Environment- This Article was tested on controllers running Aruba OS 18.104.22.168
Answer- We can enable Centralized licensing between two controllers which are not part of Master-local topology. When centralized licensing is enabled between such controllers, they communicate with each other over specialized ports. We need to allow those ports for it to function properly. Below is the traffic that needs to be allowed between the controllers which are NOT on master<==>Standby<==>Local cluster.
1. UDP Source port = 8211
2. UDP destination port = 8211
3. Keepalives timer = Sent every 30 seconds
4. Keepalives direction = Sent in both directions: Server==>client, client==>server
Above traffic must be allowed between the Centralized licensing server and client. For further analysis, please fer to the Packet capture attached with this document.
Centralized licensing keepalive traffic between a controllers in a master<==>Standby<==>Local cluster is carried inside the IPSec tunnel between the controllers. Thus no extra traffic needs to be allowed between the controllers.