Contributor I

AP70 RAP Protocols

Does anyone know what protocols I need to enable on my firewall to allow a RAP to connect to the controller?
Here is my problem. I have 17 AP70's spread out across numerous sites. All were working as of 2 weeks ago. One stopped working when I upgraded our fw's to a Juniper SRX650. There is a policy and a redirect done in the fw's that allows RAP's to get to the controller.
16 of the RAPS are functioning fine. The one trouble rap is on a dsl connection. That is the only difference from the other 16. The RAP itself, DSL and all cabling have been verified.
I have disabled the fw policy and rebooted a few of the raps and they reconnect with no problem, leading me to beliwve that I dont need a fw policy to allow this to happen.
I guess my questions are:
1) Do I need to have a policy on my firewall to allow a RAP to get to the controller? Right now there is a static nat that translates the outside public IP to the controllers loopback address.
2) If yes, what protocols do I need? I have been told I only need UDP440 (NATT). All of the other needed protocols (syslog, gre, papi, etc ) are contained in the tunnel.
3) Why would only this rap be showing these symptoms?
Any help would be greatly appreciated.
Contributor I


port should be UDP 4500 NATT (nat'd IPSec)

AP70 RAP Protocols

The AP70, like all other Aruba APs, requires only UDP 4500 for secure
RAP communication.

Yes, this port needs to be forwarded through any firewall(s) to make the
connection. That static NAT you have should work fine.

You can verify RAP communication on the controller in many ways, here
is one way I suggest " show datapath session table | include 4500 "
which will show you which IP addresses (sites) are trying to connect
using RAP. Look for the public IP of the DSL site in there as a first
Contributor I

Re: AP70 RAP Protocols

Thanks, I'll give that a try.
Search Airheads
Showing results for 
Search instead for 
Did you mean: