Scribd Logo
Upload

Welcome to Scribd!

  • Ports To Open For AP-Controller Communication

    Uploaded by

    Lucho Bustamante
    22 views6 pages
    The document lists ports that must be opened in a network firewall for successful communication between Aruba access points, controllers (SCG/SZ/vSZ), and RADIUS servers. Ports 21, 22, 49, 80, 91, 11443, 123, 443, 6868, 8443, 1812, 1813, 802, 8090, 8099, 8100, 8111, 9080, 9443, 9998 are used for functions like firmware upgrades, authentication, management access, and hotspot services. The destination interfaces are the controller's control plane for multi-interface deployments or the combined management/control interface for single-interface deployments.

    Original Description:

    Original Title

    Ports to Open for AP-Controller Communication

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document lists ports that must be opened in a network firewall for successful communication between Aruba access points, controllers (SCG/SZ/vSZ), and RADIUS servers. Ports 21, 22, 49, 80, 91, 11443, 123, 443, 6868, 8443, 1812, 1813, 802, 8090, 8099, 8100, 8111, 9080, 9443, 9998 are used for functions like firmware upgrades, authentication, management access, and hotspot services. The destination interfaces are the controller's control plane for multi-interface deployments or the combined management/control interface for single-interface deployments.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    22 views6 pages

    Ports To Open For AP-Controller Communication

    Uploaded by

    Lucho Bustamante
    The document lists ports that must be opened in a network firewall for successful communication between Aruba access points, controllers (SCG/SZ/vSZ), and RADIUS servers. Ports 21, 22, 49, 80, 91, 11443, 123, 443, 6868, 8443, 1812, 1813, 802, 8090, 8099, 8100, 8111, 9080, 9443, 9998 are used for functions like firmware upgrades, authentication, management access, and hotspot services. The destination interfaces are the controller's control plane for multi-interface deployments or the combined management/control interface for single-interface deployments.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    Part Number:

    Published: 14 March 2016


    Contents

    AP-SCG/SZ/vSZ Communication

    2
    AP-SCG/SZ/vSZ Communication

    AP-SCG/SZ/vSZ Communication
    The table below lists the ports that must be opened in the network firewall to ensure that the
    SCG/SZ/vSZ (controller), managed APs, and RADIUS servers can communicate with each other
    successfully.

    Table 1: Ports to open for AP-SCG/SZ/vSZ communication

    Port Layer 4 Source Destination Configurable Purpose


    Number Protocol Interface from Web
    Interface?
    21 TCP AP vSZ control Yes FTP upload of reports,
    plane statistics, and
    configuration backups
    22 TCP vSZ-D vSZ No SSH tunnel
    49 TCP TACACS+ vSZ control Yes TACACS+ based
    server plane authentication of controller
    administrators
    80 TCP vSZ-D vSZ No HTTP traffic
    91 and TCP AP vSZ control No AP firmware upgrade
    11443 plane
    123 UDP AP vSZ control No NTP sync up
    plane
    Not required in 2.1.2,
    2.1.3, 2.5.1, 2.6, 3.0
    Required in1.x, 2.1, 2.1.1,
    2.5

    443 TCP • AP • vSZ No Access to the


    • vSZ-D control SCG/vSZ/SZ web
    plane interface via HTTPS
    • vSZ

    6868 TCP vSZ-D vSZ No Internal communication


    port
    8443 TCP Any vSZ control No Access to the
    plane SCG/vSZ/SZ web
    interface via HTTPS

    3
    AP-SCG/SZ/vSZ Communication

    Port Layer 4 Source Destination Configurable Purpose


    Number Protocol Interface from Web
    Interface?
    23232 TCP AP SCG (data No GRE tunnel
    plane)
    NOTE: Only applicable to
    SCG.

    23233 UDP and AP Data plane Yes GRE tunnel (required only
    TCP when tunnel mode is GRE
    over UDP)

    NOTE: On the vSZ-D, this


    port is used for both data
    and control in both UDP
    and TCP.

    12222/12223 UDP AP vSZ control No LWAPP discovery


    plane
    NOTE:

    If your AP is within the


    same subnet as the
    controller, disable
    nat-ip-translation to
    establish a connection
    between the AP and the
    controller so that AP
    firmware upgrade
    progresses.
    If your AP is on the side of
    the NAT server and if the
    NAT server does not
    support PASV-Mode FTP,
    enable nat-ip-translation.
    If the NAT server supports
    PASV-Mode FTP, then
    disable nat-ip-translation
    for AP firmware upgrade
    to progress

    1812/1813 UDP AP Radius Yes AAA authentication and


    servers (s) accounting

    4
    AP-SCG/SZ/vSZ Communication

    Port Layer 4 Source Destination Configurable Purpose


    Number Protocol Interface from Web
    Interface?
    8022 No (SSH) Any Management Yes CLI (Command Line
    interface Interface) access to the
    vSZ
    8090 TCP Any vSZ control No Allows unauthorized UEs
    plane to browse to an HTTP
    website
    8099 TCP Any vSZ control No Allows unauthorized UEs
    plane to browse to an HTTPS
    website
    8100 TCP Any vSZ control No Allows unauthorized UEs
    plane to browse using a proxy
    UE
    8111 TCP Any vSZ control No Allows authorized UEs to
    plane browse using a proxy UE
    9080 HTTP Any vSZ control No Northbound Portal
    plane Interface for hotspots
    9443 HTTPS Any vSZ control No Northbound Portal
    plane Interface for hotspots
    9998 TCP Any vSZ control No Hotspot WISPr subscriber
    plane portal login/logout over
    HTTPSl

    NOTE: The destination interfaces are meant for three interface deployments. In a single interface
    deployment, all the destination ports must be forwarded to the combined management/control
    interface IP address.

    5
    Index
    C P
    communication ports 3 ports to open 3

    F
    firewall ports 3

    You might also like