bicky_budha's profile

18 Messages

 • 

342 Points

Wed, Jun 9, 2021 12:42 PM

Use Ruckus AP on remote site

Hi, We have Ruckus vSZ with R510 AP on main site. We have a school play field few miles away. Over there we have business broadband connection with ISP supplied router that has built-in WiFi. Users visiting there use WPA key to connect to the WiFi to use the internet.

Is there a way I can use the Ruckus AP over there to connect to the vSZ on the main site?

Can I connect Ruckus AP over the internet to connect to the main site vSZ?

Any help would be much appreciated, thank you.

Responses

Official Solution

Official Rep

 • 

1.2K Messages

 • 

16.7K Points

4 m ago

Hi Bicky,

As long as AP can reach vSZ's control plane IP (for remote site, you have to use a site to site VPN or public IP should be configured on vSZ's Control NAT settings), you can connect the AP from any site.

List of ports which should be allowed in the network path (on firewall/router/gateway) can be found on below link.

https://docs.commscope.com/bundle/sz-600-adminguide-sz100vsz/page/GUID-078C00BE-7543-4439-9326-F6509EA404A0.html

Note: vSZ-Dataplane (vDP) is only required if you want to tunnel the user traffic from remote site to main site. If you just need to bridge the traffic, vDP is not required.

(edited)

17 Messages

 • 

244 Points

4 m ago

Yes you can do that, if your vSZ is behind nat you need to open few TCP ports at main sites and you can connect AP-s everywhere and behind NAT. You can even tunnel your data to central site using may be better firewall or providing better local security , in this case you need virtual dataplane license and virtual machine. 

18 Messages

 • 

342 Points

thank you.

Our vSZ is behind the NAT. Is there a guide somewhere which I can read on setting up the remote AP behind NAT?

Employee

 • 

330 Messages

 • 

6.3K Points

Hi Bicky,

For configuring NAT, most of the work will be done on your firewall/router. 

On the SmartZone configuration there is a single field in the 'Control Plane IP' settings where your enter the public IP of the SmartZone so this detail can be pushed out as part of the config to all APs.  N.B. you will need a public IP for each controller in the cluster, so they can all be reached by APs on the external network.

https://docs.commscope.com/bundle/sz-511-sz100-vsze-administrator-guide/page/GUID-29918B8E-B41E-4E34-BA7F-54F7EC302E40.html

We have a Best Practice Guide for 'behind NAT' deployments avialable here: https://support.ruckuswireless.com/documents/1336-smartzone-network-design-with-nat

I suspect you will need an active support contract in order to access this document on the Ruckus support site.

Hope that helps,
Darrel.

18 Messages

 • 

342 Points

In the past we used to have Aruba wireless with the portable device called Remote Access Point. RAP can be plugged into the internet from anywhere and it will tunnel back to the main site controller. RAP then provides same ssid + vlan that is available on the main site. Can I do something like this with Ruckus?

Employee

 • 

330 Messages

 • 

6.3K Points

Hi Bicky,

Yes, you can do this leveraging Ruckus GRE tunnelling. This feature is built-in to SmartZone OS and doesn't require an additional license.

However, as you have vSZ, which does not have a data-plane (hardware SZ has data-plane built-in); you will need either vSZ-D (VM-based dataplane) or SZ-144D (hardware dataplane).  The dataplane is the termination point for the Ruckus GRE tunnels created by your APs on remote sites.

There are further details in the Tunnelling Guide here: https://support.ruckuswireless.com/documents/1334-tunneling-configuration-guide-enterprise

Hope that helps,
Darrel.

17 Messages

 • 

244 Points

As I see the tunneling or dataplane is not needed in this case, they need only control, data is bridged into a local Router ?  Ruckus provides also Virtual Dataplane software, this does not depend on AP count, so not very expensive license till 1 Gbps data throughput limit. 

Important Announcement