Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15526
Views
17
Helpful
3
Replies

Besides CAPWAP, what other ports/protocols needs to be allowed for FlexConnect

Go to solution
LJ Gabrillo
Level 5
Level 5

‎04-17-2015 05:14 AM - edited ‎07-05-2021 02:57 AM

Well the title says it for itself.
Besides CAPWAP, what other ports/protocols needs to be allowed for FlexConnect?

To clear things out, I am MOSTLY concerned between the communication of the FlexConnect AP to the WLC. Besides CAPWAP what do i need to consider? I need this list since most our clients have a firewall, and of course, i need to allow certain protocols and/or ports on the firewall so that the AP and the WLC can see each other.

Any one knows?
As far as I know, I would allow:
1. CAPWAP

2. ICMP         -For reachability testing 

on the firewall, to/fro the devices.

Inputs would be helpful! ^_^
Thanks in Advance.

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎04-17-2015 05:35 AM

All you need for the AP to join the WLC is UDP 5246 and UDP 5247.  Anything else is dependent on what you need open. If you plan on telnet or ssh to the AP, then you need that also.  If you want to use syslog, then open that port also.  It would be the same as if you had any network device behind a FW except that you need the two UDP ports.

-Scott

-Scott
*** Please rate helpful posts ***

View solution in original post

3 Replies 3

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎04-17-2015 05:35 AM

All you need for the AP to join the WLC is UDP 5246 and UDP 5247.  Anything else is dependent on what you need open. If you plan on telnet or ssh to the AP, then you need that also.  If you want to use syslog, then open that port also.  It would be the same as if you had any network device behind a FW except that you need the two UDP ports.

-Scott

-Scott
*** Please rate helpful posts ***

Go to solution
LJ Gabrillo
Level 5
Level 5
In response to Scott Fella

‎04-17-2015 06:14 AM

Thanks Scott,

Verifies what I need or rather request clients on what ports to allow on their firewall, since this is VPN connections, ICMP, telnet, SSH wouldn't hurt to be enabled xD
 

A. CAPWAP

    PORTS:

    5246/UDP      -Control Channel

    5247/UDP      -Data Channel

 

B. ICMP(Ping)                        -OPTIONAL/Reachability verification

 

C. AP Remote Access          -OPTIONAL

    PORTS:

    22/TCP               -SSH

    23/TCP               -Telnet

Go to solution
stuart.pannell
Level 1
Level 1

‎11-16-2023 08:35 AM

sorry to drag this up again but are the port bi-directional i.e. does the AP talk to the WLC on port  UDP 5246 and the WLC talk to the AP on port  UDP 5246? I am having issues with congestion and trying to write a QOS policy for control traffic both ways. 
Thanks for any help 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card