Controllerless Networks

Hey guys, I am looking to deploy an Airwave server in a DMZ and then allow instant AP's to connect from the internet. Looking at the configuration it looks like I need to allow 443 inbound from the internet to allow this connection, however that also opens up mgmt login for users. Is there a way to designate a seperate mgmt interface so that I don't open it up for logins like with clearpass or configure instants to connect on a different port than 443 as some examples? Obviously I can lock down the firewall to only the source IP's of the instants but I am trying to avoid that initally for various reasons. 

Thanks, 

Hi,

It is possible.

We can configure a customised port in AMP server. AMP Setup->General-->"Aruba Instant Options" section you find an option to change the default port number 443 to any other port # ranges from 1000 to 65534.

For your Ref :

Try and let me know if you need any further help on this.

Thanks and good that we can use the diff TCP port to listen only for IAPs. How about the below scenario?

1. Airwave on the Datacenter,

2. Some of IAP Branch locations are connecting through WAN to reach Airwave at DC

3. we have some of the IAP on the plain internet and want to manage using same airwave @ DC

What is your recommendation?

Can i seperate Internal IAP land External IAP listening ports?

Unfortunately, they can only use the same listening port.