if the AOS10 AP has tunnel or mixed mode forwarding configured then the only ports between AP and the gateway is UDP/4500 and IPSEC protocol 47.
bldg-b# sh datapath session | incl 192.168.1.243
192.168.1.243 10.10.10.30 47 0 0 0 0 40 0 local e8e 6 2328 pi
10.10.10.30 192.168.1.243 47 0 0 0 0 40 0 local e8e c 4824 pi
10.10.10.30 192.168.1.243 17 4500 4500 0 0 48 0 local e9d 4b5 37614 FC
192.168.1.243 10.10.10.30 17 4500 4500 0 0 46 0 local e9d 46b 33a8c F
bldg-b#
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------
Original Message:
Sent: Jun 11, 2024 05:25 AM
From: erike
Subject: AOS10 WLAN tunnel mode, firewall between AP and Gateway
Hi all,
I have the document for all previous versions but cannot find any specifications for AOS10. I'm specifically looking for what ports to open on a firewall between an AP and a Gateway in AOS10 to allow tunnel mode go through. GRE (protocol 47) and IPSEC (udp 500 and 4500) would be my guess. Is PAPI (udp 8211) still necessary in AOS10? What else?
thanks.
Erik
------------------------------
Erik Eckhardt
ACEX #149 ACCX #1527 ACMX #1245, ACDX #968, ACSP, ACNSP
------------------------------