![background image](http://html1.mh-extra.com/html/aerohive/access-point/access-point_deployment-manual_2862625210.webp)
Deployment Guide
209
Chapter 15 Traffic Types
This is a list of all the types of traffic that might be involved with a HiveAP and HiveManager deployment. If a
firewall lies between any of the sources and destinations listed below, make sure that it allows these traffic types.
Traffic Supporting Network Access for Wireless Clients
Service
Source
Destination
Protocol SRC Port
DST Port
Notes
Active
Directory
HiveAP RADIUS
server mgt0
interface
Active
Directory
domain
controller or
global catalog
server
6 TCP
1024-65535
139, and 445
or 3268
Required for a HiveAP
RADIUS server to
contact a domain
controller on port 445
or a global catalog
server on port 3268
17 UDP
1024-65535
389
DHCP
unregistered
wireless client
HiveAP wifi
subinterface in
access mode
17 UDP
68
67
Required for captive
web portal functionality
DNS
unregistered
wireless client
HiveAP wifi
subinterface in
access mode
17 UDP
53, or 1024 -
65535
53
Required for captive
web portal functionality
GRE
HiveAP mgt0
interface
HiveAP mgt0
interface
47 GRE
N.A.
N.A.
Required to support
DNX
*
and layer 3
roaming between
members of different
hives
HTTP
unregistered
wireless client
HiveAP wifi
subinterface in
access mode
6 TCP
1024 - 65535 80
Required for captive
web portal functionality
HTTPS
unregistered
wireless client
HiveAP wifi
subinterface in
access mode
6 TCP
1024 - 65535 443
Required for captive
web portal functionality
using a server key
IKE
HiveAP VPN
client mgt0
interface
HiveAP VPN
server mgt0
interface
17 UDP
500 and 4500
for NAT-
Traversal
500 and 4500
for NAT-
Traversal
Required for HiveAP
VPN clients to connect
to HiveAP VPN servers
IPsec ESP
HiveAP VPN
client or server
mgt0 interface
HiveAP VPN
server or client
mgt0 interface
50 ESP
N.A.
N.A.
Required for IPsec VPN
traffic to flow between
HiveAP VPN clients and
servers
IPsec ESP with
NAT-Traversal
enabled
HiveAP VPN
client or server
mgt0 interface
HiveAP VPN
server or client
mgt0 interface
17 UDP
4500
4500
Required for VPN traffic
to flow when a NAT
device is detected
inline
Summary of Contents for access point
Page 1: ...Aerohive Deployment Guide ...
Page 7: ...HiveAP Compliance Information 6 Aerohive ...
Page 13: ...Contents 12 Aerohive ...
Page 37: ...Chapter 2 The HiveAP 20 ag Platform 36 Aerohive ...
Page 71: ...Chapter 4 The HiveAP 340 Platform 70 Aerohive ...
Page 81: ...Chapter 5 The HiveAP 320 Platform 80 Aerohive ...
Page 105: ...Chapter 8 The High Capacity HiveManager Platform 104 Aerohive ...
Page 123: ...Chapter 10 Using HiveManager 122 Aerohive ...
Page 209: ...Chapter 14 Deployment Examples CLI 208 Aerohive ...