Differences
This shows you the differences between two versions of the page.
|
security_wiki:ports_used_by_lwapp_capwap [2015/03/09 23:30] billdozor |
security_wiki:ports_used_by_lwapp_capwap [2019/05/25 23:50] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Ports used by LWAPP/ | ||
| - | **General Information** | ||
| - | |||
| - | Permit these ports for LWAPP/ | ||
| - | |||
| - | **Checklist** | ||
| - | * Source and destination IPs | ||
| - | * What services you will be using from the below | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== The Services/ | ||
| - | |||
| - | __Enable these UDP ports for LWAPP traffic:__ | ||
| - | * Data: 12222 | ||
| - | * Control: 12223 | ||
| - | |||
| - | __Enable these UDP ports for CAPWAP traffic:__ | ||
| - | * Data: 5247 | ||
| - | * Control: 5246 | ||
| - | |||
| - | __Enable these UDP ports for Mobility traffic:__ | ||
| - | * 16666: Secured Mode | ||
| - | * 16667: Unsecured Mode | ||
| - | |||
| - | * IP protocol 97 must be allowed on the firewall to allow EtherIP packets. | ||
| - | * If you use ESP to encapsulate mobility packets, you have to permit ISAKMP through the firewall when you open UDP port 500. | ||
| - | * You also have to open the IP protocol 50 to allow the encrypted data to pass through the firewall. | ||
| - | |||
| - | These ports are optional (depending on your requirements): | ||
| - | * TCP 161 and 162 for SNMP (for the Wireless Control System [WCS]) | ||
| - | * UDP 69 for TFTP | ||
| - | * TCP 80 and/or 443 for HTTP or HTTPS for GUI access | ||
| - | * TCP 23 and/or 22 for Telnet or secure shell (SSH) for CLI access | ||