Tunneling Configuration Guide Enterprise v1.0

Tunneling Configuration Guide for Enterprise
Tech Note
Version 1.0

Tech Note
Tunneling Configuration Guide for Enterprise v1.0
July 2016
Table of Contents

Introduction ................................................................................................................................. 3
Tunneling Options ..................................................................................................................... 4
Why use tunneling ................................................................................................. 4
Tunnel types .......................................................................................................... 4
Ruckus GRE .................................................................................................... 4
Soft-GRE ......................................................................................................... 5
Tunneling support by Ruckus controllers ............................................................... 5
Tunneling Configuration ......................................................................................................... 6
WLAN Data Tunneling with vSZ-H ......................................................................... 6
vSZ-H with vSZ-D data plane ........................................................................... 6
Ruckus GRE configuration ............................................................................... 7
Soft-GRE configuration .................................................................................... 9
Tunneling with SZ 100 ......................................................................................... 10
Enabling Ruckus GRE tunnel .......................................................................... 10
Enabling Soft GRE tunnel ............................................................................... 11
Tunneling with vSZ-E ........................................................................................... 13
vSZ-E and vSZ-D data plane .......................................................................... 13
Ruckus GRE configuration ............................................................................. 13
Soft-GRE configuration .................................................................................. 14
Enabling Soft-GRE + IPsec Tunnel ...................................................................... 16
Troubleshooting ...................................................................................................................... 17

Validate supported configuration ......................................................................... 17
vSZ-D configuration and licensing ....................................................................... 17
Impact from applying incorrect configuration ....................................................... 17
Firewalls and network connectivity ....................................................................... 17
Summary .................................................................................................................................... 18

Appendix A: Examples of traffic captures ....................................................................... 19
Ruckus GRE with UDP ........................................................................................ 19
Ruckus GRE........................................................................................................ 20
About Ruckus ........................................................................................................................... 21
©Ruckus Wireless 2
Tech Note
July 2016
Introduction
The Ruckus SZ 100, vSZ and SCG 200 wireless controllers provide a number of options for tunneling data traffic. This document
will focus on several design scenarios that may apply to enterprise WLAN deployments. It will go through the types of tunnels,
which are supported and can be implemented. It will also discuss some design goals i.e. what can be achieved with a tunneled.
Step-by-step configuration guidance will be provided.
©Ruckus Wireless 3
Tech Note
July 2016
Tunneling Options
There are two distinct options for tunneling data in the Ruckus solution.
rd
The first option addresses data tunneling from Access Points to the data plane on a wireless controller or to a 3 -party network
device, which can perform tunnel aggregation. Such a network design would apply to cases where data from user devices has to
be centralized or distributed between multiple data aggregation points.
The second option addresses an architecture where all clients’ data has to be tunneled northbound from a wireless controller to a
rd
3 -party aggregation point. This scenario would mostly apply to solutions used by service providers and is out of the scope of this
document. For more information see the Ruckus documentation for Ruckus Wireless SmartCell Gateway 200, “Tunneling Interface
Reference Guide for SmartZone 3.2.1”
A local breakout mode is used in all other cases where data traffic does not need to be centralized and can be switched and
routed locally.
Why use tunneling

Using tunneling for data traffic can provide several advantages over a network design that is implemented with a local breakout
mode. There are pros and cons for each but the following are the main design scenarios, which may benefit from tunneling:
• Guest traffic aggregation for network security and compliance
• Voice traffic tunneling
• Roaming and mobility across different subnets
• Flat network design topology without multiple VLAN’s at the edge
Tunnel types
Ruckus GRE
GRE is a well-known tunneling protocol, described in the RFC 2784. An originating packet, which is called a payload packet, is
encapsulated in GRE with an additional header added for delivery over a network. It is a delivery protocol and in many cases it
can be IPv4. Packets are de-capsulated on the other end of the tunnel and the payload packet is forwarded to the destination.
Ruckus supports a proprietary GRE version called Ruckus GRE, which is used for tunneling the user data from Ruckus Access
Points to vSZ, SCG-200 or Zone Director controllers, see Figure 1.
Common configuration options are:
• Ruckus GRE with UDP - commonly used on networks that require NAT traversal
• Ruckus GRE - supports optional payload encryption
F IGURE 1 RUCKUS GRE DATA FLOW
©Ruckus Wireless 4
Tech Note
July 2016
Soft-GRE
Soft-GRE tunnels are similar to GRE tunnels but only one end of tunnel network connection has to be defined. The Access Point
will send an encapsulated packet to a dedicated gateway. When there are packets of data destined for the stations connected to
that AP, the gateway will encapsulate these packets to send back to the AP.
rd
This option requires a 3 -party gateway that supports GRE termination. Soft-GRE tunnels can be used in the following cases:
rd
• From Ruckus APs to 3 -party gateway i.e. ALU 7750, see Figure 2
rd
• Northbound from SCG to a 3 -party gateway
F IGURE 2 S OFT GRE DATA FLOW
Tunneling support by Ruckus controllers

T ABLE 1 T UNNELING SUPPORT
SZ-100 vSZ-E vSZ-H SCG-200
Ruckus GRE Yes Yes* Yes* Yes

with vSZ-D with vSZ-D
Soft-GRE Yes** Yes** Yes** Yes**
*vSZ-D is required by the vSZ-E and vSZ-H to terminate a data plane tunnel. Tunneling is not supported if a vSZ-D is not present.
vSZ-D capability
• Up 10K AP’s and 100K clients per instance
• Throughput 1 or 10 or higher Gbps
rd
** Configuration only i.e. Soft-GRE tunnels should be terminated on a 3 -party gateway which supports Soft-GRE protocol e.g.
ALU 7750
©Ruckus Wireless 5
Tech Note
July 2016
Tunneling Configuration
WLAN Data Tunneling with vSZ-H
vSZ-H with vSZ-D data plane
A vSZ-D data plane VM is required for a vSZ-H to allow termination of Ruckus GRE tunnels from Access Points i.e. tunnels can’t
be terminated on a vSZ-H directly.
A vSZ-D is not required to be physically co-located with vSZ-H. This provides a high level of flexibility in creating network
architecture(s) with data tunneling. There are two possible scenarios for WLAN data aggregation, which can be implemented with
vSZ-D data plane and virtual SmartZone:
1. Centralized tunneled WLANs
2. Distributed tunneled WLANs (future)
Tunneling can be configured on a per-WLAN basis, which means the following scenarios for user data traffic can be implemented
for different WLANs on the same AP:
• Local breakout
• Data tunneling to vSZ-D over Ruckus GRE
rd
• Data tunneling to a 3 -party gateway over Soft-GRE
For more detailed information on the vSZ-D and how to install and configure it please refer to the “Virtual SmartZone Data Plane
(vSZ-D) Configuration Guide”.
F IGURE 3 RUCKUS GRE TUNNEL TERMINATION ON V SZ-D WITH V SZ-H

vDZ-D Note
Every vSZ-D requires a license on the vSZ-H to operate. Make sure the license is available before proceeding.
When a vSZ-D is installed on the network and it is connected to vSZ-H please check the Data Plane status by going to
Configuration>>System>>Cluster Planes
The configured vSZ-D(s) instance or instances should be listed under Data Planes showing Managed and Approved status in
vSZ-H, see Figure 4
©Ruckus Wireless 6
Tech Note
July 2016
F IGURE 4 E XAMPLE OF V SZ-H D ATA P LANE C ONFIGURATION
Ruckus GRE configuration

To configure a Ruckus GRE tunnel in vSZ-H, an AP Tunneled Profile has to be created. This can be done with the following steps:
1. Log into the Web UI and go to Configuration>>AP zones>> AP tunnel profile>>Ruckus GRE
2. Create new. See Figure 5 Creating Ruckus GRE profilebelow.
F IGURE 5 C REATING RUCKUS GRE PROFILE

Access Point(s) shall be put to an AP Zone.
3. To allocate AP to an AP zone, go to Configuration>>Access Points
Actions >> Move AP to a different zone i.e. icon in the right column of the table, see Figure 6
©Ruckus Wireless 7
Tech Note
July 2016
F IGURE 6 M OVING AP TO AN AP ZONE

To configure a WLAN for an AP zone, use the following steps:
4. Go to Configuration>>AP zones
5. Select correct zone, Zone configuration>>WLAN
6. Create new or select an existing WLAN
7. Select WLAN usage drop down menu and follow to Access Network, Tunnel traffic through Ruckus GRE option, see
Figure 7
F IGURE 7 E NABLE RUCKUS GRE FOR A WLAN

8. Next, allocate the Tunnel Profile created earlier to the AP zone
If an AP Zone does not exist create new AP zone or select Edit to modify the configuration of an existing AP zone.
9. Under AP Tunnel Options select Ruckus GRE tunnel type.
10. From a drop down list for “GRE Tunnel Profile” select the correct profile name, see Figure 8 below.
©Ruckus Wireless 8
Tech Note
July 2016
F IGURE 8 A LLOCATING RUCKUS GRE T UNNEL P ROFILE
Soft-GRE configuration
Soft-GRE tunnel configuration in a vSZ-H is very similar to Ruckus GRE configuration, but there are some differences.
1. First, create Soft-GRE AP Tunnel profile,
2. Configuration>>AP zones>> AP tunnel profiles>>SoftGRE, see Figure 9 below
3. Configure primary and secondary Gateway addresses or FQDN
rd
Note: Soft-GRE tunnels have to be terminated on 3 -party gateway with Soft-GRE termination support e.g. ALU 7750
4. MTU size can set as Auto or adjusted within the range 850-1500 bytes to prevent packet fragmentation.
F IGURE 9 S OFT GRE PROFILE

Define a SoftGRE profile for an AP zone:
5. Create a new AP zone or select Edit to modify the configuration of an existing AP zone.
6. Under “AP Tunnel Options” select Soft-GRE tunnel type.
7. Apply the profile created earlier, see an example on Figure 10 below.
F IGURE 10 A PPLYING S OFT GRE PROFILE

Next, enable Soft-GRE tunneling for a WLAN.
8. Create a new or select an existing WLAN for an AP zone
9. Select WLAN usage drop down menu and mark a tick box for “Access Network >> Tunnel traffic through SoftGRE”, see
Figure 11.
©Ruckus Wireless 9
Tech Note
July 2016
F IGURE 11 S OFT -GRE T UNNELING FOR WLAN

An AP must be assigned to the correct AP zone. If it has not, please refer to Figure 6 earlier in this document and follow the steps
above it.
Tunneling with SZ 100

Enabling Ruckus GRE tunnel
Ruckus GRE tunnels from Ruckus APs can be directly terminated on a SZ-100 data plane. Tunneling can be configured using SZ
100 GUI. To configure a Ruckus GRE tunnel, use the following steps:
1. Go to Configuration>>AP Tunnel Settings and select Ruckus GRE tunnel type, see Figure 12.
2. Select GRE + UDP options if NAT traversal is required
3. Tunnel encryption can be optionally enabled.
F IGURE 12 E NABLING RUCKUS GRE SETTING
©Ruckus Wireless 10
Tech Note
July 2016
Next, enable tunneling for the WLAN, this will tunnel all of the clients’ data to the SZ 100. To configure this, use the following
steps:
4. Go to Configure>>WLANs and select the WLAN for tunneling.
5. Under WLAN Usage >> Access Network, mark the tick box “Tunnel WLAN traffic through Ruckus GRE”, see Figure 13
below.
F IGURE 13 E NABLING PER WLAN TRAFFIC TUNNELING
Enabling Soft GRE tunnel

rd
A Soft GRE tunnel can be enabled if the AP has to terminate traffic on a 3 -party gateway with Soft GRE support. To enable the
tunnel, use the following steps:
1. Go to Configuration>> AP Tunnel Settings
2. From the dropdown select “SoftGRE” option
3. Configure primary and secondary Gateway address or FQDN
MTU size can left as Auto or adjusted within the range 850-1500 bytes to prevent packet fragmentation, see Figure 14.
F IGURE 14 E NABLING S OFT GRE IN A SZ-100

Tech Note
July 2016
Tunneling of data traffic is enabled on a per-WLAN basis. To configure this, use the following steps:
4. Go to Configure>>WLANs and select the WLAN you want to tunnel traffic for.
5. Under WLAN Usage enable tick box Tunnel WLAN traffic through Soft GRE.
F IGURE 15 E NABLING WLAN TUNNELING WITH S OFT -GRE
Tech Note
July 2016
Tunneling with vSZ-E
vSZ-E and vSZ-D data plane

Similar to a vSZ-H, a vSZ-E also requires a separate data plane based on the vSZ-D platform to terminate Ruckus GRE tunnels.
The data flow of traffic is the same as shown on Figure 3 earlier in this document.
Every vSZ-D requires a license on the vSZ-E to operate. Validate that this license is available by going to
Administration>>License, see Figure 16 below.
F IGURE 16 V SZ-E LICENSING TABLE

A vSZ-D is installed as a separate VM that is controlled by the vSZ-E. Validate the vSZ-D is managed by the vSZ-E. To do this,
log into the vSZ-E GUI and check under System>>Cluster Planes for Managed and Approved status in the list of Data Planes. To
do that, go to Configuration>>System>>Cluster Planes. If it is not showing as approved and managed, the vSZ-D may still require
an approval or it may not be communicating with the vSZ-E. Check the vSZ-D configuration and network settings to confirm
operations.
F IGURE 17 E XAMPLE . V SZ-D D ATA P LANE WITH M ANAGED AND A PPROVED STATUS
Ruckus GRE configuration

When a vSZ-D data plane is shown with a Managed and Approved status in the vSZ-E, it may serve as a data plane for
termination of Ruckus GRE tunnels from Ruckus APs. Configuration steps for tunneling are very similar to those for SZ-100
platform. Tunneling can be configured using vSZ-E GUI using the following steps:
6. On the vSZ-E go to Configuration>>AP Tunnel Settings and select the Ruckus GRE tunnel type. See Figure 18 below
F IGURE 18 E NABLING RUCKUS GRE IN V SZ-E

7. Select GRE + UDP options if NAT traversal is required
8. Tunnel encryption can be optionally enabled, by marking the check box.
Tech Note
July 2016
Tunneling is enabled on per-WLAN basis. To configure it for a specific WLAN, use the following steps:
9. Go to Configuration>>WLANs
10. Select a WLAN from the list or create a new WLAN if it does not exist
11. Under WLAN Usage mark the check box “Tunnel WLAN traffic through Ruckus GRE” as shown on Figure 19 below
F IGURE 19 E NABLING RUCKUS GRE TUNNEL FOR A WLAN ON THE V SZ-E
Soft-GRE configuration
rd
Soft-GRE tunnels should be enabled on the vSZ-E when an AP has to terminate its tunnel on a 3 -party gateway with Soft-GRE
tunnel support.
To enable Soft-GRE on the vSZ-E, use the following steps:
1. Go to Configuration>> AP Tunnel Settings
2. From the dropdown select SoftGRE option as a Tunnel Type.
3. Next, configure the primary and secondary Gateway address or FQDN. See Figure 20. Note that the Gateway IP address
is shown as an example only.
4. MTU size can set as Auto or adjusted within the range 850-1500 bytes to prevent packet fragmentation from an increased
overhead in the packets.
F IGURE 20 S OFT -GRE CONFIGURATION EXAMPLE ON THE V SZ-E
Tech Note
July 2016
5. Next, enable tunneling for specific WLAN, to configure it go to

6. Configure>>WLANs and select the WLAN you want to tunnel traffic for
7. Under WLAN Usage, mark the tick box “Tunnel WLAN traffic through Soft GRE”, see Figure 21
F IGURE 21 S OFT -GRE WLAN CONFIGURATION IN V SZ-E
Tech Note
July 2016
Enabling Soft-GRE + IPsec Tunnel
The use of Soft-GRE tunnels with IPsec is most applicable to mobile service providers where tunnels from APs must be
terminated on a Wireless Access Gateway (WAG) in the Evolving Packet Core (EPC). The use of IPSec ensures these tunnels are
encrypted. Please note that not all Access Points support IPsec tunnels. Verify your AP model supports this feature before
deploying.
When enabling multiple tunneling protocols please consider the amount of packet overhead and adjust the MTU size if necessary.
The IPsec protocol is CPU intensive and may impact performance of the tunnel endpoints i.e. in our case these are the Access
Points with IPsec support and the aggregation gateway. The gateway where IPsec tunnels get terminated should have enough
processing power to handle traffic from all endpoints, to validate the capability please check in documentation for specific platform.
Let’s consider a configuration example on SZ 100 platform. To start with, create a profile for IPsec in SZ-100 configuration by
following these steps:
1. Go to Configuration>>Access Points>>IPsec > Create New
2. Configure a profile name and security gateway where this tunnel will be terminated
Authentication can be either set as a shared key or as a certificate based, see an example on Figure 22 for a shared key
authentication. Configure the security gateway accordingly to match these authentication settings so these tunnel endpoints can
be authenticated and an IPsec tunnel established. This may also require configuring additional features for IKE and ESP as well
as for the Certification Management protocol.
F IGURE 22 C REATING IP SEC PROFILE

Tech Note
July 2016
Troubleshooting
Validate supported configuration
When implementing WLAN designs with Ruckus GRE tunnels and SmartZone controllers please validate that the controller(s) has
a data plane to terminate these tunnels. Table 1 provides the information for supported combinations. Note that SZ-100 platform
has a data plane built-in, where vSZ-E and vSZ-H will require an external data plane.
vSZ-D configuration and licensing
When vSZ-D is installed as a VM and configured to operate with vSZ-E or vSZ-H, make sure they have an available license
assigned to it. Additionally, vSZ-D has to be Managed and Approved as shown on Figure 4 and Figure 17.
Impact from applying incorrect configuration
If Ruckus GRE tunnel is enabled for a specific WLAN in the controller and this controller has no data plane present, the access
points will not be able to terminate this tunnel and the SSID allocated to this WLAN will not be operational in these APs.
Firewalls and network connectivity
In some cases wireless APs and the wireless controller data plane can be deployed within same L2 domain (VLAN) but it is very
likely that many deployments will be done over a L3 network where IP packets from one tunnel endpoint (AP) will have to cross
multiple routers to reach other end of the tunnel (Data Plane).
In more complex L3 configurations, traffic may have to traverse a NAT router or a firewall. Tunneling protocol option shall be set to
Ruckus GRE + UDP and these UDP ports shall be permitted through the firewall.

To help with troubleshooting, some examples of Ruckus GRE data captures are included in Appendix A: Examples of traffic
captures of this document.
Tech Note
July 2016
Summary
This document discussed tunneling configuration for Ruckus GRE and Soft-GRE tunnel types on Ruckus Wi-Fi controllers and
APs. Although most configuration steps look very similar across the SZ-100 and vSZ-E / vSZ-H platforms there are some
differences between them. The most important feature is that the virtual platforms require a vSZ-D to assist with tunneling. Please
note a WLAN configured to tunnel traffic will not function if the data plane is not present. This includes the advertising of a
tunneled WLAN SSID.
Additional consideration should be given to the increased overhead, both in the packet size due to additional layer of
encapsulation and in the processing requirements on both tunneling endpoints, especially, in cases where encrypted tunnels are
configured.
To demonstrate different encapsulations, some examples of packet captures have been provided in Appendix A: Examples of
traffic captures.
Tech Note
July 2016
Appendix A: Examples of traffic captures

Ruckus GRE with UDP
Below is an example of a Wireshark traffic capture performed on the Ethernet port connected to a Ruckus AP. In this example,
data is encapsulated using Ruckus GRE + UDP protocol option.
• Access Point IP: 10.3.6.21
• vSZ-D IP: 192.168.110.24
The Figure 23 shows UDP packets with tunneled data passed between an AP and vSZ-D in both directions.
F IGURE 23 RUCKUS GRE PLUS UDP TRAFFIC CAPTURE
Tech Note
July 2016
Ruckus GRE
Below is an example of a Wireshark traffic capture performed on the Ethernet port connected to a Ruckus AP. In this example
data is encapsulated using Ruckus GRE protocol option.
• Access Point IP: 10.3.6.64
• SZ-100 IP: 10.3.7.167
The Figure 24 shows GRE (Protocol 47) packets with tunneled data passed between the AP and SZ 100 in both directions.
F IGURE 24 GRE TUNNEL
Tech Note
July 2016
About Ruckus
Headquartered in Sunnyvale, CA, Ruckus Wireless, Inc. is a global supplier of advanced wireless systems for the rapidly
expanding mobile Internet infrastructure market. The company offers a wide range of indoor and outdoor “Smart Wi-Fi” products to
mobile carriers, broadband service providers, and corporate enterprises, and has over 36,000 end-customers worldwide. Ruckus
technology addresses Wi-Fi capacity and coverage challenges caused by the ever-increasing amount of traffic on wireless
networks due to accelerated adoption of mobile devices such as smartphones and tablets. Ruckus invented and has patented
state-of-the-art wireless voice, video, and data technology innovations, such as adaptive antenna arrays that extend signal range,
increase client data rates, and avoid interference, providing consistent and reliable distribution of delay-sensitive multimedia
content and services over standard 802.11 Wi-Fi. For more information, visit http://www.ruckuswireless.com.
Ruckus and Ruckus Wireless are trademarks of Ruckus Wireless, Inc. in the United States and other countries.
Copyright 2013 Ruckus Wireless, Inc. All Rights Reserved.

Copyright Notice and Proprietary Information No part of this documentation may be reproduced,
transmitted, or translated, in any form or by any means without prior written permission of Ruckus
Wireless, Inc. (“Ruckus”), or as expressly provided by under license from Ruckus
Destination Control Statement

Technical data contained in this publication may be subject to the export control laws of States law is
prohibited. It is the reader’s responsibility to determine the applicable regulations and to comply with
them.
Disclaimer
THIS DOCUMENTATION AND ALL INFORMATION CONTAINED HEREIN (“MATERIAL”) IS PROVIDED
FOR GENERAL INFORMATION PURPOSES ONLY. RUCKUS AND ITS LICENSORS MAKE NO
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THE MATERIAL, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT
AND FITNESS FOR A PARTICULAR PURPOSE, OR THAT THE MATERIAL IS ERROR-FREE,
ACCURATE OR RELIABLE. RUCKUS RESERVES THE RIGHT TO MAKE CHANGES OR UPDATES TO
THE MATERIAL AT ANY TIME.
Limitation of Liability
IN NO EVENT SHALL RUCKUS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR
CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE,
INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT,
ARISING FROM YOUR ACCESS TO, OR USE OF, THE MATERIAL

Tunneling Configuration Guide Enterprise v1.0

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tunneling Configuration Guide Enterprise v1.0

Uploaded by

Copyright:

Available Formats

Tunneling Configuration Guide for Enterprise

Table of Contents

Troubleshooting ...................................................................................................................... 17

Summary .................................................................................................................................... 18

About Ruckus ........................................................................................................................... 21

Why use tunneling

F IGURE 1 RUCKUS GRE DATA FLOW

F IGURE 2 S OFT GRE DATA FLOW

Tunneling support by Ruckus controllers

Ruckus GRE Yes Yes* Yes* Yes

F IGURE 3 RUCKUS GRE TUNNEL TERMINATION ON V SZ-D WITH V SZ-H

F IGURE 4 E XAMPLE OF V SZ-H D ATA P LANE C ONFIGURATION

Ruckus GRE configuration

F IGURE 5 C REATING RUCKUS GRE PROFILE

F IGURE 6 M OVING AP TO AN AP ZONE

F IGURE 7 E NABLE RUCKUS GRE FOR A WLAN

F IGURE 8 A LLOCATING RUCKUS GRE T UNNEL P ROFILE

F IGURE 9 S OFT GRE PROFILE

F IGURE 10 A PPLYING S OFT GRE PROFILE

F IGURE 11 S OFT -GRE T UNNELING FOR WLAN

Tunneling with SZ 100

F IGURE 12 E NABLING RUCKUS GRE SETTING

F IGURE 13 E NABLING PER WLAN TRAFFIC TUNNELING

Enabling Soft GRE tunnel

F IGURE 14 E NABLING S OFT GRE IN A SZ-100

F IGURE 15 E NABLING WLAN TUNNELING WITH S OFT -GRE

Tunneling with vSZ-E

vSZ-E and vSZ-D data plane

F IGURE 16 V SZ-E LICENSING TABLE

Ruckus GRE configuration

F IGURE 18 E NABLING RUCKUS GRE IN V SZ-E

F IGURE 19 E NABLING RUCKUS GRE TUNNEL FOR A WLAN ON THE V SZ-E

F IGURE 20 S OFT -GRE CONFIGURATION EXAMPLE ON THE V SZ-E

5. Next, enable tunneling for specific WLAN, to configure it go to

F IGURE 21 S OFT -GRE WLAN CONFIGURATION IN V SZ-E

Enabling Soft-GRE + IPsec Tunnel

F IGURE 22 C REATING IP SEC PROFILE

vSZ-D configuration and licensing

Impact from applying incorrect configuration

Firewalls and network connectivity

Appendix A: Examples of traffic captures

F IGURE 23 RUCKUS GRE PLUS UDP TRAFFIC CAPTURE

F IGURE 24 GRE TUNNEL

Copyright 2013 Ruckus Wireless, Inc. All Rights Reserved.

Destination Control Statement

You might also like