Skip to main content

16 Messages

 • 

310 Points

Fri, Sep 4, 2015 10:54 AM

WLAN tunnel mode and VLAN ID

We have a guest WLAN "guest1" (not in tunnel mode) with VLAN ID 4 in our headquater and want to use the hotspot gateway in this VLAN also for our branch offices in future.

My idea is to create a WLAN "guest2" on the Access Points in branch office and configure that with tunnel mode. Do i have to use the same VLAN ID 4 for branch office WLAN to direct the traffic to our hotspot gateway in headquater even if this VLAN does not exist in branch office?

We have redundant ZD's in our headquater and VPN connection to our branch offices. 

Responses

Brand User

Former Employee

 • 

2.6K Messages

 • 

44.8K Points

5 years ago

Yes, if you tunnel your branch office HotSpot WLAN back to the ZoneDirector, VLAN 4 must exist at the ZD, but not at your local office(s).

16 Messages

 • 

310 Points

5 years ago

Thanks for your answer. And how will be the untagged traffic from branch redirected to VLAN 4 in headquter?
Do i have to create the "guest2" in tunnel mode without VLAN tag and override the VLAN tag in WLAN group? 
Brand User

Former Employee

 • 

2.6K Messages

 • 

44.8K Points

Whichever VLAN is untagged in HQ, where your ZD and HQ APs are located, is considered "VLAN 1" to Ruckus.

I assume that your 'guest1' WLAN in HQ, is putting clients on a tagged VLAN 4 from your initial description.

You didn't say if 'guest1' is using the Guest Access (with optional guest pass or no authentication, optional terms

and conditions, optional redirect to your choice or their intended URL after auth), or a standard WLAN with a simple

WPA2-PSK that you give to your guests?

If you simply wish to extend the 'guest1' WLAN to users in remote offices, you can enable Tunneling, which

will bring all their traffic back to the HQ ZoneDirector.  This would support the Guest Access WLAN type that

I described above, or the standard type WLAN with WPA2-PSK, and you only need VLAN 4 at HQ, not at the

remote offices.

It will not "hurt" guests at HQ, just that their traffic goes thru the ZD instead of getting switched at the AP, but

you can extend your same WLAN to the remote offices, if that is your goal.

Is it the ZD's Guest Access webauth portal that you mean when you said "hotspot gateway", or an external

server that you want to bring remote guests back to?

16 Messages

 • 

310 Points

Thanks for your reply.
The guest WLAN is open and if a guest want to browse in internet a login page pops up for auhtentication. The hotsport gateway is from an external company.

The last thing which i am not sure how to configure is the VLAN tagging.
Which VLAN tag has to be configured to WLAN in branch office "guest2" in tunnel mode? I Think VLAN 4 which is the same as the hotspot gateway in HQ and is also configured for "guest1" in HQ but not in tunnel mode.

Further, do i have to change the VLAN tag in Access Point Group for the branch office, because i have no VLAN 4 in branch? I Think, VLAN 1 has to be configured for that.

824 Messages

 • 

13.2K Points

5 years ago

fundamental question -- why you want to tunnel the branch guest traffic to HQ?

16 Messages

 • 

310 Points

5 years ago

Because we have an external guest internet provider gateway in our HQ and do not want to place such a gateway in each branch office.
Brand User

Former Employee

 • 

2.6K Messages

 • 

44.8K Points

At your HQ now, do you use the ZD guest access (with no auth/guest pass, no terms/conditions, and

just redirect them to your ISP guest portal), or do you use the ZD's HotSpot type of WLAN, and point

the login URL to the ISP guest portal?

16 Messages

 • 

310 Points

ZD is only providing the SSID/WLAN, the rest is done by the guest gateway from the provider which is in the VLAN of the WLAN.