cisco unified communications manager tcp and udp port usage ·...

Cisco Unified Communications Manager TCP andUDP Port Usage

This chapter provides a list of the TCP and UDP ports that Cisco Unified Communications Manager uses forintracluster connections and for communication with external applications or devices. You will also findimportant information for the configuration of firewalls, Access Control Lists (ACLs), and quality of service(QoS) on a network when an IP Communications solution is implemented.

• Cisco Unified Communications Manager TCP and UDP Port Usage Overview, on page 1• Port Descriptions, on page 3• Port References, on page 17

Cisco Unified Communications Manager TCP and UDP PortUsage Overview

Cisco Unified Communications Manager TCP and UDP ports are organized into the following categories:

• Intracluster Ports Between Cisco Unified Communications Manager Servers

• Common Service Ports

• Ports Between Cisco Unified Communications Manager and LDAP Directory

• Web Requests From CCMAdmin or CCMUser to Cisco Unified Communications Manager

• Web Requests From Cisco Unified Communications Manager to Phone

• Signaling, Media, and Other Communication Between Phones and Cisco Unified CommunicationsManager

• Signaling, Media, and Other Communication Between Gateways and Cisco Unified CommunicationsManager

• Communication Between Applications and Cisco Unified Communications Manager

• Communication Between CTL Client and Firewalls

• Special Ports on HP Servers

See “Port Descriptions” for port details in each of the above categories.

Cisco Unified Communications Manager TCP and UDP Port Usage1

Cisco has not verified all possible configuration scenarios for these ports. If you are having configurationproblems using this list, contact Cisco technical support for assistance.

Note

Port references apply specifically to Cisco Unified Communications Manager. Some ports change from onerelease to another, and future releases may introduce new ports. Therefore, make sure that you are using thecorrect version of this document for the version of Cisco Unified Communications Manager that is installed.

While virtually all protocols are bidirectional, directionality from the session originator perspective is presumed.In some cases, the administrator can manually change the default port numbers, though Cisco does notrecommend this as a best practice. Be aware that Cisco Unified CommunicationsManager opens several portsstrictly for internal use.

Installing Cisco Unified Communications Manager software automatically installs the following networkservices for serviceability and activates them by default. Refer to “Intracluster Ports Between Cisco UnifiedCommunications Manager Servers” for details:

• Cisco Log Partition Monitoring (To monitor and purge the common partition. This uses no customcommon port.)

• Cisco Trace Collection Service (TCTS port usage)

• Cisco RIS Data Collector (RIS server port usage)

• Cisco AMC Service (AMC port usage)

Configuration of firewalls, ACLs, or QoS will vary depending on topology, placement of telephony devicesand services relative to the placement of network security devices, and which applications and telephonyextensions are in use. Also, bear in mind that ACLs vary in format with different devices and versions.

You can also configure Multicast Music on Hold (MOH) ports in Cisco Unified Communications Manager.Port values for multicast MOH are not provided because the administrator specifies the actual port values.

Note

The ephemeral port range for the system is 32768 to 61000. For more information, see http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html.

Note

Make sure that you configure your firewall so that connections to port 22 are open, and are not throttled.During the installation of IM and Presence subscriber nodes, multiple connections to the Cisco UnifiedCommunicationsManager publisher node are opened in quick succession. Throttling these connections couldlead to a failed installation.

Note


Cisco Unified Communications Manager TCP and UDP Port UsageCisco Unified Communications Manager TCP and UDP Port Usage Overview

http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html


Port Descriptions

Intracluster Ports Between Cisco Unified Communications Manager ServersTable 1: Intracluster Ports Between Cisco Unified Communications Manager Servers

PurposeDestination PortTo (Listener)From (Sender)

System logging service514 / UDPUnified CommunicationsManager

Endpoint

Cisco AMC Service forRTMT performancemonitors, data collection,logging, and alerting

1090, 1099 / TCPRTMTUnified CommunicationsManager

Database connection(1501 / TCP is thesecondary connection)

1500, 1501 / TCPUnified CommunicationsManager (DB)

Unified CommunicationsManager (DB)

CAR IDS DB. CAR IDSengine listens on waitingfor connection requestsfrom the clients.

1510 / TCPUnified CommunicationsManager (DB)


CAR IDS DB. Analternate port used tobring up a second instanceof CAR IDS duringupgrade.



Database replicationbetween nodes duringinstallation



Allows subscribers toreceive Cisco UnifiedCommunicationsManagerdatabase changenotification


Cisco Extended Functions(QRT)

Intraclustercommunication betweenCisco Extended Servicesfor Active/Backupdetermination

2551 / TCPUnified CommunicationsManager

Unified CommunicationsManager

Real-time InformationServices (RIS) databaseserver

2555 / TCPUnified CommunicationsManager (RIS)

Unified CommunicationsManager (RIS)


Cisco Unified Communications Manager TCP and UDP Port UsagePort Descriptions


Real-time InformationServices (RIS) databaseclient for Cisco RIS

2556 / TCPUnified CommunicationsManager (RIS)

Unified CommunicationsManager(RTMT/AMC/SOAP)

DRS Primary Agent4040 / TCPUnified CommunicationsManager (DRS)

Unified CommunicationsManager (DRS)

This port is used by SOAPmonitor for Real TimeMonitoring Service.

5001/TCPUnified CommunicationsManager (SOAP)

Unified CommunicationsManager (Tomcat)

This port is used by SOAPmonitor for PerformanceMonitor Service.



This port is used by SOAPmonitor for ControlCenter Service.



This port is used by SOAPmonitor for LogCollection Service.



This port is used by SOAPCDROnDemand2 services


Standard CCM AdminUsers / Admin

SOAP monitor5007 / TCPUnified CommunicationsManager (SOAP)


Cisco Trace CollectionTool Service (TCTS) --the back end service forRTMT Trace and LogCentral (TLC)

Ephemeral / TCPUnified CommunicationsManager (TCTS)

Unified CommunicationsManager (RTMT)

This port is used forcommunication betweenCisco Trace CollectionTool Service and CiscoTrace Collection servlet.

7000, 7001, 7002 / TCPUnified CommunicationsManager (TCTS)


Client database changenotification

8001 / TCPUnified CommunicationsManager (CDLM)


Intraclustercommunication service

8002 / TCPUnified CommunicationsManager (SDL)

Unified CommunicationsManager (SDL)

Intraclustercommunication service (toCTI)

8003 / TCPUnified CommunicationsManager (SDL)

Unified CommunicationsManager (SDL)


Cisco Unified Communications Manager TCP and UDP Port UsageIntracluster Ports Between Cisco Unified Communications Manager Servers


Intraclustercommunication betweenCisco UnifiedCommunicationsManagerand CMI Manager

8004 / TCPCMI ManagerUnified CommunicationsManager

Internal listening portused by Tomcat shutdownscripts

8005 / TCPUnified CommunicationsManager (Tomcat)


Communication betweenservers used for diagnostictests

8080 / TCPUnified CommunicationsManager (Tomcat)


HTTP Port forcommunication betweenCuCM and GW (Cayugainterfae) for GatewayRecording feature.

8090Unified CommunicationsManager

Gateway

GatewayUnified CommunicationsManager

Intracluster replication ofsystem data by IPSecCluster Manager

8500 / TCP and UDPUnified CommunicationsManager (IPSec)

Unified CommunicationsManager (IPSec)

RIS Service Managerstatus request and reply

8888 - 8889 / TCPUnified CommunicationsManager (RIS)

Unified CommunicationsManager (RIS)

Intraclustercommunication betweenLBMs

9004 / TCPLocation BandwidthManager (LBM)

Location BandwidthManager (LBM)

Cisco SFTP service. Youmust open this port wheninstalling a newsubscriber.

22 / TCPUnified CommunicationsManager Subscriber

Unified CommunicationsManager Publisher

Allows access to ControlCenter - Feature andNetwork service betweennodes.




Cisco Unified Communications Manager TCP and UDP Port UsageIntracluster Ports Between Cisco Unified Communications Manager Servers

Common Service PortsTable 2: Common Service Ports


Internet Control MessageProtocol (ICMP) Thisprotocol number carriesecho-related traffic. Itdoes not constitute a portas indicated in the columnheading.


Endpoint

EndpointUnified CommunicationsManager

Send the backup data toSFTP server. (DRS LocalAgent)

Send the CDR data toSFTP server.

22 / TCPSFTP serverUnified CommunicationsManager (DRS, CDR)

Cisco UnifiedCommunicationsManageracting as a DHCP server

Cisco does notrecommendrunning DHCPserver on CiscoUnifiedCommunicationsManager.

Note

67 / UDPUnified CommunicationsManager (DHCP Server)

Endpoint

Cisco UnifiedCommunicationsManageracting as a DHCP client

Cisco does notrecommendrunning DHCPclient on CiscoUnifiedCommunicationsManager.Configure CiscoUnifiedCommunicationsManager withstatic IPaddressesinstead.)

Note

68 / UDPDHCP ServerUnified CommunicationsManager


Cisco Unified Communications Manager TCP and UDP Port UsageCommon Service Ports


Trivial File TransferProtocol (TFTP) serviceto phones and gateways

69, 6969, then Ephemeral/ UDP


Endpoint or Gateway

Trivial File TransferProtocol (TFTP) betweenprimary and proxyservers.

HTTP service from theTFTP server to phonesand gateways.


Endpoint or Gateway

Network Time Protocol(NTP)

123 / UDPNTP ServerUnified CommunicationsManager

SNMP service response(requests frommanagement applications)

161 / UDPUnified CommunicationsManager

SNMP Server

SNMP traps162 / UDPSNMP trap destinationCUCM Server SNMPPrimaryAgent application

Native SNMP agentlistening port for SMUXsupport


SNMP Server

DHCPv6. DHCP port forIPv6.

546 / UDPDHCP ServerUnified CommunicationsManager

Enhanced Location CACServiceability


Unified CommunicationsManager Serviceability

Call Admission requestsand bandwidth deductions



Used for communicationbetween Primary Agentand Native Agent toprocess Native agentMIBrequests



Used for communicationbetween Primary Agentand Native Agent toforward notificationsgenerated from NativeAgent



Centralized TFTP FileLocator Service

6970 / TCPAlternate TFTPCentralized TFTP




Used for communicationbetween SNMP PrimaryAgent and subagents



Cisco Discovery Protocol(CDP) agentcommunicates with CDPexecutable


SNMP Server

Used for Cisco User DataServices (UDS) requests

443, 8443 / TCPUnified CommunicationsManager

Endpoint

Service CRS requeststhrough the TAPSresiding on Cisco UnifiedCommunicationsManager



Cisco UnifiedCommunicationsManagerapplications send outalarms to this port throughUDP. Cisco UnifiedCommunicationsManagerMIB agent listens on thisport and generates SNMPtraps per Cisco UnifiedCommunicationsManagerMIB definition.



Provide trunk-based SIPservices



Used by InterclusterLookup Service (ILS) forcertificate basedauthentication.



Used by ILS for passwordbased authentication.



ASR and ISR G3platforms default portrange.

8000-48200----

ISR G2 platform defaultport range.

16384-32766



Ports Between Cisco Unified Communications Manager and LDAP DirectoryTable 3: Ports Between Cisco Unified Communications Manager and LDAP Directory


Lightweight DirectoryAccess Protocol (LDAP)query to external directory(Active Directory,Netscape Directory)

389, 636, 3268, 3269 /TCP

External DirectoryUnified CommunicationsManager

EphemeralUnified CommunicationsManager

External Directory

Web Requests From CCMAdmin or CCMUser to Cisco Unified CommunicationsManager

Table 4: Web Requests From CCMAdmin or CCMUser to Cisco Unified Communications Manager


Hypertext TransportProtocol (HTTP)


Browser

Hypertext TransportProtocol over SSL(HTTPS)


Browser

Web Requests From Cisco Unified Communications Manager to PhoneTable 5: Web Requests From Cisco Unified Communications Manager to Phone


Hypertext TransportProtocol (HTTP)

80 / TCPPhoneUnified CommunicationsManager

• QRT

• RTMT

• Find and List Phonespage

• Phone Configurationpage


Cisco Unified Communications Manager TCP and UDP Port UsagePorts Between Cisco Unified Communications Manager and LDAP Directory

Signaling, Media, and Other Communication Between Phones and CiscoUnified Communications Manager

Table 6: Signaling, Media, and Other Communication Between Phones and Cisco Unified Communications Manager


Session Initiation Protocol(SIP) phones resolve theFully Qualified DomainName (FQDN) using aDomain Name System(DNS)

By default,some wirelessaccess pointsblock TCP 53port, whichpreventswireless SIPphones fromregisteringwhen CUCMis configuredusing FQDN.

Note

53/ TCPUnified CommunicationsManager

Phone

Trivial File TransferProtocol (TFTP) used todownload firmware andconfiguration files

69, then Ephemeral / UDPUnified CommunicationsManager (TFTP)

Phone

Skinny Client ControlProtocol (SCCP)


Phone

Secure Skinny ClientControl Protocol (SCCPS)


Phone

Provide trust verificationservice to endpoints.


Phone

Certificate AuthorityProxy Function (CAPF)listening port for issuingLocally SignificantCertificates (LSCs) to IPphones

3804 / TCPUnified CommunicationsManager (CAPF)

Phone


Cisco Unified Communications Manager TCP and UDP Port UsageSignaling, Media, and Other Communication Between Phones and Cisco Unified Communications Manager


Session Initiation Protocol(SIP) phone

5060 / TCP and UDPUnified CommunicationsManager

Phone

PhoneUnified CommunicationsManager

Secure Session InitiationProtocol (SIPS) phone

5061 TCPUnified CommunicationsManager

Phone

PhoneUnified CommunicationsManager

HTTP-based download offirmware andconfiguration files

6970 TCPUnified CommunicationsManager (TFTP)

Phone

HTTPS interface to TFTP.Phones use this port todownload a secureconfiguration file fromTFTP.

6971, 6972 / TCPUnified CommunicationsManager (TFTP)

Phone

Phone URLs for XMLapplications,authentication, directories,services, etc. You canconfigure these ports on aper-service basis.


Phone

Phone use this port forauthenticated contactsearch.


Phone


Phone

Real-Time Protocol(RTP), Secure Real-TimeProtocol (SRTP)

Cisco UnifiedCommunicationsManager onlyuses24576-32767although otherdevices use thefull range.

Note

16384 - 32767 / UDPPhoneIP VMS

IP VMSPhone


Cisco Unified Communications Manager TCP and UDP Port UsageSignaling, Media, and Other Communication Between Phones and Cisco Unified Communications Manager

Signaling, Media, and Other Communication Between Gateways and CiscoUnified Communications Manager

Table 7: Signaling, Media, and Other Communication Between Gateways and Cisco Unified Communications Manager


Generic RoutingEncapsulation (GRE),Encapsulating SecurityPayload (ESP),Authentication Header(AH). These protocolsnumbers carry encryptedIPSec traffic. They do notconstitute a port asindicated in the columnheading.

47, 50, 51Unified CommunicationsManager

Gateway


Internet Key Exchange(IKE) for IP Securityprotocol (IPSec)establishment


Gateway


Trivial File TransferProtocol (TFTP)

69, then Ephemeral / UDPUnified CommunicationsManager (TFTP)

Gateway

Port mapping service.Only used in the CIMEoff-path deploymentmodel.

1024-65535 / TCPCIME ASAUnified CommunicationsManager with CiscoIntercompany MediaEngine (CIME) trunk

Gatekeeper (H.225) RAS1719 / UDPUnified CommunicationsManager

Gatekeeper

H.225 signaling servicesfor H.323 gateways andIntercluster Trunk (ICT)


Gateway


H.225 signaling serviceson gatekeeper-controlledtrunk

Ephemeral / TCPUnified CommunicationsManager

Gateway



Cisco Unified Communications Manager TCP and UDP Port UsageSignaling, Media, and Other Communication Between Gateways and Cisco Unified Communications Manager


H.245 signaling servicesfor establishing voice,video, and data

TheH.245 portused by theremote systemdepends on thetype ofgateway.

For IOSgateways, theH.245 portrange is from11000 to65535.

Note

Ephemeral / TCPUnified CommunicationsManager

Gateway


Skinny Client ControlProtocol (SCCP)


Gateway

Upgrade port for 6608gateways with CiscoUnified CommunicationsManager deployments


Gateway

Upgrade port for 6624gateways with CiscoUnified CommunicationsManager deployments


Gateway

Media Gateway ControlProtocol (MGCP)gateway control


Gateway

Media Gateway ControlProtocol (MGCP)backhaul


Gateway

These ports are used asphantom Real-TimeTransport Protocol (RTP)and Real-Time TransportControl Protocol (RTCP)ports for audio, video anddata channel when CiscoUnified CommunicationsManager does not haveports for these media.

4000 - 4005 / TCP----


Cisco Unified Communications Manager TCP and UDP Port UsageSignaling, Media, and Other Communication Between Gateways and Cisco Unified Communications Manager


Session Initiation Protocol(SIP) gateway andIntercluster Trunk (ICT)

5060 / TCP and UDPUnified CommunicationsManager

Gateway


Secure Session InitiationProtocol (SIPS) gatewayand Intercluster Trunk(ICT)


Gateway


Real-Time Protocol(RTP), Secure Real-TimeProtocol (SRTP)

Cisco UnifiedCommunicationsManager onlyuses24576-32767although otherdevices use thefull range.

Note

16384 - 32767 / UDPUnified CommunicationsManager

Gateway


Communication Between Applications and Cisco Unified CommunicationsManager

Table 8: Communication Between Applications and Cisco Unified Communications Manager


Certificate Trust List(CTL) provider listeningservice in Cisco UnifiedCommunicationsManager

2444 / TCPUnified CommunicationsManager CTL Provider

CTL Client

CTI application server2748 / TCPUnified CommunicationsManager

Cisco UnifiedCommunications App

TLS connection betweenCTI applications(JTAPI/TSP) andCTIManager



JTAPI application server2789 / TCPUnified CommunicationsManager



Cisco Unified Communications Manager TCP and UDP Port UsageCommunication Between Applications and Cisco Unified Communications Manager


Cisco UnifiedCommunicationsManagerAssistant server (formerlyIPMA)


Unified CommunicationsManager AssistantConsole

Cisco UnifiedCommunicationsManagerAttendant Console (AC)JAVA RMI Registryserver

1103 -1129 / TCPUnified CommunicationsManager

Unified CommunicationsManager AttendantConsole

RMI server sends RMIcallback messages toclients on these ports.



Attendant Console (AC)RMI server bind port --RMI server sends RMImessages on these ports.



Cisco UnifiedCommunicationsManagerAttendant Console (AC)server line state portreceives ping andregistrationmessage from,and sends line states to,the attendant consoleserver.



Cisco UnifiedCommunicationsManagerAttendant Console (AC)clients register with theAC server for line anddevice state information.



Cisco UnifiedCommunicationsManagerAttendant Console (AC)clients register to the ACserver for call control.


Unified CommunicationsManagerAttendantConsole

Multi-Service IOS Routerrunning EIGRP/SAFProtocol.

5050 / TCPIOS Router running SAFimage

Unified CommunicationsManager with SAF/CCD


Cisco Unified Communications Manager TCP and UDP Port UsageCommunication Between Applications and Cisco Unified Communications Manager


VAP protocol used tocommunicate to the CiscoIntercompany MediaEngine server.

5620 / TCP

Cisco recommends avalue of 5620 for thisport, but you can changethe value by executing theadd ime vapserver or setime vapserver port CLIcommand on the CiscoIME server.

Cisco IntercompanyMedia Engine (IME)Server


AXL / SOAP API forprogrammatic reads fromor writes to the CiscoUnified CommunicationsManager database thatthird parties such asbilling or telephonymanagement applicationsuse.



Communication Between CTL Client and FirewallsTable 9: Communication Between CTL Client and Firewalls


Certificate Trust List(CTL) provider listeningservice in anASA firewall

2444 / TCPTLS Proxy ServerCTL Client

Special Ports on HP ServersTable 10: Special Ports on HP Servers


HTTP port to HP agent2301 / TCPHP SIMEndpoint

HTTPS port to HP agent2381 / TCPHP SIMEndpoint

COMPAQ ManagementAgent extension (cmaX)

25375, 25376, 25393 /UDP

Compaq ManagementAgent

Endpoint

HTTPS port to HP SIM50000 - 50004 / TCPHP SIMEndpoint


Cisco Unified Communications Manager TCP and UDP Port UsageCommunication Between CTL Client and Firewalls

Port References

Firewall Application Inspection GuidesASA Series reference information


PIX Application Inspection Configuration Guides

http://www.cisco.com/c/en/us/support/security/pix-firewall-software/products-installation-and-configuration-guides-list.html

FWSM 3.1 Application Inspection Configuration Guide

http://www-author.cisco.com/c/en/us/td/docs/security/fwsm/fwsm31/configuration/guide/fwsm_cfg/inspct_f.html

IETF TCP/UDP Port Assignment ListInternet Assigned Numbers Authority (IANA) IETF assigned Port List

http://www.iana.org/assignments/port-numbers

IP Telephony Configuration and Port Utilization GuidesCisco CRS 4.0 (IP IVR and IPCC Express) Port Utilization Guide

http://www.cisco.com/en/US/products/sw/custcosw/ps1846/products_installation_and_configuration_guides_list.html

Port Utilization Guide for Cisco ICM/IPCC Enterprise and Hosted Editions


Cisco Unified Communications Manager Express Security Guide to Best Practices

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e30.html

Cisco Unity Express Security Guide to Best Practices

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e31.html#wp41149

VMware Port Assignment ListTCP and UDP Ports for vCenter Server, ESX hosts, and Other Network Components Management Access


Cisco Unified Communications Manager TCP and UDP Port UsagePort References







http://www.iana.org/assignments/port-numbers



http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e30.html

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e31.html#wp41149

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1012382


Cisco Unified Communications Manager TCP and UDP Port UsageVMware Port Assignment List

cisco unified communications manager tcp and udp port usage ·...

Documents