This article explains the network ports, and the purpose for each, that need to be allowed in an environment where Arista WiFi products are deployment. A network port is a process-specific or an application-specific software construct serving as a communication endpoint, which is used by the Transport Layer protocols of Internet Protocol suite, such as User Diagram Protocol (UDP) and Transmission Control Protocol (TCP).
Here are the TCP Ports that need to be allowed in your network.
|TCP 21||File upload/download. e.g. db backup.|
|TCP 22||Remote CLI access over SSH and file upload/download.|
|TCP 25||SMTP integration for On-premises Wireless Manager.|
|TCP 80||APs download new firmware from Wireless Manager or the cloud firmware repository when upgrade has been initiated.|
|TCP 443||Communication with admin UI over HTTPS; Also used for AP upgrades and as a secondary option for APs to connect to the cloud service.|
|TCP 1035||Used by server application on an on-premises Wireless Manager Cluster Child server to accept trigger requests from Parent.
Connections are accepted only from Parent Server and only on secure VPN tunnel interface.
|TCP 3851||For communication with AirTight Mobile client software (EOL; Formerly called SAFE).|
|TCP 4433||Used during client certificate (smart card) based user authentication with on-premises Wireless Manager.|
|TCP 5432||Connection to PostgreSQL database:
1. In an on-premises Wireless Manager HA pair, external connections are allowed only from peer HA server.
2. In an on-premises Wireless Manager Server Cluster, external connections are allowed only from the Parent server via secure VPN tunnel.
|TCP 2002||Control port to initiate Troubleshooting (packet capture). This port accepts incoming service request to start packet capture session only if the AP/Sensor has been instructed by the Server within the SpectraTalk tunnel to initiate the Troubleshooting session.|
Here are the UDP Ports that need to be allowed in outward direction
|UDP 123||Sync with NTP server.|
|UDP 161||SNMP Client listens on this port. e.g. WLC integration with on-premises Wireless Manager.|
|UDP 162||Send SNMP traps to remote SNMP management server.|
|UDP 389||Connection to LDAP server for user authentication with Wireless Manager (on-premises only).|
|UDP 694||Heartbeat service used for High Availability (on-premises only).|
|UDP 514||Syslog/ArcSight servers.|
|UDP 1194||OpenVPN service used to establish secure tunnel between Parent and Child Servers in Server Cluster.|
|UDP 1812||Connection to RADIUS server for user authentication with on-premises Wireless Manager.|
|UDP 3851||Communication between Wireless Manager server or cloud service with the Arista AP/Sensors over SpectraTalk protocol.|
|UDP 3852||OpenVPN service used for establishing secure tunnel between on-premises servers and Wireless Manager cloud service, for Cloud Integration Point (CIP) feature.|
As a related topic, please refer to this article for more details on the cloud redirector and troubleshooting steps: How to troubleshoot Arista AP connection to the Cloud