SCG200 - How can I block traffic through DataPlane SCG-D1

  • 1
  • Question
  • Updated 2 weeks ago
How can I block traffic by Data Plane1


Friends,
We are working with SCG200, and have set up a new Datapla. I would like to know how do I block DP-0 traffic, forcing the new Data plane (DP-1) to take over?


I've tried ACL without success.
I have already tried via the command line, both in the AP, and in the CLI of the SCG, also to no avail.

CLI-AP:

set tunnelmgr : set tunnelmgr {options}

                 -> disable/enable

                 -> tunnel <enable|disable>

                 -> type <rksgre|softgre> [mode comcast]

                 -> auth <enable|disable>

                 -> port <dest(SCG-D) port #>

ü  rkscli: set tunnelmgr SCG-D Sorry, no match to set tunnelmgr SCG-D found

 ü  rkscli: set tunnelmgr SCG-D Sorry, no match to set tunnelmgr SCG-D found

 ü  rkscli: set tunnelmgr SCG-D 1Sorry, no match to set tunnelmgr SCG-D 1 found

 ------------------------------------------------------------------------------------

 ARC-RJ-WLC-R08# remote ap-cli D4:68:4D:10:11:00 "set tunnelmgr port SCG-D0 disable"

Error: parameter error -- Agrument must be digits

 ARC-RJ-WLC-R08# remote ap-cli D4:68:4D:10:11:00 "set tunnelmgr SCG-D0 disable"

Error: parameter error -- Agrument must be digits

 ARC-RJ-WLC-R08# remote ap-cli D4:68:4D:10:11:00 "set tunnelmgr port SCG-D0 port disable"

Error: parameter error -- Agrument must be digits

 ARC-RJ-WLC-R08# remote ap-cli D4:68:4D:10:11:00 "set tunnelmgr SCG-D0 disable"

ARC-RJ-WLC-R08# remote ap-cli D4:68:4D:10:11:00 "set tunnelmgr SCG-D0 disable"

Error: parameter error -- Agrument must be digits


Any tips?

"get tunnelmgr"

------ TUNNELMGR Information ------
tunnelmgr Service:      Enabled
Tunnel Establishment:   Enabled
Tunnel Authentication:  Enabled
Tunnel Cipher:          Disabled
PMTU Discovery:         Enabled
Node Affinity:          Disabled
Force Fragmentation:    Disabled
Tunnel Type: Ruckus-GRE
SCG-D IP List:       [email protected][x.x.x.x]:23233,[y.y.y.y]:23233
Internal Subnet:        10.x.0.0
GRE over UDP: AP/SCG-D UDP port # 23233/23233
Keep Alive Interval/Retry-limit: 10/6
Keep Alive Interval2: N/A

Photo of Jardel Almeida

Jardel Almeida

  • 24 Posts
  • 2 Reply Likes

Posted 2 weeks ago

  • 1
Photo of Genrikh Bakhman

Genrikh Bakhman

  • 5 Posts
  • 0 Reply Likes
Hello.

I am not sure about SCG but in vSZ you can use the feature called vDP Zone Affinity. You will be able to create a list w/ Data planes and attach them to specific AP Zone.
(Edited)
Photo of Jardel Almeida

Jardel Almeida

  • 24 Posts
  • 2 Reply Likes
Hello Genrikh,  
Thanks for the quick response.

I saw it, I searched it here in support Ruckus, but this feature is only working on vSZ.

http://docs.ruckuswireless.com/smartzone/3.6.1/sz100-vsze-administrator-guide/GUID-508F58A7-0642-4F2...

Thanks!
Photo of Jardel Almeida

Jardel Almeida

  • 24 Posts
  • 2 Reply Likes
Gentlemen,

Sorted out.

I configured an extended ACL on my router, blocking the IP of the DTP0.

Then when I ran the "get tunnelmgr" command, and the failover worked, that is, I could only see the traffic / tunnel of the new dataplane
Photo of Genrikh Bakhman

Genrikh Bakhman

  • 5 Posts
  • 0 Reply Likes
Hello.

You can use ACL on AP to do the same. It will work. 

#AP CLI script
#define Zone's AP FW version
fw_version=3.2.1.0.682

#define Model class, only all is supported now.
model=all

#CLI commands
set qos eth0 ip add ucast src  192.168.100.105/255.255.255.255 drop
(Edited)