topic ports required for PEAP usage behind firewall in Wireless

ports required for PEAP usage behind firewall

Andrey128 — Mon, 05 Jul 2021 14:42:03 GMT

does anyone know which set of ports should be openned to allow work of devices, which are using PEAP protocol?

-devices and wireless controller are separated by firewall

-user account and passwords, which are used for PEAP, are created on wireless controller.

thanks a lot

Re: ports required for PEAP usage behind firewall

Flavio Miranda — Thu, 28 Sep 2017 03:41:41 GMT

Hello,

PEAP, or any kind of EAP protocol, is negociated between supplicante and authentication server using standard RADIUS protocol port 1812 and 1813 UDP. There´s no specific port for PEAP.

Re: ports required for PEAP usage behind firewall

RichardAtkin — Fri, 29 Sep 2017 13:30:33 GMT

If you're using the WLC as the RADIUS server and creating the user accounts within the WLC, then you don't need to open any ports. The AP tunnels the Auth traffic back to the WLC via CAPWAP and that's it 🙂

You only need to open ports if you are using an external RADIUS server, in which case its UDP1812 & 1813 for RADIUS authentication and accounting, and UDP 1700 or 3799 if you get in to doing RADIUS CoA stuff. The source/destination IPs for the FW rule would be your WLC's Management Interface and the RADIUS Server's IP address.