Cisco Router and Security Device Manager 2.5 User Guide
Port-to-Application Mapping
Downloads: This chapterpdf (PDF - 341.0KB) The complete bookPDF (PDF - 7.45MB) | Feedback

Port-to-Application Mapping

Table Of Contents

Port-to-Application Mapping

Port-to-Application Mappings

Add or Edit Port Map Entry


Port-to-Application Mapping


Port-to-Application Mapping (PAM) allows you to customize TCP and UDP port numbers for network services and applications. PAM uses this information to support network environments that run services using ports that are different from the registered or well-known ports associated with an application.

The information that PAM maintains enables Context-Based Access Control (CBAC) supported services to run on nonstandard ports. Previously, CBAC was limited to inspecting traffic using only the well-known or registered ports associated with an application. Now, PAM allows network administrators to customize network access control for specific applications and services.

Port-to-Application Mappings

This window displays the port-to-application mappings configured on the router and allows you to add, edit and remove PAM entries. Each row in the window displays a PAM entry, and entries are grouped according to type.

Add, Edit, and Delete Buttons

Use these buttons to create, edit, or remove PAM entries. Clicking the Add button lets you create entries that map nonstandard port numbers to protocol names. Clicking the Edit button lets you make changes to user-defined entries. Entries with the value System Defined in the Protocol Type column cannot be edited or deleted.

Application Protocol Column

This column contains the name of the application protocol, and the names of the protocol types. For example, the FTP and the TFTP entries are found under the File Transfer protocol type.

Port Type Column

This list appears if the router is running a Cisco IOS image that allows you to specify whether this port map entry applies to TCP or to UDP traffic.

Port Column

This column contains the port number. For example the system-defined entry for HTTP would have the port number 80 in this column. A user-defined entry for HTTP might have the port number 8080 or another custom-defined number in this column.

Protocol Type Column

A row in this column displays one of the following values:

User-Defined—The entry contains a nonstandard mapping between a protocol and protocol number. The entry could be associated with a host IP address identified by the access control list (ACL) whose number is displayed in the Access List column.

System-Defined—The entry contains a standard, registered mapping between the protocol and protocol number, such as tftp 69, or smtp 25. System-defined entries cannot be edited or deleted. System-defined entries contain no value in the Access List column because they apply to all hosts on the network.

Access List Column

A PAM entry applies to a single host, defined by a standard ACL. This column displays the number of the ACL used to identify the host to which the PAM entry applies. If you want to view the ACL that identifies the host, go to Additional Tasks > ACL Editor > Access Rules. Then click the number of the ACL that you saw in this window.

Description Column

If a description of the PAM entry has been created, the description is displayed in this column.

Add or Edit Port Map Entry

You can add and edit port map entries for custom or standard protocols.

Protocol Field

If you are adding an entry, specify the protocol by clicking the list (...) button to the right and choosing a system-defined protocol, or by entering the name of a custom protocol. You cannot enter custom-defined protocol names for which a port mapping already exists.

If you are editing an entry, the protocol field is disabled. If you need to change the protocol, delete the PAM entry and re-create it using the protocol information that you need.

Description Field

This field appears if the router is running a Cisco IOS image that allows you to specify whether this port map entry applies to TCP or to UDP traffic. You can optionally enter a description of the port map entry. Descriptions are helpful when you are adding entries for custom protocols or special applications. For example, if you created an entry for a custom database application named "orville" running on host sf-5, you might enter "orville-sf-5."

Port Type List

This list appears if the router is running a Cisco IOS image that allows you to specify whether this port map entry applies to TCP or to UDP traffic. Choose either TCP or UDP. The default is TCP.

Port Number Field

Enter the port number that you want to map to the protocol that you specified. If the router is running a Cisco IOS image that allows you to specify whether this port map entry applies to TCP or to UDP traffic, you can enter multiple port numbers separated by commas, or port number ranges indicated with a dash. For example, you might enter three noncontiguous port numbers as 310, 313, 318, or you might enter the range 415-419.

If the router is not running a Cisco IOS image that allows you to specify whether this port map entry applies to TCP or to UDP traffic, you can enter a single port number.

Host of Service Field

Specify the IP address of the host to which this port mapping is to apply. If you need the same mapping for another host, create a separate PAM entry for that host.