The following ports and protocols are required to be open as necessary for communication and management between the vWLAN and BSAPs, between primary and secondary vWLAN systems when using high availability, between the vWLAN and authentication servers when using various methods of authentication, between BSAPs when using Layer 3 mobility (tunneling), and between BSAPs and authentication when using external Remote Authentication Dial-In User Service (RADIUS) 802.1x authentication. Ensure that any firewalls or access control lists (ACLs) allow the ports and protocols outlined in in the table below as applicable.
NOTE: The ports and protocols described in the following table are a comprehensive list of ports and protocols that must be open as necessary. These ports and protocols are not limited to AP discovery, but cover all communications within the vWLAN network. Unused ports should be closed when not required to maintain system security.
IP Protocol and Port
User Datagram Protocol (UDP) port 53
Domain Name System (DNS)
AP discovery communication between vWLAN and BSAPs (1800 Series BSAPs only).
Transmission Control Protocol (TCP) port 33333
Transport Layer Security (TLS)
Secure control/management channel between vWLAN and BSAPs
UDP port 69
Trivial File Transfer Protocol (TFTP)
Used on the BSAP 1800 Series to transfer firmware between vWLAN and the BSAP or between BSAPs and a third-party TFTP server. Also used for AP traffic capture file transfer between vWLAN and the BSAP.
TCP port 33334
Secure Copy Protocol (SCP)
Used on the BSAP 1900 Series to transfer firmware between vWLAN and the BSAP or between BSAPs and a third-party SCP server. Also used for AP traffic capture file transfer between vWLAN and the BSAP.
TCP port 28000
Used to secure wireless Internet distribution systems (IDS) channels between vWLAN and BSAPs.
TCP port 2335
Secure Shell (SSH)
Used for communication between primary and secondary vWLAN systems for high availability. Also used for debug access.
TCP port 3000
Hypertext Transfer Protocol Secure (HTTPS)
Used for communication between primary and secondary vWLAN systems for high availability and access to the vWLAN web-based graphical user interface (GUI).
TCP port 80
Hypertext Transfer Protocol (HTTP)
Required for captive portals between vWLAN and the BSAPs in vWLAN releases prior to 2.2.1.
TCP port 443
Required for captive portals between vWLAN and the BSAPs in release 2.2.1 and later.
UDP port 1812 or 1645
Required for RADIUS web authentication and RADIUS administrative authentication between the BSAP and the authentication server. Also required for RADIUS external 802.1x authentication between the BSAP and the authentication server.
UDP port 1813 or 1646
Required when using RADIUS accounting between vWLAN and an accounting server.
TCP port 389
Lightweight Directory Access Protocol (LDAP)
Required for LDAP or Microsoft Active Directory (AD) authentication between vWLAN and an authentication server.
UDP port 636
LDAP over TLS (LDAPS)
Required for LDAP or AD authentication between vWLAN and an authentication server.
TCP port 6001
Standard Interchange Protocol (SIP2)
Required for SIP2 authentication between vWLAN and the library authentication server.