Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
When there is a firewall in the path, the following protocols and ports should be opened up between the AP and the Aruba WLAN Switch:
- DHCP (UDP 67 & 68)
- FTP(TCP 21 & 22)
- TFTP (UDP port 69)
- NTP (UDP port 123)
- SYSLOG (UDP port 514)
- PAPI (UDP port 8211)
- GRE (protocol 47)
For Remote AP, the following are required:
- TFTP (UDP 69) - when the AP has corrupted image
- NATT (UDP 4500)
After the RAP IPSec connection is formed, all PAPI/GRE are tunneled through this IPSec nat-t session.
The following ports are optional for AP to a specific application server or network management station:
- Remote packet capture with Ethereal/WireShark (UDP 5555-5560)
- Remote packet capture with AiroPeek (UDP 5000)
- AirMagnet Enterprise analyzer (UDP 2500-2501)
- SNMP (UDP 161 & 162)
If there are firewalls between the controllers, the following ports should be opened between the controllers:
- IKE (UDP 500) - 3.x and later
- ESP (protocol 50) - 3.x and later
- NATT (UDP 4500) - 3.x and later
- PAPI (UDP & TCP port 8211)
- IP-IP (protocol 94) - For IP mobility between master-local and local-local
The following ports are for communication between MMS and controllers:
- SNMP (UDP 161 and 162)
- PAPI (TCP 8211)
- HTTPS (TCP 443) - For controller to pull configuration from MMS