This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hosting solution

henrik_lodel
New Contributor II

‎10-06-2015 12:39 PM

Hi !

We are a MSP company that have customers with all from 1 - 300 users.
We want to build a Wlan Hosting/Carrier solution where we have a vscg in our datacenter and and manage accesspoints at multiple customers from this central controller.

I want to be able to stage the accesspoints at our office and make them 100% done so we then just need to physically mount them at the customer.

I want that all AP ́s that I stage or put in a zone would get the external dns adress to our vscg so that I dont need to ssh to every AP and put it in manually.

Is this possible ?

An other question, the list of ports that the guide tells you to open is pretty long, which are the most important for basic ap-controller communication no radius and stuff ?

Thanks in advance!

/Henrik
7 REPLIES 7

dionis_taveras
Contributor II

‎10-06-2015 12:52 PM

Hello Henrik and welcome to the Ruckus forum.

This is certainly possible and something that is being used today by other carriers. 


Assuming you control and own the DNS server which these APs would look to in order to resolve DNS queries.  If this is the case, all you have to do is set an A record in your DNS server to resolve the word "RuckusController" to the IP of the controller itself you want the APs to reach. 


The APs will query your DNS server for RuckusController.domain.com (domain.com being your dns suffix or domain) and get the IP from your DNS server.  They will then attempt to register to that controller directly.


At that point, you need at least the following ports:

TCP ports:

Port 21 = FTP Com port

Port range 16384-65000 (configurable in vSCG) = FTP Passive port range

Port 443 = https port for AP to vSCG Registration

Port 22 = SSH Tunnel from AP to SCG

Port 91 = AP and vSCG firmware update and other uses port

Optional TCP Ports:

Port 8443 = Used for vSCG WebUI access from remote (if needed, this may not be necessary if you are using a 3 interface configuration and using VPN to connect to management interface)

Port 7443 = Port used by SWIPE (not required if you are not using SWIPE to provision APs onsite)


UDP Ports:

Port 12223 = LWAP communication port for APs not running vSCG firmware to communicate with vSCG and get upgraded (using passive FTP ports mentioned above)


Hope this helps.

Regards,

0 Kudos

henrik_lodel
New Contributor II

‎10-06-2015 01:13 PM

Hi !

This looks greate ! Thanks alot for a quick and good answer!
I will try this !
0 Kudos

richard_hamilto
New Contributor II

‎10-06-2015 01:52 PM

Hi Alpha,

I thought you had to use a special DHCP option code 43 to point the AP's to the vSCG. Not just a DNS entry. Assuming all on same LAN as vSCG. Once complete you can move it to another LAN, i.e remote site

As out the box the AP's will not be in a managed mode and on wrong firmware. You have to issue a SSH command. to set the vSCG or Director server IP

As your method is same as Ubiquiti, except that points to A record for the "unifi" name.

So like the sound of that.

Richy
0 Kudos

dionis_taveras
Contributor II

‎10-06-2015 02:12 PM

Richy, not at all.

 DHCP Option 43 is one of multiple ways to get an AP to discover the controller address when talking about the vSCG (now called vSZ). You can of course use that, however, for the problem at hand in this case, it would not be a suitable solution since DHCP may not be something that he can control or configure. The AP will get DNS servers via DHCP and then attempt to resolve RuckusController and obtain the controller IP this way.

You are correct on APs potentially having different firmware or incompatible firmware with the vSCG, this is why I recommended that ports 12223 and 21 as well as the passive FTP port range be open. This will ensure that any AP, regardless of firmware version from Ruckus (ZoneDirector or SCG, or 9.x or 2/3.x) can still be discovered and auto upgraded to the correct version of firmware. The vSCG will do this automatically for you.

Henrik, one thing I forgot to mention, if you are APs are in an older version of firmware, you will need to enable the LWAPPtoSCG built in tool. You can do this at setup, or after setup. Here are the commands to enable it once setup is complete or for an already running version. Otherwise, you can do it during setup by simply selecting to auto upgrade APs running zonedirector code.

configure

lwapp2scg

policy accept-all


Regards, D

0 Kudos
Copyright © 2024 Khoros, LLC