AAA, NAC, Guest Access & BYOD

What is the requirement of TCP 6658 port with OnGuard agent?

Aruba Employee

Why do I need to allow the TCP port 6658 between the OnGuard agent and ClearPass server, what is the use of it?


The OnGuard persistent agent uses the port 6658 to establish a control channel communication with the ClearPass server from the client, in order to update the client online status.

If the port 6658 is not allowed or blocked (via local firewall, etc), then the agent will repost the health status every 3 mins and try to establish the control channel.

Please ensure the port 6658 is allowed between the persistent agent and ClearPass server to prevent the client from re-authenticating very often, in any/all of the intermediary devices from the client upto clearpass.

Version history
Revision #:
2 of 2
Last update:
‎11-23-2015 02:31 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.