How do I restrict ports to certain range for the case of AP firmware upgrade using passive FTP method?

Summary

This article contains the command to use if you would like to restrict list of ports for FTP download of AP firmware from the controller.

Question

How to restrict FTP passive method based upgrade method to use limited number of ports?

Customer Environment

SmartZone controller behind a firewall with respect to the APs location.

Resolution

APs use passive FTP mode for their firmware upgrade. During the upgrade process, AP will get a list of ports to use from the controller. This number can vary anywhere from 1024 to 65535 (in case of SmartZone controllers, ports from 16384 to 65000 are considered to be ephemeral ports so they will be used for passive FTP).
Some firewalls read this input from controller and open the corresponding ports automatically.

If you don't want this or you want to restrict this port range to certain range, use the following command sequence:

TestSCG> en
Password: **********

TestSCG# conf

TestSCG(config)# lwapp2scg

TestSCG(config-lwapp2scg)# pasv-port 20000 20001

You can type same port number for both minimum port and the maximum port.
Once this done, controller will push this port list to AP each time there is an upgrade. You simply need to keep the corresponding TCP ports opened on your firewall.

Article Number:
000004804

Updated:
January 27, 2019 09:11 AM (almost 6 years ago)

Tags:
Configuration, Firmware, SmartCell Gateway, virtual SmartCell Gateway

Votes:
0

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close