cancel
Showing results for 
Search instead for 
Did you mean: 

WLAN tunnel mode and VLAN ID

bernd_biskupek_
New Contributor III
We have a guest WLAN "guest1" (not in tunnel mode) with VLAN ID 4 in our headquater and want to use the hotspot gateway in this VLAN also for our branch offices in future.

My idea is to create a WLAN "guest2" on the Access Points in branch office and configure that with tunnel mode. Do i have to use the same VLAN ID 4 for branch office WLAN to direct the traffic to our hotspot gateway in headquater even if this VLAN does not exist in branch office?

We have redundant ZD's in our headquater and VPN connection to our branch offices. 
8 REPLIES 8

michael_brado
Esteemed Contributor II
Yes, if you tunnel your branch office HotSpot WLAN back to the ZoneDirector, VLAN 4 must exist at the ZD, but not at your local office(s).

bernd_biskupek_
New Contributor III
Thanks for your answer. And how will be the untagged traffic from branch redirected to VLAN 4 in headquter?
Do i have to create the "guest2" in tunnel mode without VLAN tag and override the VLAN tag in WLAN group? 

Whichever VLAN is untagged in HQ, where your ZD and HQ APs are located, is considered "VLAN 1" to Ruckus.

I assume that your 'guest1' WLAN in HQ, is putting clients on a tagged VLAN 4 from your initial description.

You didn't say if 'guest1' is using the Guest Access (with optional guest pass or no authentication, optional terms

and conditions, optional redirect to your choice or their intended URL after auth), or a standard WLAN with a simple

WPA2-PSK that you give to your guests?

If you simply wish to extend the 'guest1' WLAN to users in remote offices, you can enable Tunneling, which

will bring all their traffic back to the HQ ZoneDirector.  This would support the Guest Access WLAN type that

I described above, or the standard type WLAN with WPA2-PSK, and you only need VLAN 4 at HQ, not at the

remote offices.

It will not "hurt" guests at HQ, just that their traffic goes thru the ZD instead of getting switched at the AP, but

you can extend your same WLAN to the remote offices, if that is your goal.

Is it the ZD's Guest Access webauth portal that you mean when you said "hotspot gateway", or an external

server that you want to bring remote guests back to?

Thanks for your reply.
The guest WLAN is open and if a guest want to browse in internet a login page pops up for auhtentication. The hotsport gateway is from an external company.

The last thing which i am not sure how to configure is the VLAN tagging.
Which VLAN tag has to be configured to WLAN in branch office "guest2" in tunnel mode? I Think VLAN 4 which is the same as the hotspot gateway in HQ and is also configured for "guest1" in HQ but not in tunnel mode.

Further, do i have to change the VLAN tag in Access Point Group for the branch office, because i have no VLAN 4 in branch? I Think, VLAN 1 has to be configured for that.