This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SCG200 - How can I block traffic through DataPlane SCG-D1

jardel_almeida1
Contributor

‎08-01-2018 10:12 AM

How can I block traffic by Data Plane1


Friends,
We are working with SCG200, and have set up a new Datapla. I would like to know how do I block DP-0 traffic, forcing the new Data plane (DP-1) to take over?


I've tried ACL without success.
I have already tried via the command line, both in the AP, and in the CLI of the SCG, also to no avail.

CLI-AP:

set tunnelmgr : set tunnelmgr {options}

                 -> disable/enable

                 -> tunnel

                 -> type [mode comcast]

                 -> auth

                 -> port

ü  rkscli: set tunnelmgr SCG-D Sorry, no match to set tunnelmgr SCG-D found

 ü  rkscli: set tunnelmgr SCG-D Sorry, no match to set tunnelmgr SCG-D found

 ü  rkscli: set tunnelmgr SCG-D 1Sorry, no match to set tunnelmgr SCG-D 1 found

 ------------------------------------------------------------------------------------

 ARC-RJ-WLC-R08# remote ap-cli D4:68:4D:10:11:00 "set tunnelmgr port SCG-D0 disable"

Error: parameter error -- Agrument must be digits

 ARC-RJ-WLC-R08# remote ap-cli D4:68:4D:10:11:00 "set tunnelmgr SCG-D0 disable"

Error: parameter error -- Agrument must be digits

 ARC-RJ-WLC-R08# remote ap-cli D4:68:4D:10:11:00 "set tunnelmgr port SCG-D0 port disable"

Error: parameter error -- Agrument must be digits

 ARC-RJ-WLC-R08# remote ap-cli D4:68:4D:10:11:00 "set tunnelmgr SCG-D0 disable"

ARC-RJ-WLC-R08# remote ap-cli D4:68:4D:10:11:00 "set tunnelmgr SCG-D0 disable"

Error: parameter error -- Agrument must be digits


Any tips?

"get tunnelmgr"

------ TUNNELMGR Information ------
tunnelmgr Service:      Enabled
Tunnel Establishment:   Enabled
Tunnel Authentication:  Enabled
Tunnel Cipher:          Disabled
PMTU Discovery:         Enabled
Node Affinity:          Disabled
Force Fragmentation:    Disabled
Tunnel Type: Ruckus-GRE
SCG-D IP List:       =1@[x.x.x.x]:23233,[y.y.y.y]:23233
Internal Subnet:        10.x.0.0
GRE over UDP: AP/SCG-D UDP port # 23233/23233
Keep Alive Interval/Retry-limit: 10/6
Keep Alive Interval2: N/A

4 REPLIES 4

pilot1199
New Contributor III

‎08-01-2018 10:17 AM

Hello.

I am not sure about SCG but in vSZ you can use the feature called vDP Zone Affinity. You will be able to create a list w/ Data planes and attach them to specific AP Zone.
0 Kudos

jardel_almeida1
Contributor
In response to pilot1199

‎08-01-2018 10:23 AM

Hello Genrikh,  
Thanks for the quick response.

I saw it, I searched it here in support Ruckus, but this feature is only working on vSZ.

http://docs.ruckuswireless.com/smartzone/3.6.1/sz100-vsze-administrator-guide/GUID-508F58A7-0642-4F2...

Thanks!
0 Kudos

jardel_almeida1
Contributor

‎08-02-2018 08:17 AM

Gentlemen,

Sorted out.

I configured an extended ACL on my router, blocking the IP of the DTP0.

Then when I ran the "get tunnelmgr" command, and the failover worked, that is, I could only see the traffic / tunnel of the new dataplane
0 Kudos

pilot1199
New Contributor III

‎08-02-2018 08:23 AM

Hello.

You can use ACL on AP to do the same. It will work. 

#AP CLI script
#define Zone's AP FW version
fw_version=3.2.1.0.682

#define Model class, only all is supported now.
model=all

#CLI commands
set qos eth0 ip add ucast src  192.168.100.105/255.255.255.255 drop
0 Kudos
Copyright © 2024 Khoros, LLC