SoftGRE Tunneling Support
Software Generic Routing Encapsulation (SoftGRE) tunneling involves transmitting encapsulated data packets in WLAN deployments to manage and direct AP traffic to a centralized gateway.
Feature Overview
This technique encapsulates the original data packets within GRE packets, creating a virtual point-to-point link over the existing network infrastructure, which adds security and enables centralized traffic distribution by establishing a tunnel from the APs to a SoftGRE gateway.
Managing and directing traffic efficiently is crucial for maintaining optimal network performance. SoftGRE tunneling plays a pivotal role in achieving this by encapsulating data packets and transmitting them over various network types.
The SoftGRE Tunneling Support feature allows you to:
- Create a SoftGRE tunnel profile
- Bind the profile to a specific venue and Wi-Fi network for tunneling AP traffic to a SoftGRE gateway
- Enable a SoftGRE tunnel profile on an Ethernet port and apply an Internet Protocol Security (IPsec) profile to the SoftGRE tunnel for added security (this configuration is supported only on Passphrase (PSK/SAE) Wi-Fi networks)
Following are the benefits:
- Enhanced flexibility: Adaptability to different network environments to work with various types of networks.
- Centralized traffic management and efficiency: Centralized control of network traffic, enabling more efficient and consistent application of network policies.
- Enhanced security: Secure encrypted communication over an Internet Protocol network.
Requirements
This feature has no special hardware or software requirements for feature enablement or usage.
Considerations
- A maximum of 64 SoftGRE tunnel profiles can be created per RUCKUS One tenant account, but only three can be enabled per venue and only one enabled per Wi-Fi network.
- A venue supports up to three SoftGRE activated profiles without IPsec or one SoftGRE profile with IPsec.
- Each SoftGRE profile name must be unique.
- All the gateway addresses in the enabled SoftGRE profiles must be different, including primary and secondary gateway IP addresses in a single SoftGRE profile.
- SoftGRE tunneling is not supported on a Captive Portal network.
- Network Address Translation (NAT) is not supported because SoftGRE does not use higher-layer protocols such as UDP or TCP, which typically precede GRE in the networking stack.
- SoftGRE clients cannot ping each other, regardless of being connected through different APs, if they are associated with the same SoftGRE gateway within the same VLAN.
- A SoftGRE profile cannot be deleted after it is activated in a venue.
- Client Isolation setting at the venue, network, and AP port levels works as expected when SoftGRE tunnel is configured.
- VLAN setting at the venue, AP port ( ) and network levels ( tab) works as expected when SoftGRE tunnel is configured.
Limitations
The configuration of SoftGRE tunneling secured using IPsec is applicable only on APs in a Passphrase (PSK/SAE) Wi-Fi network.
Best Practices
This feature has no special recommendations for feature enablement or usage.
Prerequisites
To implement an IPsec-secured SoftGRE tunnel on an Ethernet port for an AP, the Ethernet port must first be enabled on the AP.