11-16-2022 03:20 AM
We are running vSZ-H on 18.104.22.168.935. One of our customer installations has 2 Zones inside the same Domain. I have noticed that APs from one Zone are trying to contact Access Points on the other Zone on TCP port 1883.
A quick check of the destination IPs revealed that the APs can probably see each other on the radio interfaces.
We have Ruckus Analytics enabled, but no SCI.
Is this something that is required? And if yes, for what? And is there a way to stop APs trying that, rather than blocking it on our Firewall?
11-16-2022 03:27 AM
Smart Zone APs are designed in such a way that they talk to each other on MQTT port 1883 to learn about the neighbor topology as well as the signal overlap with each other. That way AP set it's power level.
APs even exchange the PRK-R0/R1 ID for seamless client roaming.
Blocking those traffic would give raise to other sever issues.
11-16-2022 08:54 AM
I was wondering how/why they are doing this as they are inside the same domain, but in different zones, broadcasting different SSIDs. I guess they learn from each other via radio discovery, and thus try to communicate through their Ethernet backbone?
It's not that I am explicitly blocking this traffic - APs are in completely different management networks, with 2 Firewalls in between. So I now have to see if I can/should open the Firewalls in between to allow such traffic in both ways.
11-17-2022 10:42 PM
Yes, you are right. The APs learn the IP address over the air and start communicating through Ethernet. If APs are on different zone then blocking the port shouldn't be an issue.