Wireless Access

Reply
Highlighted
Occasional Contributor I

What ports for communication between Virtual Mobility Master and Mobility Controller?

I've installed a Virtual Mobility Master on a Proxmox (KVM) instance, hosted in a data center. This VMM is sitting behind a pfSense instance that does NAT.

 

I then have multiple hardware Mobility Controllers at different physical locations.

 

So the VMM and Mobility Controllers would be communicating over the internet.

 

I haven't yet added them to the VMM yet.

 

My question is - what ports do I need to forward on the VMM side, in order for the Mobility Controller to communicate with it?

Highlighted
Guru Elite

Re: What ports for communication between Virtual Mobility Master and Mobility Controller?

Highlighted
Occasional Contributor I

Re: What ports for communication between Virtual Mobility Master and Mobility Controller?

So just to be clear - for VMM (Virtual Mobility Master) to MC (Mobility Controller), I need all of the following ports to be port forwarded?

 

IPsec (UDP port 4500) for communication between Mobility Master and a managed device.

IPsec (UDP ports 500 and 4500) and ESP (protocol 50). PAPI between Mobility Master and a managed device is encapsulated in IPsec.

IP-IP (protocol 94) and UDP port 443 if Layer-3 mobility is enabled

GRE (protocol 47) if tunneling guest traffic over GRE to DMZ managed device

IKE (UDP 500)

ESP (protocol 50)

NAT-T (UDP 4500)

 

That seems like...an awful lot of ports =(.

 

Is there any other way of linking a VMM hosted somewhere in a colo or in the cloud, and where you have Mobility Controllers and APs in various locations?

Highlighted
Guru Elite

Re: What ports for communication between Virtual Mobility Master and Mobility Controller?

That looks like port udp 4500 repeated several times along with IKE (udp 500) ESP (protocol 50).

 

There is not another way, unfortunately.

 

EDIT:  All you need is UDP 4500 between a mobility master and a mobility controller, btw.  The other protocols are not necessary.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: