Wireless Access

Reply
Contributor I

Complete list of RAP ports

Have a RAP connecting from outside a firewall interface for a client.  Alll we opened was udp 4500, and it failed.  When we opened it all the way with no restrictions, it works.

Guru Elite

Re: Complete list of RAP ports

What do your firewall session logs show? 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Complete list of RAP ports

Waiting on the engineer to come back.  Initially it was all PAPI/UDP 8211.

Contributor I

Re: Complete list of RAP ports

Dumb question:  when the RAP first comes up, I do the conversion using the actual controller IP.  It reboots, and joins, and then I provision it with the client's external public firewall IP interface.

 

Now the AP is up but it is bouncing.  I just wonder if it is bouncing between the two IPs?

Contributor I

Re: Complete list of RAP ports

Ok so I provisioned the AP utilizing the Master IP config on the provision page, and input the client's firewall interface.  I hit apply and reboot, and the AP rebooted and is back, but bounces like said before.  I looked at the tech support of the ap, and the firewall IP address I just configured it with is not in the AP.

Guru Elite

Re: Complete list of RAP ports

Does the AP-Group that the AP is in have an LMS-IP?  If it does, please remove it.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Complete list of RAP ports

For the RAP, you provision it on the RAP end...not the controller.  On the controller, you need the RAP to be whitelisted and the approprate AP group defined.  Like was mentioned, in the AP Group, make sure that the AP system profile that's defined does NOT have an LMS IP address. Also note that if you are using the "default" AP system profile WITH an IP address, please create another one for your RAPs.  If you don't and you remove this IP, then you may end up with provisioning issues in the future internally.

 

Now...on the RAP end...when you convert, you use the firewall EXTERNAL IP address in the conversion process on the RAP.  You do NOT use the controller's internal IP.

 

Hope this helps!

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Contributor I

Re: Complete list of RAP ports

THe AP System Profile in the GUI doesn't have an LMS assigned.  This current AP was the test AP, and was originally assigned the controller's IP in the conversion process so we could validate our configs.  With everything working ok, I provisioned it from the GUI, added the IP of the firewall external address in the provisioning page, then hit reboot and apply.

 

Now it is bootstrapping constantly.  The AP system profile still doesn't have a LMS, but a glance at the ap tech-support shows that LMS of the controller.

Re: Complete list of RAP ports

Can you reset the RAP to defaults and redo the conversion process?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Contributor I

Re: Complete list of RAP ports

Trying that exact thing with another AP.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: