I have a remote vSCG to which I would like to connect APs located in different sites. I would like also to bridge the traffic locally. The APs are all behind a firewall and a NAT device, I guess that I should use Ruckus GRE tunnels in order to traverse the NAT. As I am new to the vSCG, I would like to know if the user traffic is also going to be encapsulated in the GRE tunnel or it is just the management traffic that will flow through the tunnel.
Thank you Monnat! So, as I understand: By default the vSCG will communicate with the APs using SSH (TCP/22) and https (TCP/443) for management traffic. these are the ports I should open on my firewall on both sides (AP side and vSCG side). This will work even if my APs and my vSCG are behind NAT devices.
In case I want to tunnel user data, then I have to use GRE+UDP.
Couple of things here, AP to vSZ communication requires ports 91,22,443 and if version 3.2 11443 is then required as well.
Second, only on the vSZ side and inbound direction is this required unless you are blocking these at the AP side as well normally you don't need to open them at the AP side or source.
Third, if vSZ is behind Nat, you need to specify what is the outside public IP that the vSZ should be using when replying to the APs. Otherwise it will send its private IP configured on it and the AP won't be able to form an SSH tunnel to a private IP over the internet. This can be set on the vSZ under system cluster configuration section.
Last, data can't be tunneled to the vSZ directly if you want to tunnel traffic to the controller. You will need to set up a virtual data place for that.