• TCP/UDP Ports used by Arista Wi-Fi Products

 
 
Print Friendly, PDF & Email

Introduction

This article explains the network ports, and the purpose for each, that need to be allowed in an environment where Arista Wi-Fi products are deployment. A network port is a process-specific or an application-specific software construct serving as a communication endpoint, which is used by the Transport Layer protocols of Internet Protocol suite, such as User Diagram Protocol (UDP) and Transmission Control Protocol (TCP).

Solution

TCP Ports:

 

Port From To Purpose
TCP 21 End Users / NOC, WM WM, End Users File upload/download. e.g. db backup.
TCP 22 End Users / NOC, WM AP, WM Remote CLI access over SSH and file upload/download. Make it bidirectional.
TCP 80 End Users / NOC, AP, WM WM, AP APs download new firmware from Wireless Manager or the cloud firmware repository when upgrade is initiated.
TCP 443 End Users / NOC, AP, WM WM, AP Communication with admin UI over HTTPS; Also used for AP upgrades and as a secondary option for APs to connect to the cloud service.
TCP 1035 WM WM Used by server application on an on-premises Wireless Manager Cluster Child server to accept trigger requests from Parent.

Connections are accepted only from Parent Server and only on secure VPN tunnel interface.

TCP 2002 WM AP Control port to initiate Troubleshooting (packet capture). This port accepts incoming service request to start packet capture session only if the AP/Sensor has been instructed by the Server within the SpectraTalk tunnel to initiate the Troubleshooting session.
TCP 3851 End Users / NOC,  AP AP For communication with AirTight Mobile client software (EOL; Formerly called SAFE).

 

UDP Ports:

Port From To Purpose
UDP 53 AP / WM DNS DNS Resolution.
UDP 123 AP / WM NTP Time sync with NTP server.
UDP 162 WM SNMP Get Send SNMP traps to remote SNMP management server.
UDP 514 WM Syslog Syslog/ArcSight servers.
UDP 694 WM WM L3 HA Heartbeat Service, make it bidirectional.
UDP 1194 WM WM OpenVPN service used to establish secure tunnel between Parent and Child Servers in Server Cluster.
UDP 1812/1813 WM,  Radius Radius,     AP / WM For user / WM authentication with RADIUS.
UDP 3851 WM / AP AP / WM Communication between Wireless Manager server or cloud service with the Arista AP/Sensors over SpectraTalk protocol.

On Premise Only Ports:

These ports are required only for On Premise deployments.

Port From To Purpose
TCP 25 WM SMTP SMTP integration for On-premises Wireless Manager.
TCP 1035 WM WM Used by server application on an on-premises Wireless Manager Cluster Child server to accept trigger requests from Parent.

Connections are accepted only from Parent Server and only on secure VPN tunnel interface.

TCP 4433 End Users / NOC, WM WM Used during client certificate (smart card) based user authentication with on-premises Wireless Manager.
TCP 5432 WM WM Connection to PostgreSQL database:

1. In an on-premises Wireless Manager HA pair, external connections are allowed only from peer HA server.

2. In an on-premises Wireless Manager Server Cluster, external connections are allowed only from the Parent server via secure VPN tunnel.

Make it Bidirectional.

UDP 161 WM SNMP Traps SNMP Client listens on this port. e.g. WLC integration with on-premises Wireless Manager.
UDP 389 WM LDAP Connection to LDAP (Lightweight Directory Access Protocol ) server for user authentication with Wireless Manager(on-premises only).
UDP 3852 WM AP OpenVPN service used for establishing secure tunnel between on-premises servers and Wireless Manager cloud service, for Cloud Integration Point (CIP) feature.

 

ICMP:

ICMP to and from End Users / NOC, APs, and WM will need to be allowed and accepted for ping tests with APs, NTP, GW, DNS, and WM.

As a related topic, please refer to this article for more details on the cloud redirector and troubleshooting steps: How to troubleshoot Arista AP connection to the Cloud

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: