my firewall on both sides (AP side and vSCG side). This will work even if my APs and my vSCG are behind NAT devices.
In case I want to tunnel user data, then I have to use GRE+UDP.
So, as I understand:
By default the vSCG will communicate with the APs using SSH (TCP/22) and https (TCP/443) for management traffic. these are the ports I should open on my firewall on both sides (AP side and vSCG side). This will work even if my APs and my vSCG are behind NAT devices.
In case I want to tunnel user data, then I have to use GRE+UDP.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2015 06:31 AM
Couple of things here, AP to vSZ communication requires ports 91,22,443 and if version 3.2 11443 is then required as well.
Second, only on the vSZ side and inbound direction is this required unless you are blocking these at the AP side as well normally you don't need to open them at the AP side or source.
Third, if vSZ is behind Nat, you need to specify what is the outside public IP that the vSZ should be using when replying to the APs. Otherwise it will send its private IP configured on it and the AP won't be able to form an SSH tunnel to a private IP over the internet. This can be set on the vSZ under system cluster configuration section.
Last, data can't be tunneled to the vSZ directly if you want to tunnel traffic to the controller. You will need to set up a virtual data place for that.
Second, only on the vSZ side and inbound direction is this required unless you are blocking these at the AP side as well normally you don't need to open them at the AP side or source.
Third, if vSZ is behind Nat, you need to specify what is the outside public IP that the vSZ should be using when replying to the APs. Otherwise it will send its private IP configured on it and the AP won't be able to form an SSH tunnel to a private IP over the internet. This can be set on the vSZ under system cluster configuration section.
Last, data can't be tunneled to the vSZ directly if you want to tunnel traffic to the controller. You will need to set up a virtual data place for that.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2015 06:33 AM
well its better you refer to admin guide for that...there are many ports to be kept open for various reasons...not just SSH and https
download the file from here -- http://s000.tinyupload.com/?file_id=07957357372619860888
page no 503 on pdf file
download the file from here -- http://s000.tinyupload.com/?file_id=07957357372619860888
page no 503 on pdf file
