SoftGRE Tunneling Support

Software Generic Routing Encapsulation (SoftGRE) tunneling involves transmitting encapsulated data packets in WLAN deployments to manage and direct AP traffic to a centralized gateway.

Feature Overview

This technique encapsulates the original data packets within GRE packets, creating a virtual point-to-point link over the existing network infrastructure, which adds security and enables centralized traffic distribution by establishing a tunnel from the APs to a SoftGRE gateway.

Managing and directing traffic efficiently is crucial for maintaining optimal network performance. SoftGRE tunneling plays a pivotal role in achieving this by encapsulating data packets and transmitting them over various network types.

The SoftGRE Tunneling Support feature allows you to:

  • Create a SoftGRE tunnel profile
  • Bind the profile to a specific venue and Wi-Fi network for tunneling AP traffic to a SoftGRE gateway
  • Enable a SoftGRE tunnel profile on an Ethernet port and apply an Internet Protocol Security (IPsec) profile to the SoftGRE tunnel for added security (this configuration is supported only on Passphrase (PSK/SAE) Wi-Fi networks)

Following are the benefits:

  • Enhanced flexibility: Adaptability to different network environments to work with various types of networks.
  • Centralized traffic management and efficiency: Centralized control of network traffic, enabling more efficient and consistent application of network policies.
  • Enhanced security: Secure encrypted communication over an Internet Protocol network.

Requirements

This feature has no special hardware or software requirements for feature enablement or usage.

Considerations

  • A maximum of 64 SoftGRE tunnel profiles can be created per RUCKUS One tenant account, but only three can be enabled per venue and only one enabled per Wi-Fi network.
  • A venue supports up to three SoftGRE activated profiles without IPsec or one SoftGRE profile with IPsec.
  • Each SoftGRE profile name must be unique.
  • All the gateway addresses in the enabled SoftGRE profiles must be different, including primary and secondary gateway IP addresses in a single SoftGRE profile.
  • SoftGRE tunneling is not supported on a Captive Portal network.
  • Network Address Translation (NAT) is not supported because SoftGRE does not use higher-layer protocols such as UDP or TCP, which typically precede GRE in the networking stack.
  • SoftGRE clients cannot ping each other, regardless of being connected through different APs, if they are associated with the same SoftGRE gateway within the same VLAN.
  • A SoftGRE profile cannot be deleted after it is activated in a venue.
  • Client Isolation setting at the venue, network, and AP port levels works as expected when SoftGRE tunnel is configured.
  • VLAN setting at the venue, AP port (Edit Venue/AP > Networking > LAN Ports > Ethernet Port Profile) and network levels (Wi-Fi Networks > Add/Edit Network > More Settings > VLAN tab) works as expected when SoftGRE tunnel is configured.

Limitations

The configuration of SoftGRE tunneling secured using IPsec is applicable only on APs in a Passphrase (PSK/SAE) Wi-Fi network.

Best Practices

This feature has no special recommendations for feature enablement or usage.

Prerequisites

To implement an IPsec-secured SoftGRE tunnel on an Ethernet port for an AP, the Ethernet port must first be enabled on the AP.