Method of connecting remote AP to SZ 100

  • 1
  • Question
  • Updated 2 years ago
Hello everyone!
I still don't understand the method of connection the remote AP(at branch office, for example) to the SZ 100 controller at main office (or at datacenter).
Could it be done just with Ruckus devices?
 Or do I need a VPN server at controller side to build tonnels between remote AP and controller?
Thanks in advance.
Photo of Alexander Moiseiev

Alexander Moiseiev

  • 32 Posts
  • 2 Reply Likes

Posted 2 years ago

  • 1
Photo of Dionis

Dionis, AlphaDog

  • 70 Posts
  • 36 Reply Likes

AP does the tunneling to the controller for the client data.  AP needs to be able to communicate with the controller from whichever location the AP is at.  Once connected to the controller and proper firewall configuration is in place to allow the required ports, the AP will form a GRE tunnel with the SZ100 and data will be transmitted within this tunnel.  VLAN for each WLAN service can be sent to the core (datacenter) for processing of the client data. 


Hope this helps.

Photo of Dionis

Dionis, AlphaDog

  • 70 Posts
  • 36 Reply Likes

No problem.  The SZ100 is built to handle 1024 APs per Unit and up to 25k clients per unit.  However, it can also be cluster with up to three more other units for a total of 3k AP capacity and 60k clients with up to 2k WLAN per node.  The infrastructure can grow as needed.

Photo of Alexander Moiseiev

Alexander Moiseiev

  • 32 Posts
  • 2 Reply Likes
Thank you again! Remote AP is connected and working right now!
Photo of Alexander Moiseiev

Alexander Moiseiev

  • 32 Posts
  • 2 Reply Likes
Hehe, It is not the end.:)
Everything worked fine, until the SZ is connected directly to provider port without any firewall.
We put SZ behind Mikrotik 2011, open all ports according to the manual. And what happens next: AP migrating -> AP migrated -> AP discovery sucseeded -> AP connected ... one minute passed.. -> AP heartbeat lost -> AP disconnected.
Photo of Com1 NL - Bas Sanders

Com1 NL - Bas Sanders

  • 32 Posts
  • 9 Reply Likes
Can you check the UDP "session" timers in the Mikrotik? Does it do stateful inspection? 

A quick sniffertrace should point you in the right direction as to what happens..
Photo of Dionis

Dionis, AlphaDog

  • 70 Posts
  • 36 Reply Likes
Couple of things that could happen here. One: You could be blocking some ports for FTP passive if you are connecting APs from the internet into your network. If this is the case, make sure that passive FTP is supported and that you open or allow port range 16384-65000 for FTP passive dynamic port allocation to the AP and SZ data session. Two: Your firewall may be blocking or incorrectly routing the traffic to the internal IP of your SZ. Let me know what you find. Like Bas stated, a trace may be helpful. Regards,