vWAG Evo™ and Ruckus Enhanced Wi-Fi Access Platform
A powerful combination of centralized policy control and distributed high-performance wireless connectivity
Traditional Enterprise wireless networks provide either manually provisioned solutions that assume trusted users or open implementations that offer best-effort services to all untrusted users. But these networks have evolved from simple connectivity utilities into mission-critical infrastructure. Factors driving this evolution include:
-
The shift to hybrid and remote work models requiring consistent policy enforcement regardless of location
-
Explosive growth in Wi-Fi® enabled Internet of Things (IoT) devices not leveraging traditional 802.1x authentication
-
Cloud-based application delivery increasing sensitivity to latency and throughput variability
-
Zero-trust security mandates requiring per-device, per-session policy enforcement
By deploying a Ruckus Wi-Fi access with Aurora Networks vWAG Evo™ solution, operators can address these new world requirements in support of a Zero-Trust environment in a robust and cost-effective platform.
A Wireless Access Gateway (WAG) is a network function positioned between wireless access infrastructure and upstream IP services. It provides authentication, subscriber session management, policy enforcement, QoS control, and acts as the edge router towards the operator’s core.
A virtualized, disaggregated WAG, Aurora Networks vWAG Evo™ capabilities include these core features and more:
-
Subscriber authentication and authorization
-
IPoE, PPPoE, Single/Dual-Stack, DS-Lite, Soft-GRE, L2TP (LNS/LAC)
-
-
QoS and bandwidth management
-
Integration with RADIUS/AAA systems
-
Policy-based routing and segmentation
-
OSPF, BGP, RIP, IS-IS, MPLS VPNs, MPLS PW HE, LAG/LACP, Segment Routing
-
-
Security enforcement and traffic isolation
-
L2VPN (VPLS, VPWS), 802.1ad (QinQ, 1:1 and N:1), EVPN (VPLS and VPWS)
-
-
SNMP, NETCONF/YANG, REST API for monitoring
-
Config conversion from Cisco Nokia and Juniper BNGs
-
Lawful Intercept (CALEA Compliant, CLI / SNMP)
The integration of Aurora Networks Wireless Access Gateway (vWAG Evo™) with Ruckus One™ and Ruckus access points delivers a powerful combination of centralized policy control and distributed high-performance wireless connectivity—seamlessly supporting enterprise and service provider demands for scalability, security, flexibility, and operational efficiency.
Why Aurora Networks?
Vision to Performance
Our extensive portfolio, flexible architecture, and professional service capabilities enable service providers to optimally evolve their broadband network. Aurora Networks’ vWAG Evo is designed with growth and scalability in mind.
A Legacy of Innovation
Aurora Networks has a comprehensive, innovative portfolio of end-to-end solutions that can help you update and extend the life of your current network assets. Whether you need to modernize an aging plant, deploy next-generation technologies in targeted areas of your network, or monetize your current network deployments by rolling out premium, high-tier services, Aurora Networks has the products, experience, and know-how to help you achieve your business goals.
End-to-End Systems Design and Integration
Aurora Networks' Professional Services team has a rich and diverse set of skills, processes, and methodologies to help you design, deploy, and expand your networks. Whether you need a complete network solution, or if you’re planning projects in targeted areas of your network, Aurora Networks' Professional Services team provides support for every facet of your network upgrade project — from system design to after-sale services such as product training and operational support—to ensure you meet your network upgrade and optimization goals quickly, seamlessly, and economically.
A Virtualized, Disaggregate...
A Disaggregated, Virtualized Solution
The vWAG Evo is a disaggregated solution. Disaggregation separates the control plane (CP) from the user or data plane (UP) to allow for small stand-alone implementations (CP+UP). Disaggregation also supports scaling larger, allowing one CP to manage hundreds of UP. Disaggregation facilitates scaling of the UP bandwidth based on existing network layout while providing floating subscriber licensing to maximize value.
The Aurora vWAG Evo is also virtualized using containers, allowing for deployment on lower cost data center servers while leveraging all the data center software technologies to provide High Availability (HA) with N:M redundancy, further reducing CAPEX and OPEX. Key business drivers for virtualized software are mainly cost reduction, agility, risk reduction, and better use of IT resources. These business drivers include:
-
Consolidating many workloads onto fewer physical servers, often reducing infrastructure spend by double‑digit percentages
-
Faster provisioning of environments in minutes instead of days or weeks
-
Easy scaling up or down by adjusting virtual CPU/RAM or spinning up new virtual machines as demand changes, avoiding long hardware procurement cycles
-
Stronger disaster recovery and business continuity using virtual machine snapshots, image‑based backups, and live migration to other hosts with minimal downtime
-
Isolation between virtual machines, so a failure or corruption in one workload is less likely to impact others, improving overall service availability
-
Built‑in isolation and segmentation (for example, separate VMs [virtual networks]) that help contain breaches and support compliance requirements
The vWAG Evo CP can be hosted on a dedicated server or placed in a public or private cloud to deliver services to one or more service providers. The UP is placed on dedicated servers inserted into a service provider’s network at the appropriate location to service groups of subscribers. An example is shown below.
APs and RUCKUS One™
APs and RUCKUS One™
Ruckus One is an AI‑driven, cloud‑native network assurance and business intelligence platform that simplifies management of converged wired, Wi‑Fi, and private cellular networks via a single pane of glass. It targets organizations that want enterprise‑grade connectivity with easier operations, better user experience, and flexible subscription‑based consumption. Ruckus One provides:
- An AI‑driven cloud platform that unifies management for Wi‑Fi, switching, and multi‑access (public and private) networks, replacing multiple point tools
- Network assurance, service delivery, and business intelligence through a modern, revamped UI and mobile app for multi‑site environments
- Simplified operations with intent‑based workflows, “configure once, deploy everywhere” provisioning, and centralized monitoring and troubleshooting
- Improved performance and reliability through AI‑driven radio resource management, load balancing, and smart analytics to detect and remediate issues before users notice
- A Unified dashboard for venues, devices, and clients, with drill‑downs for health, KPIs, and client connectivity diagnostics.
- Offloading routine troubleshooting via AI Assurance, network health scoring, long‑term trend analysis, and clear AI recommendations (in the Professional tier) from IT
- A Service catalog to quickly deploy services like captive portals, DPSK, DHCP, syslog, and more across many sites
- Native mobile apps for scanning and onboarding devices, remote monitoring, basic provisioning, and guest/DPSK management
Ruckus APs working with Ruckus One are an ideal solution for small or medium businesses (SMBs), larger enterprises, and Managed Service Providers (MSPs) that provide services for for hospitality, education, MDUs, manufacturing, and other multi‑site or high‑density environments that need consistent user experience and high uptime.
Zero-Trust Wireless Access
Zero-Trust Wireless Access
The Ruckus solution (R1) combined with the vWAG Evo enforces zero-trust principles by treating every wireless client as untrusted until authentication and posture assessment are completed. This is implemented through a multi-stage onboarding pipeline:
- Layer 2 isolation: AP assigns all new clients to a VLAN or tunnel; no lateral traffic is permitted
- Authentication: 802.1X/EAP for corporate devices; MAC Authentication Bypass (MAB) for IoT; custom branded captive portal for guests, and support for Hotspot 2.0 (Passpoint-mobile data offload)
- Authorization: AP and the vWAG work together to query RADIUS server to retrieve user/device attributes and apply role-based policies
- Post-authentication policy: Continuous monitoring; re-authentication triggers on anomaly detection
Common Deployment Topologies
Common Deployment Topologies
The combined R1/vWAG Evo solution provides several benefits, including centralized policy enforcement across all Aps, scalable subscriber and session management, enhanced security and compliance, and improved operational efficiency. These benefits are applicable to a number of business opportunities, such as hospitality and enterprise Wi-Fi deployments, carrier-grade public W-Fi and cellular offload, and MSP Wi-Fi offerings.
Common deployment topologies in support of these benefits and use cases are discussed below. To support any of these deployment scenarios, operators should:
- Ensure sufficient backhaul capacity
- Implement VLAN and traffic segmentation
- Deploy redundant WAG instances for high availability
- Integrate centralized monitoring and logging
Centralized Tunnel Mode
In centralized tunnel mode, all AP traffic is encapsulated (typically via GRE data tunnels) and forwarded to the WAG before being forwarded to the wired network. The WAG applies policy inspection and enforcement to 100% of wireless traffic. This topology is ideal for regulated environments (healthcare, finance, government) where centralized visibility and control are mandatory.
Split-Tunnel / Local Breakout Mode
Split-tunnel mode allows the Ruckus AP to forward certain traffic classes locally (e.g., trusted corporate VLANs) while tunneling other traffic (e.g., guest, BYOD, IoT) to the WAG for policy enforcement. This reduces backhaul bandwidth requirements and latency for trusted traffic, while maintaining centralized control for sensitive or untrusted sessions.
Distributed / Branch Deployment
For multi-site organizations, the Aurora vWAG Evo can be deployed regionally. Ruckus APs at branch offices maintain a secure control-plane tunnel to SmartZone or Ruckus Cloud, while data tunnels terminate at the nearest vWAG. This model preserves low-latency internet breakout while enforcing consistent policies globally.
