AAA, NAC, Guest Access & BYOD

What-Ports-are-needed-between-CPPM-publisher-and-Subscriber?

Aruba Employee

QuestionWhat-Ports-are-needed-between-CPPM-publisher-and-Subscriber?

 

In a Publisher Subscriber setup, the database sync goes one way : Publisher --> Subscriber. However, the database keep alive messages go in both directions - the publisher and the subscriber need to know whether the other party is alive and kicking.

In short the ports that are needed to open for CPPM are
1. Clients connecting to the network (endpoints - laptops, smartphones, etc) require connectivity to port 80, port 443 on CPPM
2. The controller requires access to port 1812, 1813, 1645, 1646 (RADIUS ports) and 3799 (RFC 3576 - RADIUS CoA)
3. CPPM Subscriber requires access to CPPM Publisher on the ports listed below. Note that these ports need to be open only between the two servers (two specific servers) and it doesn't need to be open for any other devices on the network.

  • UDP Port 123 NTP (Subscriber to publisher)
  • TCP Port 443 HTTPS (Bi-directional)
  • TCP Port 5432 PostgreSQL for DB replication (Subscriber to publisher) 
 
The database communication is fully encrypted (SSL) end-to-end between Publisher and Subscriber, this automatically implies snooping on the wire/man-in-the-middle/etc attacks are not possible.

 

Version history
Revision #:
1 of 1
Last update:
‎07-10-2014 04:28 PM
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.