Configuring Communication Ports

Most of the communication between devices on the remote site and Aruba Central server is carried out through HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. (TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. 443). However, verify if the ports listed in Table 1 are open to allow the Aruba Central server and the managed devices to communicate over a network firewallFirewall is a network security system used for preventing unauthorized access to or from a private network..

Table 1: Domain Names and Ports for Aruba Central
Protocol and port	Domain Names and Purpose
Inbound Ports Traffic
TCP 443	To access and manage Aruba Central (on-premises).
TCP 443	For HTTPS and websocket between Aruba Central (on-premises) and devices.
UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. 8211, 8285	To receive AMONAdvanced Monitoring. AMON is used in Aruba WLAN deployments for improved network management, monitoring and diagnostic capabilities. messages and view data for controllers in the Aruba Central monitoring dashboard.
TCP 22	For management access through SSHSecure Shell. SSH is a network protocol that provides secure access to a remote device. and cluster setup.
TCP 22	For CLI between Aruba Central (on-premises) and devices.
TCP 80	For browser redirect from HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. to HTTPS.
TCP 2379, 2380, 4433, 6433, and 10250	For communication between Aruba Central nodes in a cluster.
TCP 4343	To access the setup-wizard installation.
TCP 30633	To allow the devices to set up a connection with the OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller.
TCP 8888	For HTTP-based firmware image download for CX and PVOS devices.
Outbound Ports Traffic
TCP 25, 456, or 587	Dependent on the SMTPSimple Mail Transfer Protocol. SMTP is an Internet standard protocol for electronic mail transmission. configuration for alerts, reports, and Aruba Central (on-premises) account registration.
UDP 123	To access ntp.ubuntu.com. NOTE: This is default destination. Users can reconfigure this port.
UDP 161, 162	For SNMPSimple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. and traps.
TCP 4343	For device bootstrap to controllers.
TCP 22	To access nexus2.airwave.com to support connection.
TCP 443	To access coreupdate.central.arubanetworks.com and allow Aruba Central to check firmware versions for automatic upgrades.
	To access images from the following registries: quay.io docker.io docker.com docker.elastic.co NOTE: Quay.io traffic can originate from multiple IP ranges, refer to the article to allow traffic from Quay nodes.
	To access maps.googleapis.com to translate address.
	To access api.mapbox.com to view maps from user's browser.
	To access d1c50u1zbkqmph.cloudfront.net for CDN from user's browser.
	To access https://enterpriselicense.hpe.com for licensing.
	To access help.centralon-prem.arubanetworks.com for documentation from user's browser.
	To access the outbound internet access.

The Aruba appliance opens multiple ports. Aruba recommends that you host the Aruba appliance behind a firewall.