AAA, NAC, Guest Access & BYOD

What is the requirement of TCP 6658 port with OnGuard agent?

Aruba Employee
Q:

Why do I need to allow the TCP port 6658 between the OnGuard agent and ClearPass server, what is the use of it?



A:

The OnGuard persistent agent uses the port 6658 to establish a control channel communication with the ClearPass server from the client, in order to update the client online status.

If the port 6658 is not allowed or blocked (via local firewall, etc), then the agent will repost the health status every 3 mins and try to establish the control channel.

Please ensure the port 6658 is allowed between the persistent agent and ClearPass server to prevent the client from re-authenticating very often, in any/all of the intermediary devices from the client upto clearpass.

Version history
Revision #:
2 of 2
Last update:
‎11-23-2015 02:31 PM
Updated by:
 
Labels (1)
Contributors
Comments
enes

Hello,

On cisco wired side, do we need to on our access list deny or permit for that port?

 

Yes, if the device is quarantined and you are returning a restricted ACL.

This way if the posture changes , Onguard will be able to communicate CLearPass of the change

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: