Understanding Basic System Defaults
The default administrator user name is The ArubaOS software includes several predefined network services, firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policies, and roles.
, and the password should be set up during the initial setup dialog.Predefined Network Services
The following table lists the predefined network services and their protocols and ports.
Name |
Protocol |
Port(s) |
svc-dhcp |
udp |
67 68 |
svc-snmp-trap |
udp |
162 |
svc-smb-tcp |
tcp |
445 |
svc-https |
tcp |
443 |
svc-ike |
udp |
500 |
svc-l2tp |
udp |
1701 |
svc-syslog |
udp |
514 |
svc-pptp |
tcp |
1723 |
svc-telnet |
tcp |
23 |
svc-sccp |
tcp |
2000 |
svc-tftp |
udp |
69 |
svc-sip-tcp |
tcp |
5060 |
svc-kerberos |
udp |
88 |
svc-pop3 |
tcp |
110 |
svc-adp |
udp |
8200 |
svc-noe |
udp |
32512 |
svc-noe-oxo |
udp |
5000 |
svc-dns |
udp |
53 |
svc-msrpc-tcp |
tcp |
135 139 |
svc-rtsp |
tcp |
554 |
svc-http |
tcp |
80 |
svc-vocera |
udp |
5002 |
svc-nterm |
tcp |
1026 1028 |
svc-sip-udp |
udp |
5060 |
svc-papi |
udp |
8211 |
svc-ftp |
tcp |
21 |
svc-natt |
udp |
4500 |
svc-svp |
119 |
0 |
svc-gre |
gre |
0 |
svc-smtp |
tcp |
25 |
svc-smb-udp |
udp |
445 |
svc-esp |
esp |
0 |
svc-bootp |
udp |
67 69 |
svc-snmp |
udp |
161 |
svc-icmp |
icmp |
0 |
svc-ntp |
udp |
123 |
svc-msrpc-udp |
udp |
135 139 |
svc-ssh |
tcp |
22 |
svc-h323-tcp |
tcp |
1720 |
svc-h323-udp |
udp |
1718 1719 |
svc-http-proxy1 |
tcp |
3128 |
svc-http-proxy2 |
tcp |
8080 |
svc-http-proxy3 |
tcp |
8888 |
svc-sips |
tcp |
5061 |
svc-v6-dhcp |
udp |
546 547 |
svc-v6-icmp |
icmp |
0 |
any |
any |
0 |
Predefined Policies
The following table lists predefined policies.
Validuser and Logon-control ACLs
Default firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. rules for both the validuser and logon-control ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. prevent malicious users by blocking self-assigned IPs.
A client with the correct source address can send traffic to the below networks as a destination IP address. The default firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. rules deny traffic FROM the reserved addresses.
The following networks can be blocked by the default firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. rules in both the validuser and logon-control ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port.:
Network packets where the source address of the network packet is defined as being on a broadcast network (source address == 255.255.255.255)
Network packets where the source address of the network packet is defined as being on a multicast network (source address = 224.0.0.0 – 239.255.255.255)
Network packets where the source address of the network packet is defined as being a loopback address (127.0.0.1 through 127.255.255.254)
Network packets where the source or destination address of the network packet is a link-local address (169.254.0.0/16)
Network packets where the source or destination address of the network packet is defined as being an address “reserved for future use” as specified in RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss. 5735 for IPv4; (240.0.0.0/4)
Network packets where the source or destination address of the network packet is defined as an “unspecified address”(::/128) or an address “reserved for future definition and use”(addresses other than 2000::/3) as specified in RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss. 3513 for IPv6. The IPv6 “an unspecified address”(::/128) is currently being checked in datapath and the packet is dropped. This is the default behavior and you can view the logs by enabling configuration.
Predefined Roles
The following table lists predefined roles.
|
If you upgrade from a previous ArubaOS release, your existing configuration may have additional or different predefined roles. The information in this section only describes the predefined roles for this release. |