Showing results for 
Search instead for 
Did you mean: 

Vscg SSH tunnels

New Contributor II
Hi Guys,

I have a remote vSCG to which I would like to connect APs located in different sites. I would like also to bridge the traffic locally.
The APs are all behind a firewall and a NAT device, I guess that I should use Ruckus GRE tunnels in order to traverse the NAT. As I am new to the vSCG, I would like to know if the user traffic is also going to be encapsulated in the GRE tunnel or it is just the management traffic that will flow through the tunnel.

Many thanks in advance guys!

Valued Contributor II
by default vSCG controlled AP's switch the traffic locally and ONLY management traffic goes to vSCG

you can also tunnel both data and management to Vscg.

New Contributor II
Thank you Monnat!
So, as I understand:
By default the vSCG will communicate with the APs using SSH (TCP/22) and https (TCP/443) for management traffic. these are the ports I should open on my firewall on both sides (AP side and vSCG side). This will work even if my APs and my vSCG are behind NAT devices.

In case I want to tunnel user data, then I have to use GRE+UDP.

Contributor II
Couple of things here, AP to vSZ communication requires ports 91,22,443 and if version 3.2 11443 is then required as well.

Second, only on the vSZ side and inbound direction is this required unless you are blocking these at the AP side as well normally you don't need to open them at the AP side or source.

Third, if vSZ is behind Nat, you need to specify what is the outside public IP that the vSZ should be using when replying to the APs. Otherwise it will send its private IP configured on it and the AP won't be able to form an SSH tunnel to a private IP over the internet. This can be set on the vSZ under system cluster configuration section.

Last, data can't be tunneled to the vSZ directly if you want to tunnel traffic to the controller. You will need to set up a virtual data place for that.

Valued Contributor II
well its better you  refer to admin guide for that...there are many ports to be kept open for various reasons...not just SSH and https

download the file from here --

page no 503 on pdf file