This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

vSZ-D - behaviour of wireless clients connected to the same SSID

Go to solution
ToastE
New Contributor II

‎03-21-2022 10:49 PM

Hi,

I couldn't find an answer to this anywhere so I suspect it might be an obvious answer.

Theoretical Scenario:

  • 10 x APs at local site - One WLAN. One VLAN for AP management and and the other is the access VLAN on the single WLAN.
  • vSZ-E and vSZ-D hosted at a remote site - tunelling enabled on the WLAN.

Questions:

  1. If two wireless clients are connected to the same AP at the local site, will traffic between them be forwarded via the data plane at the remote site or will it remain local?
  2. If two wireless clients are connected to different APs at the local site, will traffic between them be forwarded via the data plane at the remote site or will it remain local?

Bonus question: Can the wireless clients recieve DHCP leases from a DHCP server at the local site subnet? Or will they be forced to go via the Data Plane?

From what I've read, the Split Tunnel Profile may facilitate in keeping local traffic local but I could have issues with DHCP?

Licensing wise, the scenario above would require a license for vSZ-E, vSZ-D, 10 x APs, 10 x tunnels. Anything else?

Thanks

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
sonny
RUCKUS Team Member

‎04-07-2022 09:07 AM

Hello ToastE,

My colleague forwarded your questions to me. Here are the answers for your questions

For your question 1: 

I assume the wireless clients in this case are on the same IP subnet, if so, traffic between these 2 wireless clients will be on the Wireless side and will not be seen at AP WAN port.

My Wireless packet capture shows the packets are sending to clients directly via AP WLAN interface and nothing at AP port or at vDP.

For your questions 2:

Traffic between wireless clients will be tunneling to vDP because AP just knows its current associated wireless clients.

My vDP packet capture shows:

Wireless client 1 ==== AP 1 ==== vDP==== AP 2 ==== Wireless client 2, and vice-versa.

For your Bonus question:

WLAN tunneling is the prerequisite for Spit-tunnel feature. Without checking the option WLAN Tunneling, the Split-Tunnel option will not display. This means wireless client MUST receive IP address from DHCP server behind the tunnel.

 

View solution in original post

7 REPLIES 7

Go to solution
sonny
RUCKUS Team Member

‎04-07-2022 09:07 AM

Hello ToastE,

My colleague forwarded your questions to me. Here are the answers for your questions

For your question 1: 

I assume the wireless clients in this case are on the same IP subnet, if so, traffic between these 2 wireless clients will be on the Wireless side and will not be seen at AP WAN port.

My Wireless packet capture shows the packets are sending to clients directly via AP WLAN interface and nothing at AP port or at vDP.

For your questions 2:

Traffic between wireless clients will be tunneling to vDP because AP just knows its current associated wireless clients.

My vDP packet capture shows:

Wireless client 1 ==== AP 1 ==== vDP==== AP 2 ==== Wireless client 2, and vice-versa.

For your Bonus question:

WLAN tunneling is the prerequisite for Spit-tunnel feature. Without checking the option WLAN Tunneling, the Split-Tunnel option will not display. This means wireless client MUST receive IP address from DHCP server behind the tunnel.

 

Go to solution
ToastE
New Contributor II
In response to sonny

‎04-07-2022 07:45 PM

Thank you very much, sonny! Your assumption about the wireless clients being in the same IP subnet are correct. Your answers are very helpful.

As all clients are in the same IP subnet, would it be possible to add the entire subnet to a split tunneling profile except for the gateway address so that traffic between wireless clients connected to different APs does not traverse the vDP? i.e. don't use the tunnel for local traffic unless it's destined for the gateway address. Local traffic would only be constrained by the bandwidth of the wireless medium, all other traffic would be constrained by the bandwidth of the WAN link between the APs and the vDP.

In this scenario, we're unable to create a "simple" wireless network and tunnel over the WAN link, the requirement is to use vDP. We're also unable to install a vDP appliance locally.

Thanks again!

0 Kudos

Go to solution
sonny
RUCKUS Team Member

‎06-22-2023 10:08 AM

Hello, sorry I do not have email redirection to my work email so I just found out you had this question since "last year". 

For your question, the answer is Yes, you can use Split-Tunnel to decide which traffic will not be tunneling to vDP. There are 2 ways to set up Split-Tunnel:

option 1: All traffic will be Local Break Out at AP WAN PORT,  EXCEPT the destination IP subnets that you configured in the Exception address list.

option 2: You want every traffic will be Tunneling to vDP,  EXCEPT the destination IP subnets that you configured in the Exception address list.

Please note you will need to purchase Split-Tunnel license for each AP. 

sonny.pham@commscope.com

 

0 Kudos
Copyright © 2024 Khoros, LLC