Guest

Cisco 5500 Series Wireless Controllers

Cisco Unified Wireless Network Protocol and Port Matrix

Document ID: 113344

Updated: Mar 04, 2015

Contributed by Surendra BG, Cisco TAC Engineer.

   Print

Introduction

This document provides information about protocols and port numbers used across the entire product series as they interact in a comprehensive Cisco Unified Wireless Network (CUWN) deployment. This information is based on Software Version 7.0.220.0 series code release train. This information is not meant to replace or supersede specific product documentation found in existing configuration guides, but only to serve as a consolidated source of information available at the time this document was created.

Background Information

The main purpose of this document is to provide a consolidated source of communication protocols that incorporate a CUWN solution. Goals are to implement appropriate firewall and security policies based on this information to properly secure the CUWN infrastructure.

Terms Used

Here is a list of terms used in this document:

  • WCS - Wireless Control System
  • NCS - Network Control System
  • PI - Cisco Prime Infrastructure
  • WLC - Wireless LAN Controller
  • MSE - Mobility Services Engine
  • OS - Operating System
  • AP - Access Point
  • SSH - Secure Shell
  • SMTP - Simple Mail Transfer Protocol
  • AAA - Authentication, Authorization, and Accounting
  • DNS - Domain Name System
  • ISE - Identity Services Engine
  • NTP - Network Time Protocol
  • SOAP - Simple Object Access Protocol
  • HA - High Availability
  • QoS - Quality of Service
  • DB - Database
  • RDP - Remote Desktop Protocol
  • VNC - Virtual Network Computing
  • TLS - Transport Layer Security
  • LOCP - Cisco Location Control Protocol
  • ICMP - Internet Control Message Protocol
  • SNMP - Simple Network Management Protocol
  • NMSP - Network Mobility Services Protocol
  • AwIPS - Adaptive Wireless Intrusion prevention system
  • EoIP - Ethernet over IP
  • RDLP - Rogue Location Discovery protocol
  • CAPWAP - Control and Provisioning of Wireless Access Points
  • LWAPP - Light Weight Access Point Protocol
  • NSI - Network Spectrum Interface
  • OEAP - OfficeExtend Access Point

Network Overview

cuwn-ppm-01.gif

Protocol and Port Number Information

Here is a list of tables in this document:

Table 1 - WCS/NCS/PI Protocols and Ports

WCS/NCS/PI Protocols
Source DeviceDestination DeviceProtocolDestination PortDescription
WCS/NCS/PIWLC and MSETCP21FTP - Used to transfer files to/from devices
Various Management StationsWCS Host Server OS-LinuxTCP22SSH - Used for remote Linux Host Access
WCS/NCS/PICisco aIOS® APTCP23Telnet - Used for Cisco aIOS AP Configuration
WCS/NCS/PISMTP mail serversTCP25SMTP - used for fault notifications
AAA Servers / ISEWCS/NCS/PITCP/UDP49TACACS+
WCS/NCS/PIaIOS APUDP53DNS - used for Cisco aIOS AP Configuration
WLCWCS/NCS/PIUDP69TFTP - Used to transfer files to/from devices
Various Management StationsWCS/NCS/PITCP80HTTP (Configurable at install time)
NTP ServerWLCUDP123NTP
WLC and MSEWCS/NCS/PIUDP161SNMP discovery, inventory Cisco aIOS AP and others
WLC and MSEWCS/NCS/PIUDP162SNMP Trap Receiver
Various Management StationsWCS/NCS/PITCP443HTTPS (Configurable at install time)
MSEWCS/NCS/PITCP443SOAP/XML (SOAP used for MSE Management
WLCWCS/NCS/PIUDP514Syslog (Optional)
Local onlyWCS/NCS/PITCP1299RMI Registry port (local only)
Various and HA ServerWCS/NCS/PITCP1315Database Server HA (QoS)
WCS HA ServerWCS/NCS/PITCP1316-1320HA DB Ports
AAA Servers / ISEWCS/NCS/PIUDP1812 / 1645RADIUS
AAA Servers / ISEWCS/NCS/PIUDP1813 / 1646RADIUS
Various Management StationsWCS Host Server OS-Microsoft WindowsTCP / UDP3389RDP - Microsoft Windows Remote Desktop (Optional)
VariousWCS/NCS/PITCP5001Apache Axis SOAP Monitoring: Java Listener
Various Management StationsWCS Host Server OS-Microsoft WindowsTCP5500VNC - (Optional) Used for remote Microsoft Windows Host Access
Various Management StationsWCS Host Server OS-Microsoft WindowsTCP5800VNC - (Optional) Used for remote Microsoft Windows Host Access
Various Management StationsWCS Host Server OS-Microsoft WindowsTCP / UDP5900VNC - (Optional) Used for remote Microsoft Windows Host Access
Local onlyWCS/NCS/PITCP6789RMI Server Port (local only)
MSE-Location ApplianceWCS/NCS/PITCP8001Location Server Data Sync. Communication Port
Local onlyWCS/NCS/PITCP8005Tomcat Shutdown Port
Local onlyWCS/NCS/PITCP8009Web Server / Java Server Connector (local only)
HA Web ServerWCS/NCS/PITCP8082HA Web Server Port: Health Monitor for WCS HA
Various Management StationsWCS/NCS/PITCP8456HTTP Connector
Various Management StationsWCS/NCS/PITCP8457HTTP Redirect
Various Management StationsWCS/NCS/PITCP16113LOCP TLS Port
WLCWCS/NCS/PIUDP29001-29005TFTP Child threads
VariousAPICMP ICMP - Optional

Table 2 - MSE - AwIPS Protocols

MSE - AwIPS Protocols
Source DeviceDestination DeviceProtocolDestination PortDescription
WCS/NCS/PIMSETCP21FTP - Used to transfer files to/from devices
Various Management StationsMSE Host Server OS-LinuxTCP22SSH - Used for remote Linux Host Access
WCS/NCS/PIMSETCP80HTTP (Configurable at install time)
NTP ServerWLCUDP123NTP
WCS/NCS/PIMSEUDP161SNMP
MSEWCS/NCS/PIUDP162SNMP Trap Receiver
WCS/NCS/PIMSETCP443HTTPS (Configurable at install time)
WCS/NCS/PIMSETCP443SOAP/XML
WCS/NCS/PIMSETCP8001HTTPS (Configurable at install time)
WLCMSE and Spectrum ExpertTCP16113NMSP
VariousAPICMP ICMP - Optional

Table 3 - MSE - Context Protocols

MSE - Context-Aware and AwIPS Protocols
Source DeviceDestination DeviceProtocolDestination PortDescription
WCS/NCS/PIMSETCP21FTP - Used to transfer files to/from devices
Various Management StationsMSE Host Server OS-LinuxTCP22SSH - Used for remote Linux Host Access
WCS/NCS/PIMSETCP80HTTP (Configurable at install time)
NTP ServerWLCUDP123NTP
WCS/NCS/PIMSEUDP161SNMP
MSEWCS/NCS/PIUDP162SNMP Trap Receiver
WCS/NCS/PIMSETCP443HTTPS (Configurable at install time)
WCS/NCS/PIMSETCP443SOAP/XML
WCS/NCS/PIMSETCP8001HTTPS (Configurable at install time)
WLC and Catalyst LAN SwitchesMSE and Spectrum ExpertTCP16113NMSP
VariousAPICMP ICMP - Optional

Table 4 - WLC Protocols

WLC Protocols
Source DeviceDestination DeviceProtocolDestination PortDescription
WCS/NCS/PIWLCTCP21FTP - Used to transfer files to/from devices
WCS and Various Management StationsWLCTCP22SSH - Used for remote Management (optional)
WCS and Various Management StationsWLCTCP23Telnet - Used for remote Management (optional)
AAA Servers / ISEWLCTCP/UDP49TACACS+
WCS and Various Management StationsWLCUDP69TFTP - Used to transfer files to/from devices
Various Management StationsWLCTCP80HTTP (Configurable at install time)
WLCWLCTCP91 
WLC Mobility Group membersWLCEoIP IP Protocol 97EoIP IP Protocol 97EoIP Tunnel - Client Anchor/Tunneling traffic
NTP ServerWLCUDP123NTP
WCS/NCS/PIWLCUDP161SNMP
WCS/NCS/PIWLCUDP162SNMP Trap Receiver
Various Management StationsWLCTCP443HTTPS (Configurable at install time)
WLC and Various Syslog ServersWLCUDP514Syslog (Optional)
AAA Servers / ISEWLCUDP1812 / 1645RADIUS
AAA Servers / ISEWLCUDP1813 / 1646RADIUS
APWLCUDP6352RDLP
Various Management Stations (MSE, Spectrum Expert)WLCTCP16113LOCP TLS Port NMSP
WLCWLCUDP16666Mobility - non-secured
WLCWLCUDP16667Mobility - secured ** In release. 5.2+ feature was removed
APWLCUDP5246-5247CAPWAP Ctl/Data
APWLCUDP5248CAPWAP Mcast.
APWLCUDP12222-12223LWAPP Ctl/Data
APWLCUDP12224LWAPP Mcast.
VariousAPICMP ICMP - Optional

Table 5 - AP Protocols

AP CAPWAP-LWAPP Protocols
Source DeviceDestination DeviceProtocolDestination PortDescription
VariousAPUDP69TFTP - used for remote code update
VariousAPTCP22SSH - used for optional remote troubleshooting access. Can be administratively disabled.
VariousAPTCP23Telnet - used for optional remote troubleshooting access. Can be administratively disabled.
APDNS ServerTCP/UDP53DNS
APDHCP ServerUDP68DHCP
APVariousUDP514Syslog - Destination configurable. Default is 255.255.255.255
WLCAPUDP1024 - 65535 *CAPWAP Ctl/Data
WLCAPUDP5248CAPWAP Mcast.
APWLCUDP6352RDLP
WLCAPUDP12222-12223LWAPP Ctl/Data
WLCAPUDP12224LWAPP Mcast.
APMonitor PCTCP37540 for 2.4 GHz 37550 for 5GHzNSI Protocol for SE-Connect
VariousAPICMP ICMP - Optional

* - Arbitrary port number is assigned to every AP from range 1024 - 65535 when the AP joins the WLC. The WLC uses the number as the Destination Port for CAPWAP Ctl/Data as long as the AP is connected.

Table 6 - OEAP600 Firewall Protocols

AP CAPWAP-LWAPP Protocols
Source DeviceDestination DeviceProtocolDestination PortDescription
WLCAPUDP5246-5247CAPWAP Ctl/Data

cuwn-ppm-02.gif

Updated: Mar 04, 2015
Document ID: 113344