cancel
Showing results for 
Search instead for 
Did you mean: 

Why would Access Points try to access other Access Points on TCP port 1883?

carsten_buchena
New Contributor II

Hi,

We are running vSZ-H on 6.1.0.0.935. One of our customer installations has 2 Zones inside the same Domain. I have noticed that APs from one Zone are trying to contact Access Points on the other Zone on TCP port 1883.

A quick check of the destination IPs revealed that the APs can probably see each other on the radio interfaces.

We have Ruckus Analytics enabled, but no SCI.

Is this something that is required? And if yes, for what? And is there a way to stop APs trying that, rather than blocking it on our Firewall?

3 REPLIES 3

Parik_MN
RUCKUS Team Member

Hello @carsten_buchena

 

Smart Zone APs are designed in such a way that they talk to each other on MQTT port 1883 to learn about the neighbor topology as well as the signal overlap with each other. That way AP set it's power level. 
APs even exchange the PRK-R0/R1 ID for seamless client roaming.

Blocking those traffic would give raise to other sever issues.

Regards,

Parik

Thanks Parik!

I was wondering how/why they are doing this as they are inside the same domain, but in different zones, broadcasting different SSIDs. I guess they learn from each other via radio discovery, and thus try to communicate through their Ethernet backbone?

It's not that I am explicitly blocking this traffic - APs are in completely different management networks, with 2 Firewalls in between. So I now have to see if I can/should open the Firewalls in between to allow such traffic in both ways. 

Regards,
Carsten

Hi @carsten_buchena

Yes, you are right. The APs learn the IP address over the air and start communicating through Ethernet. If APs are on different zone then blocking the port shouldn't be an issue.

 

Regards,

Parik