Deployment Guide 209
Chapter 15 Traffic Types
This is a list of all the types of traffic that might be involved with a HiveAP and HiveManager deployment. If a
firewall lies between any of the sources and destinations listed below, make sure that it allows these traffic types.
Traffic Supporting Network Access for Wireless Clients
Service Source Destination Protocol SRC Port DST Port Notes
Active
Directory
HiveAP RADIUS
server mgt0
interface
Active
Directory
domain
controller or
global catalog
server
6 TCP 1024-65535 139, and 445
or 3268
Required for a HiveAP
RADIUS server to
contact a domain
controller on port 445
or a global catalog
server on port 3268
17 UDP 1024-65535 389
DHCP unregistered
wireless client
HiveAP wifi
subinterface in
access mode
17 UDP6867Required for captive
web portal functionality
DNS unregistered
wireless client
HiveAP wifi
subinterface in
access mode
17 UDP 53, or 1024 -
65535
53 Required for captive
web portal functionality
GRE HiveAP mgt0
interface
HiveAP mgt0
interface
47 GRE N.A. N.A. Required to support
DNX
*
and layer 3
roaming between
members of different
hives
HTTP unregistered
wireless client
HiveAP wifi
subinterface in
access mode
6 TCP 1024 - 65535 80 Required for captive
web portal functionality
HTTPS unregistered
wireless client
HiveAP wifi
subinterface in
access mode
6 TCP 1024 - 65535 443 Required for captive
web portal functionality
using a server key
IKE HiveAP VPN
client mgt0
interface
HiveAP VPN
server mgt0
interface
17 UDP 500 and 4500
for NAT-
Traversal
500 and 4500
for NAT-
Traversal
Required for HiveAP
VPN clients to connect
to HiveAP VPN servers
IPsec ESP HiveAP VPN
client or server
mgt0 interface
HiveAP VPN
server or client
mgt0 interface
50 ESP N.A. N.A. Required for IPsec VPN
traffic to flow between
HiveAP VPN clients and
servers
IPsec ESP with
NAT-Traversal
enabled
HiveAP VPN
client or server
mgt0 interface
HiveAP VPN
server or client
mgt0 interface
17 UDP 4500 4500 Required for VPN traffic
to flow when a NAT
device is detected
inline
To Next Page
Loading...
