Are there any ports that must be opened up on a firewall for the APs to connect to HiveManager?

  • 2
  • Question
  • Updated 4 years ago
  • Answered
In the past with the Cisco variant I have had problems deploying to a sales person's home office.  In there network the AP was sitting behind a home network router. #InfoneticsWebinar
Photo of Patrick Hinson

Patrick Hinson

  • 1 Post
  • 0 Reply Likes

Posted 4 years ago

  • 2
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Every Access Point needs to be able to communicate with its Hivemanager via CAPWAP and SCP (Secure Shell Copy, same port as SSH).

So you should make sure to allow communication from every AP to your Hivemanager on the following ports:

For CAPWAP: UDP 12222
If that fails, TCP 80 and 443 are tried. If you have an explicit Proxy in your network, you can configure each AP with proxy settings for HTTP/HTTPS

For SCP: TCP 22

In our experience these methods always work behind any home or office router

In addition, it is strongly recommended to also enable and allow:
- NTP traffic (UDP 123) to whatever NTP server you prefer to use
- DNS traffic (UDP 53) to whatever DNS server you prefer to use

It should be noted that in an advanced setup you could also establish an Ipsec VPN tunnel from the AP into your headquarter's network (requires an AP or an Aerohive VPN concentrator), by opening UDP 500 and 4500, and then you could even tunnel all of the above traffic through the VPN tunnel.

More about AP - HM communication and what you have to set up if you are running your own Hivemanager as a Cloud Service can be found here: