AP management in LWAPP tunnel

  • 1
  • Question
  • Updated 4 years ago
Hi,

We are tunneling all sessions from our AP's to our ZD's using standard LWAPP as provided in the ZD's.

Unfortunately it seems to be impossible to manage an AP directly over the tunnel as the AP does not have an IP interface inside the tunnel.

The only way of managing the AP is either on the local interface of the AP, or using the ZD.

As our AP's are behind internet connections, it is impossible for us to use speedflex for example.

When we are using L2TP this is however configurable, but then we lack configurability through the ZD.

Also using L2TP we are able to put a 2nd or third interface on the AP inside the tunnel. This is a GREAT feature we are missing when we use LWAPP.

Is there a way around this config?

Regards,

Bas
Photo of Com1 NL - Bas Sanders

Com1 NL - Bas Sanders

  • 32 Posts
  • 9 Reply Likes

Posted 4 years ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2114 Posts
  • 297 Reply Likes
Bas, you are correct. LWAPP, the AES encrypted Light Weight Access Point
Protocol, is a secure path for a ZoneDirector to manage APs under its control,
and to transport tunneled client traffic, from the AP wireless or wired interfaces.
It is not intended for other type of AP management.

You may open a browser, with limited display, to a local AP LAN port address of
a ZD managed AP.

L2TP was designed for management of standalone (not ZD managed) APs, thru
FlexMaster or similar NMS application, but we do not design our AP for customers
to put additional L2TP interfaces on them.

If you have a viable business reason and finances to convince Ruckus to pursue
your design feature request, please submit it thru your Account/Sales team.
Photo of Com1 NL - Bas Sanders

Com1 NL - Bas Sanders

  • 32 Posts
  • 9 Reply Likes
Hi Michael, Thanks for your response.

You mention that the wired interfaces can be tunneled over LWAPP to the ZD as well, is that correct?

If so, that is the second functionality i asked for. To my knowledge it is not possible to tunnel a wired interface on the AP to the ZD using LWAPP but i am hoping i am wrong :-)

Having a management IP inside the tunnel for management would in our opinion bring an increased layer of security and manageability. Being able to tunnel a wired interface would be more beneficial to our concept though..
Photo of Com1 NL - Bas Sanders

Com1 NL - Bas Sanders

  • 32 Posts
  • 9 Reply Likes
Hi Michael,

Could you please have a look at my previous questions?

Regards,

Bas
Photo of Michael Brado

Michael Brado, Official Rep

  • 2114 Posts
  • 297 Reply Likes
No, we do not support tunneling the wired interface to the ZD, the AP port traffic would be locally switched onto that VLAN.
Photo of Com1 NL - Bas Sanders

Com1 NL - Bas Sanders

  • 32 Posts
  • 9 Reply Likes
Thanks for clearing that up Michael.

This is possible when using L2TP.. Is this something that is on the roadmap to be implemented on LWAPP as well?

Regards,

Bas