port 2083, HM NG, Guest SSID (PPSK)

  • 2
  • Question
  • Updated 1 year ago

I have a question, but first of all I'll present our environment.

We have 20APs and HM NG (cloud). We created guest SSID (PPSK). All of that is protected by firewall. Becouse of that we had to unblock some ports (UDP 12222 - CAPWAP, TCP 22 - SCP, UDP 123 - NTP, UDP 53 - DNS and UDP 500 and 4500.

Unfortunately guest SSID authentication didn't work (we could create guestpass etc, but when logging we saw "authentication failure").

So we asked support and they said that we should unblock also UDP 2083 (guest access authentication and accounting). And I said "of course we need it for APs to get PPSKs from HM NG and to update them". So we unblocked, but it didn't help.

What helped was unblocking also UDP 2083 for clients (not only APs).

And here I ask - what is the mechanism behind it that user needs this port to be unblocked? Does he need and communication with HM NG? Does he send any traffic to HM NG?

Please help. I have to find out!

Arek S.
Photo of Arkadiusz


  • 5 Posts
  • 0 Reply Likes

Posted 1 year ago

  • 2
Photo of Jonathan Hurtt

Jonathan Hurtt

  • 98 Posts
  • 48 Reply Likes
Port 2083 is used for RADSEC, more information on the ports can be found hereĀ http://docs.aerohive.com/330000/docs/help/english/ng/Content/reference/services-source-and-destinati...
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes

Only the Access Points chosen as IDM Proxy (=Radius Proxy) APs are communicating with the Aerohive AAA Cloud servers, and only here RADSEC is used. A very good explanation can be found here:

If that wasn't enough for you, it would be interesting to get some packet captures of any device communicating with the Internet on UDP 2083 (e.g. from your Firewall).