Creating a Tunnel Profile

A tunnel profile is essential for managing and optimizing the behavior of tunnels between Access Points (APs) and the RUCKUS Edge device. You can apply the same Tunnel Profile to multiple venues, but each venue can have only one Tunnel Profile applied.

APs use tunnel keepalive request messages to verify the reachability of the RUCKUS Edge device before establishing AP data tunnel and broadcasting WLANs enabled with an SD-LAN service. Once the tunnel is established, APs continue to send periodic keepalive request messages to monitor the reachability of the Edge device. If the AP does not receive responses for the maximum number of consecutive keepalive requests, it assumes the Edge is unreachable, brings down the tunnel, and stops broadcasting the WLANs. The AP continues to send periodic keepalive requests and will re-establish the tunnel and resume broadcasting WLANs upon receiving responses.

Complete the following steps to create a Tunnel Profile:

  1. From the navigation bar, select Network Control > Policies & Profiles.
    The Policies & Profiles page is displayed.
  2. In the Policies & Profiles page, click Tunnel Profile tile and click the Add Tunnel Profile. Alternatively, in the Policies & Profiles page, click the Add Policy or Profile then select the Tunnel Profile tile, and click Next.
    The Add Tunnel Profile page is displayed.
    Add Tunnel Profile Page


  3. Complete the following fields:
    • Profile Name: Enter the name for the tunnel policy.
    • Network Segmentation Type: The VLAN to VNI map option is selected by default. The SD-LAN service maps the VLAN ID to the VNI for tunneling. The VNI option is used for the PIN feature.
    • Gateway Path MTU Mode: Select one of following options:
      • Auto
      • Manual: Enter the value in bytes (allowed values are 576 to 1450). The value must be lesser than the Ethernet MTU on the AP.
        Note: Check the Ethernet MTU on the AP; Tunnel MTU gets applied only if it is less than the Ethernet MTU.
    • Path MTU Request Timeout: The maximum wait time for a response to a path MTU request. Range: 10 milliseconds to 10 seconds; default is 2 seconds.
    • Path MTU Request Retries: The maximum number of Path MTU requests sent to test one MTU value. Range: 3 through 64; default is 5 retries.
    • Force Fragmentation: When enabled, the AP or Edge device will automatically fragment packets, ignoring the Don't Fragment (DF) bit in the IP header of the packets. Forced packet fragmentation can reduce congestion and improve network throughout, but it may lead to fragment loss, packet reassembly issues, and memory exhaustion. This option is disabled by default. Toggle the switch to ON to enable.
    • Tunnel Idle Timeout: The amount of time a tunnel is allowed to remain active without any traffic. Select Minutes, Days, or Weeks from the drop-down list and then enter the duration or use the up/down arrows to set the value. Range: 5 through 10080 minutes, 1 through 7 days, or 1 week; default is 20 minutes.
    • Tunnel Keep Alive Interval: Defines the interval between two consecutive keepalive request messages. Range: 1 through 5 seconds, with a default value of 2 seconds.
    • Tunnel Keep Alive Retries: Defines the maximum number of consecutive keepalive requests that can fail before the AP determines the Edge device is unreachable. Range: 3 through 10 retries, with a default value of 5.
  4. Click Add.
    The Tunnel Profile is created and is displayed in the Tunnel Profile page.