Guest

Cisco 5500 Series Wireless Controllers

Cisco Unified Wireless Network Protocol and Port Matrix

Cisco - Cisco Unified Wireless Network Protocol and Port Matrix

Document ID: 113344

Updated: Dec 09, 2011

   Print

Introduction

This document provides information about protocols and port numbers used across the entire product series as they interact in a comprehensive Cisco Unified Wireless Network (CUWN) deployment. This information is based on software version 7.0.220.0 series code release train. This information is not meant to replace or supersede specific product documentation found in existing configuration guides, but only as a consolidated listing of information available at the time this document was created.

Prerequisites

Requirements

Cisco recommends that you have knowledge of Cisco Unified Wireless Solution.

Components Used

This document applies to the entire product series as they interact in a comprehensive CUWN deployment.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Information

The main purpose of this document is to provide a consolidated listing of communication protocols that incorporate a CUWN solution. Goals are to implement appropriate firewall and security policies based on this information to properly secure the CUWN infrastructure.

Network Overview

cuwn-ppm-01.gif

Tables in this document:

Table 1 – WCS and NCS Protocols and Ports:

WCS Protocols
Source Device Destination Device Protocol Destination Port Description
WCS WLC and MSE TCP 21 FTP - Used to transfer files to/from devices
Various Management Stations WCS Host Server OS-Linux TCP 22 SSH - Used for remote Linux Host Access
WCS aIOS AP TCP 23 Telnet - Used for aIOS AP Configuration
WCS SMTP mail servers TCP 25 SMTP – used for fault notifications
AAA Servers WCS TCP/UDP 49 TACACS+
WCS aIOS AP UDP 53 DNS – used for aIOS AP Configuration
WLC WCS UDP 69 TFTP - Used to transfer files to/from devices
Various Management Stations WCS TCP 80 HTTP (Configurable at install time)
NTP Server WLC UDP 123 NTP
WLC and MSE WCS UDP 161 SNMP discovery, inventory aIOS AP and others
WLC and MSE WCS UDP 162 SNMP Trap Receiver
Various Management Stations WCS TCP 443 HTTPS (Configurable at install time)
MSE WCS TCP 443 SOAP/XML (Simple Object Access Protocol Used for MSE Management
WLC WCS UDP 514 Syslog (Optional)
Local only WCS TCP 1299 RMI Registry port (local only)
Various and HA Server WCS TCP 1315 Database Server HA(QOS)
WCS HA Server WCS TCP 1316-1320 HA DB Ports
AAA Servers WCS UDP 1812 / 1645 Radius
AAA Servers WCS UDP 1813 / 1646 Radius
Various Management Stations WCS Host Server OS-Windows TCP / UDP 3389 RDP - Windows Remote Desktop (Optional)
Various WCS TCP 5001 Apache Axis SOAP Monitoring: Java Listener
Various Management Stations WCS Host Server OS-Windows TCP 5500 VNC - (Optional) Used for remote Windows Host Access
Various Management Stations WCS Host Server OS-Windows TCP 5800 VNC - (Optional) Used for remote Windows Host Access
Various Management Stations WCS Host Server OS-Windows TCP / UDP 5900 VNC - (Optional) Used for remote Windows Host Access
Local only WCS TCP 6789 RmiServer Port (local only)
MSE-Location Appliance WCS TCP 8001 Location Server Data Sync. Communication Port
Local only WCS TCP 8005 Tomcat Shutdown Port
Local only WCS TCP 8009 Web Server / Java Server Connector (local only)
HA Web Server WCS TCP 8082 HA Web Server Port: Health Monitor for WCS HA
Various Management Stations WCS TCP 8456 HTTP Connector
Various Management Stations WCS TCP 8457 HTTP Redirect
Various Management Stations WCS TCP 16113 LOCP TLS Port
WLC WCS UDP 29001-29005 TFTP Child threads
Various AP ICMP   ICMP - Optional

Table 2 – MSE – AwIPS Protocols:

MSE - AwIPS Protocols
Source Device Destination Device Protocol Destination Port Description
WCS MSE TCP 21 FTP - Used to transfer files to/from devices
Various Management Stations MSE Host Server OS-Linux TCP 22 SSH - Used for remote Linux Host Access
WCS MSE TCP 80 HTTP (Configurable at install time)
NTP Server WLC UDP 123 NTP
WCS MSE UDP 161 SNMP
MSE WCS UDP 162 SNMP Trap Receiver
WCS MSE TCP 443 HTTPS (Configurable at install time)
WCS MSE TCP 443 SOAP/XML (Simple Object Access Protocol
WCS MSE TCP 8001 HTTPS (Configurable at install time)
WLC MSE and Spectrum Expert TCP 16113 NMSP (Network Mobility Services Protocol)
Various AP ICMP   ICMP - Optional

Table 3 – MSE – Context Protocols:

MSE – Context-Aware and AwIPS Protocols
Source Device Destination Device Protocol Destination Port Description
WCS MSE TCP 21 FTP - Used to transfer files to/from devices
Various Management Stations MSE Host Server OS-Linux TCP 22 SSH - Used for remote Linux Host Access
WCS MSE TCP 80 HTTP (Configurable at install time)
NTP Server WLC UDP 123 NTP
WCS MSE UDP 161 SNMP
MSE WCS UDP 162 SNMP Trap Receiver
WCS MSE TCP 443 HTTPS (Configurable at install time)
WCS MSE TCP 443 SOAP/XML (Simple Object Access Protocol
WCS MSE TCP 8001 HTTPS (Configurable at install time)
WLC and Catalyst LAN Switches MSE and Spectrum Expert TCP 16113 NMSP (Network Mobility Services Protocol)
Various AP ICMP   ICMP - Optional

Table 4 – WLC Protocols:

WLC Protocols
Source Device Destination Device Protocol Destination Port Description
WCS WLC TCP 21 FTP - Used to transfer files to/from devices
WCS and Various Management Stations WLC TCP 22 SSH - Used for remote Management (optional)
WCS and Various Management Stations WLC TCP 23 Telnet - Used for remote Management (optional)
AAA Servers WLC TCP/UDP 49 TACACS+
WCS and Various Management Stations WLC UDP 69 TFTP - Used to transfer files to/from devices
Various Management Stations WLC TCP 80 HTTP (Configurable at install time)
WLC WLC TCP 91  
WLC Mobility Group members WLC EoIP IP Protocol 97 EoIP IP Protocol 97 EoIP Tunnel - Client Anchor/Tunneling traffic
NTP Server WLC UDP 123 NTP
WCS WLC UDP 161 SNMP
WCS WLC UDP 162 SNMP Trap Receiver
Various Management Stations WLC TCP 443 HTTPS (Configurable at install time)
WLC and Various Syslog Servers WLC UDP 514 Syslog (Optional)
AAA Servers WLC UDP 1812 / 1645 Radius
AAA Servers WLC UDP 1813 / 1646 Radius
AP WLC UDP 6352 RDLP
Various Management Stations (MSE, Spectrum Expert) WLC TCP 16113 LOCP TLS Port NMSP (Network Mobility Services Protocol)
WLC WLC UDP 16666 Mobility - non-secured
WLC WLC UDP 16667 Mobility – secured ** In release. 5.2+ feature was removed
AP WLC UDP 5246-5247 CAPWAP Ctl/Data
AP WLC UDP 5248 CAPWAP Mcast.
AP WLC UDP 12222-12223 LWAPP Ctl/Data
AP WLC UDP 12224 LWAPP Mcast.
Various AP ICMP   ICMP – Optional

Table 5 – AP Protocols:

AP CAPWAP-LWAPP Protocols
Source Device Destination Device Protocol Destination Port Description
Various AP UDP 69 TFTP - used for remote code update
Various AP TCP 22 SSH - used for optional remote troubleshooting access. Can be administratively disabled.
Various AP TCP 23 Telnet - used for optional remote troubleshooting access. Can be administratively disabled.
AP DNS Server TCP/UDP 53 DNS
AP DHCP Server UDP 68 DHCP
AP Various UDP 514 Syslog - Destination configurable. Default is 255.255.255.255
WLC AP UDP 11024 - 65535 CAPWAP Ctl/Data
WLC AP UDP 5248 CAPWAP Mcast.
AP WLC UDP 6352 RDLP
WLC AP UDP 12222-12223 LWAPP Ctl/Data
WLC AP UDP 12224 LWAPP Mcast.
AP Monitor PC TCP 37540 for 2.4 GHz 37550 for 5GHz Network Spectrum Interface (NSI) Protocol for SE-Connect
Various AP ICMP   ICMP – Optional

1 - Arbitrary port number is assigned to every AP from range 1024 - 65535 when the AP joins the WLC. The WLC uses the number as the Destination Port for CAPWAP Ctl/Data as long as the AP is connected.

Table 6 – OEAP600 Firewall Protocols:

AP CAPWAP-LWAPP Protocols
Source Device Destination Device Protocol Destination Port Description
WLC AP UDP 5246-5247 CAPWAP Ctl/Data

cuwn-ppm-02.gif

Related Information

Updated: Dec 09, 2011
Document ID: 113344