WLAN tunnel mode and VLAN ID

  • 1
  • Question
  • Updated 2 years ago
We have a guest WLAN "guest1" (not in tunnel mode) with VLAN ID 4 in our headquater and want to use the hotspot gateway in this VLAN also for our branch offices in future.

My idea is to create a WLAN "guest2" on the Access Points in branch office and configure that with tunnel mode. Do i have to use the same VLAN ID 4 for branch office WLAN to direct the traffic to our hotspot gateway in headquater even if this VLAN does not exist in branch office?

We have redundant ZD's in our headquater and VPN connection to our branch offices. 
Photo of BBI

BBI

  • 5 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2183 Posts
  • 301 Reply Likes
Yes, if you tunnel your branch office HotSpot WLAN back to the ZoneDirector, VLAN 4 must exist at the ZD, but not at your local office(s).
Photo of BBI

BBI

  • 5 Posts
  • 0 Reply Likes
Thanks for your answer. And how will be the untagged traffic from branch redirected to VLAN 4 in headquter?
Do i have to create the "guest2" in tunnel mode without VLAN tag and override the VLAN tag in WLAN group? 
Photo of Michael Brado

Michael Brado, Official Rep

  • 2183 Posts
  • 301 Reply Likes
Whichever VLAN is untagged in HQ, where your ZD and HQ APs are located, is considered "VLAN 1" to Ruckus.

I assume that your 'guest1' WLAN in HQ, is putting clients on a tagged VLAN 4 from your initial description.

You didn't say if 'guest1' is using the Guest Access (with optional guest pass or no authentication, optional terms

and conditions, optional redirect to your choice or their intended URL after auth), or a standard WLAN with a simple

WPA2-PSK that you give to your guests?

If you simply wish to extend the 'guest1' WLAN to users in remote offices, you can enable Tunneling, which

will bring all their traffic back to the HQ ZoneDirector.  This would support the Guest Access WLAN type that

I described above, or the standard type WLAN with WPA2-PSK, and you only need VLAN 4 at HQ, not at the

remote offices.

It will not "hurt" guests at HQ, just that their traffic goes thru the ZD instead of getting switched at the AP, but

you can extend your same WLAN to the remote offices, if that is your goal.

Is it the ZD's Guest Access webauth portal that you mean when you said "hotspot gateway", or an external

server that you want to bring remote guests back to?
Photo of BBI

BBI

  • 5 Posts
  • 0 Reply Likes
Thanks for your reply.
The guest WLAN is open and if a guest want to browse in internet a login page pops up for auhtentication. The hotsport gateway is from an external company.

The last thing which i am not sure how to configure is the VLAN tagging.
Which VLAN tag has to be configured to WLAN in branch office "guest2" in tunnel mode? I Think VLAN 4 which is the same as the hotspot gateway in HQ and is also configured for "guest1" in HQ but not in tunnel mode.

Further, do i have to change the VLAN tag in Access Point Group for the branch office, because i have no VLAN 4 in branch? I Think, VLAN 1 has to be configured for that.
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 776 Posts
  • 163 Reply Likes
fundamental question -- why you want to tunnel the branch guest traffic to HQ?
Photo of BBI

BBI

  • 5 Posts
  • 0 Reply Likes
Because we have an external guest internet provider gateway in our HQ and do not want to place such a gateway in each branch office.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2164 Posts
  • 299 Reply Likes
At your HQ now, do you use the ZD guest access (with no auth/guest pass, no terms/conditions, and

just redirect them to your ISP guest portal), or do you use the ZD's HotSpot type of WLAN, and point

the login URL to the ISP guest portal?
Photo of BBI

BBI

  • 5 Posts
  • 0 Reply Likes
ZD is only providing the SSID/WLAN, the rest is done by the guest gateway from the provider which is in the VLAN of the WLAN.