Table Of Contents
Cisco Unified Communications Manager
Release 8.0(1) TCP and UDP Port Usage
Port Descriptions
Glossary
References
Firewall Application Inspection Guides
IP Telephony Configuration and Port Utilization Guides
IETF TCP/UDP Port Assignment List
Cisco Unified Communications Manager
Release 8.0(1) TCP and UDP Port Usage
Published:
February 24, 2010
Revised:
April 2, 2010
This document provides a list of the TCP and UDP ports that Cisco Unified Communications Manager Release 8.0(1) uses for intracluster connections and for communications with external applications or devices. It provides important information for the configuration of firewalls, Access Control Lists (ACLs), and quality of service (QoS) on a network when an IP Communications solution is implemented.
This document organizes the Cisco Unified Communications Manager TCP and UDP ports into the following categories:
•
Intracluster Ports between Cisco Unified Communications Manager Servers
•Common Service Ports
•Ports between Cisco Unified Communications Manager and LDAP Directory
•Web Requests from CCMAdmin or CCMUser to Cisco Unified Communications Manager
•Web Requests from Cisco Unified Communications Manager to Phone
•Signaling, Media, and Other Communication between Phones and Cisco Unified Communications Manager
•Signaling, Media, and Other Communication between Gateways and Cisco Unified Communications Manager
•Communication between Applications and Cisco Unified Communications Manager
•Communication between CTL Client and Firewalls
•Special Ports on HP Servers
Note Cisco has not verified all possible configuration scenarios for these ports. If you are having configuration problems using this list, contact Cisco technical support for assistance.
While virtually all protocols are bidirectional, this document gives directionality from the session originator perspective. In some cases, the administrator can manually change the default port numbers, though Cisco does not recommend this as a best practice. Be aware that Cisco Unified Communications Manager opens several ports strictly for internal use.
Ports in this document apply specifically to Cisco Unified Communications Manager Release 8.0(1). Some ports change from one release to another, and future releases may introduce new ports. Therefore, make sure that you are using the correct version of this document for the version of Cisco Unified Communications Manager that is installed.
Installing Cisco Unified Communications Manager 8.0(1) software automatically installs the following network services for serviceability and activates them by default. Refer to Table 1 for details:
•Cisco Log Partition Monitoring (To monitor and purge the common partition. This uses no custom common port.)
•Cisco Trace Collection Service (TCTS port usage.)
•Cisco RIS Data Collector (RIS server port usage)
•Cisco AMC Service (AMC port usage)
Configuration of firewalls, ACLs, or QoS will vary depending on topology, placement of telephony devices and services relative to the placement of network security devices, and which applications and telephony extensions are in use. Also, bear in mind that ACLs vary in format with different devices and versions.
Note You can also configure Multicast Music on Hold (MOH) ports in Cisco Unified Communications Manager. Because the administrator specifies the actual port values, this document does not contain port values for multicast MOH.
Note The Ephemeral port range for the system is 32768 - 61000.
Port Descriptions
Table 1 Intracluster Ports between Cisco Unified Communications Manager Servers
|
From (Sender)
|
To (Listener)
|
Destination Port
|
Purpose
|
Endpoint |
Unified CM |
514 / UDP |
System logging service |
Unified CM |
RTMT |
1090, 1099 / TCP |
Cisco AMC Service for RTMT performance monitors, data collection, logging, and alerting |
Unified CM (DB) |
Unified CM (DB) |
1500, 1501 / TCP |
Database connection (1501 / TCP is the secondary connection) |
Unified CM (DB) |
Unified CM (DB) |
1510 / TCP |
CAR IDS DB. CAR IDS engine listens on waiting for connection requests from the clients. |
Unified CM (DB) |
Unified CM (DB) |
1511 / TCP |
CAR IDS DB. An alternate port used to bring up a second instance of CAR IDS during upgrade. |
Unified CM (DB) |
Unified CM (DB) |
1515 / TCP |
Database replication between nodes during installation |
Cisco Extended Functions (QRT) |
Unified CM (DB) |
2552 / TCP |
Allows subscribers to receive Cisco Unified Communications Manager database change notification |
Unified CM |
Unified CM |
2551 / TCP |
Intracluster communication between Cisco Extended Services for Active/Backup determination |
Unified CM (RIS) |
Unified CM (RIS) |
2555 / TCP |
Real-time Information Services (RIS) database server |
Unified CM (RTMT/AMC/SOAP) |
Unified CM (RIS) |
2556 / TCP |
Real-time Information Services (RIS) database client for Cisco RIS |
Unified CM (DRF) |
Unified CM (DRF) |
4040 / TCP |
DRF Master Agent |
Unified CM (Tomcat) |
Unified CM (SOAP) |
5007 / TCP |
SOAP monitor |
Unified CM (RTMT) |
Unified CM (TCTS) |
Ephemeral / TCP |
Cisco Trace Collection Tool Service (TCTS) -- the back end service for RTMT Trace & Log Central (TLC) |
Unified CM (Tomcat) |
Unified CM (TCTS) |
7000, 7001, 7002 / TCP |
This port is used for communication between Cisco Trace Collection Tool Service and Cisco Trace Collection servlet. |
Unified CM |
Certificate Manager |
7070 / TCP |
Certificate Manager service |
Unified CM (DB) |
Unified CM (CDLM) |
8001 / TCP |
Client database change notification |
Unified CM (SDL) |
Unified CM (SDL) |
8002 / TCP |
Intracluster communication service |
Unified CM (SDL) |
Unified CM (SDL) |
8003 / TCP |
Intracluster communication service (to CTI) |
Unified CM |
CMI Manager |
8004 / TCP |
Intracluster communication between Cisco Unified Communications Manager and CMI Manager |
Unified CM (Tomcat) |
Unified CM (Tomcat) |
8005 / TCP |
Internal listening port used by Tomcat shutdown scripts |
Unified CM (IPSec) |
Unified CM (IPSec) |
8500 / TCP and UDP |
Intracluster replication of system data by IPSec Cluster Manager |
Unified CM (RIS) |
Unified CM (RIS) |
8888 - 8889 / TCP |
RIS Service Manager status request and reply |
Table 2 Common Service Ports
|
From (Sender)
|
To (Listener)
|
Destination Port
|
Purpose
|
Endpoint |
Unified CM |
7 |
Internet Control Message Protocol (ICMP) This protocol number carries echo-related traffic. It does not constitute a port as indicated in the column heading. |
Unified CM |
Endpoint |
Unified CM |
Endpoint |
22 / TCP |
Secure FTP service, SSH access |
Endpoint |
Unified CM (DNS Server) |
Ephemeral / UDP |
Cisco Unified Communications Manager acting as a DNS server or DNS client Note Cisco recommends that Cisco Unified Communications Manager not act as a DNS server and that all IP telephony applications and endpoints use static IP addresses instead of hostnames. |
Unified CM |
DNS Server |
Endpoint |
Unified CM (DHCP Server) |
67 / UDP |
Cisco Unified Communications Manager acting as a DHCP server Note Cisco does not recommend running DHCP server on Cisco Unified Communications Manager. |
Unified CM |
DHCP Server |
68 / UDP |
Cisco Unified Communications Manager acting as a DHCP client Note Cisco does not recommend running DHCP client on Cisco Unified Communications Manager. Configure Cisco Unified Communications Manager with static IP addresses instead.) |
Endpoint or Gateway |
Unified CM |
69, 6969, then Ephemeral / UDP |
Trivial File Transfer Protocol (TFTP) service to phones and gateways |
Unified CM |
NTP Server |
123 / UDP |
Network Time Protocol (NTP) |
SNMP Server |
Unified CM |
161 / UDP |
SNMP service response (requests from management applications) |
SNMP Server |
Unified CM |
199 / TCP |
Native SNMP agent listening port for SMUX support |
Unified CM |
DHCP Server |
546 / UDP |
DHCPv6. DHCP port for IPv6. |
Unified CM |
Unified CM |
6161 / UDP |
Used for communication between Master Agent and Native Agent to process Native agent MIB requests |
Unified CM |
Unified CM |
6162 / UDP |
Used for communication between Master Agent and Native Agent to forward notifications generated from Native Agent |
Unified CM |
Unified CM |
6666 / UDP |
Netdump server |
Centralized TFTP |
Alternate TFTP |
6970 / TCP |
Centralized TFTP File Locator Service |
Unified CM |
Unified CM |
7161 / TCP |
Used for communication between SNMP Master Agent and subagents |
SNMP Server |
Unified CM |
7999 / TCP |
Cisco Discovery Protocol (CDP) agent communicates with CDP executable |
Unified CM |
Unified CM |
9050 / TCP |
Service CRS requests through the TAPS residing on Cisco Unified Communications Manager |
Unified CM |
Unified CM |
61441 / UDP |
Cisco Unified Communications Manager applications send out alarms to this port through UDP. Cisco Unified Communications Manager MIB agent listens on this port and generates SNMP traps per Cisco Unified Communications Manager MIB definition. |
Unified CM |
Unified CM |
Ephemeral |
Provide trunk-based SIP services |
Table 3 Ports between Cisco Unified Communications Manager and LDAP Directory
|
From (Sender)
|
To (Listener)
|
Destination Port
|
Purpose
|
Unified CM |
External Directory |
Ephemeral/ TCP |
Lightweight Directory Access Protocol (LDAP) query to external directory (Active Directory, Netscape Directory) |
External Directory |
Unified CM |
Table 4 Web Requests from CCMAdmin or CCMUser to Cisco Unified Communications Manager
|
From (Sender)
|
To (Listener)
|
Destination Port
|
Purpose
|
Browser |
Unified CM |
80, 8080 / TCP |
Hypertext Transport Protocol (HTTP) |
Browser |
Unified CM |
443, 8443 / TCP |
Hypertext Transport Protocol over SSL (HTTPS) |
Browser or CLI |
Unified CM |
2355, 2356 / TCP |
Log audit events from the CLI and Web applications |
Table 5 Web Requests from Cisco Unified Communications Manager to Phone
|
From (Sender)
|
To (Listener)
|
Destination Port
|
Purpose
|
Unified CM •QRT •RTMT •Find and List Phones page •Phone Configuration page |
Phone |
80 / TCP |
Hypertext Transport Protocol (HTTP) |
Table 6 Signaling, Media, and Other Communication between Phones and Cisco Unified Communications Manager
|
From (Sender)
|
To (Listener)
|
Destination Port
|
Purpose
|
Phone |
Unified CM (TFTP) |
69, then Ephemeral / UDP |
Trivial File Transfer Protocol (TFTP) used to download firmware and configuration files |
Phone |
Unified CM |
8080 / TCP |
Phone URLs for XML applications, authentication, directories, services, and so on. You can configure these ports on a per-service basis. |
Phone |
Unified CM |
2000 / TCP |
Skinny Client Control Protocol (SCCP) |
Phone |
Unified CM |
2443 / TCP |
Secure Skinny Client Control Protocol (SCCPS) |
Phone |
Unified CM |
2445 / TCP |
Provide trust verification service to SCCPS phones. |
Phone |
Unified CM (CAPF) |
3804 / TCP |
Certificate Authority Proxy Function (CAPF) listening port for issuing Locally Significant Certificates (LSCs) to IP phones |
Phone |
Unified CM |
5060 / TCP and UDP |
Session Initiation Protocol (SIP) phone |
Unified CM |
Phone |
Phone |
Unified CM |
5061 TCP and UDP |
Secure Session Initiation Protocol (SIPS) phone |
Unified CM |
Phone |
IP VMS |
Phone |
16384 - 32767 / UDP |
Real-Time Protocol (RTP), Secure Real-Time Protocol (SRTP) Note Cisco Unified Communications Manager only uses 24576-32767 although other devices use the full range. |
Phone |
IP VMS |
Table 7 Signaling, Media, and Other Communication between Gateways and Cisco Unified Communications Manager
|
From (Sender)
|
To (Listener)
|
Destination Port
|
Purpose
|
Gateway |
Unified CM |
47, 50, 51 |
Generic Routing Encapsulation (GRE), Encapsulating Security Payload (ESP), Authentication Header (AH). These protocols numbers carry encrypted IPSec traffic. They do not constitute a port as indicated in the column heading. |
Unified CM |
Gateway |
Gateway |
Unified CM |
500 / UDP |
Internet Key Exchange (IKE) for IP Security protocol (IPSec) establishment |
Unified CM |
Gateway |
Gateway |
Unified CM (TFTP) |
69, then Ephemeral / UDP |
Trivial File Transfer Protocol (TFTP) |
Gatekeeper |
Unified CM |
1719 / UDP |
Gatekeeper (H.225) RAS |
Gateway |
Unified CM |
1720 / TCP |
H.225 signaling services for H.323 gateways and Intercluster Trunk (ICT) |
Unified CM |
Gateway |
Gateway |
Unified CM |
Ephemeral / TCP |
H.225 signaling services on gatekeeper-controlled trunk |
Unified CM |
Gateway |
Gateway |
Unified CM |
Ephemeral / TCP |
H.245 signaling services for establishing voice, video, and data |
Unified CM |
Gateway |
Gateway |
Unified CM |
2000 / TCP |
Skinny Client Control Protocol (SCCP) |
Gateway |
Unified CM |
2001 / TCP |
Upgrade port for 6608 gateways with Cisco Unified CM deployments |
Gateway |
Unified CM |
2002 / TCP |
Upgrade port for 6624 gateways with Cisco Unified CM deployments |
Gateway |
Unified CM |
2427 / UDP |
Media Gateway Control Protocol (MGCP) gateway control |
Gateway |
Unified CM |
2428 / TCP |
Media Gateway Control Protocol (MGCP) backhaul |
-- |
-- |
4000 - 4005 / TCP |
These ports are used as phantom Real-Time Transport Protocol (RTP) and Real-Time Transport Control Protocol (RTCP) ports for audio, video and data channel when Cisco Unified CM does not have ports for these media. |
Gateway |
Unified CM |
5060 / TCP and UDP |
Session Initiation Protocol (SIP) gateway and Intercluster Trunk (ICT) |
Unified CM |
Gateway |
Gateway |
Unified CM |
5061 / TCP and UDP |
Secure Session Initiation Protocol (SIPS) gateway and Intercluster Trunk (ICT) |
Unified CM |
Gateway |
Gateway |
Unified CM |
16384 - 32767 / UDP |
Real-Time Protocol (RTP), Secure Real-Time Protocol (SRTP) Note Cisco Unified Communications Manager only uses 24576-32767 although other devices use the full range. |
Unified CM |
Gateway |
Table 8 Communication between Applications and Cisco Unified Communications Manager
|
From (Sender)
|
To (Listener)
|
Destination Port
|
Purpose
|
CTL Client |
Unified CM CTL Provider |
2444 / TCP |
Certificate Trust List (CTL) provider listening service in Cisco Unified Communications Manager |
Cisco Unified Communications App |
Unified CM |
2748 / TCP |
CTI application server |
Cisco Unified Communications App |
Unified CM |
2749 / TCP |
TLS connection between CTI applications (JTAPI/TSP) and CTIManager |
Cisco Unified Communications App |
Unified CM |
2789 / TCP |
JTAPI application server |
Unified CM Assistant Console |
Unified CM |
2912 / TCP |
Cisco Unified Communications Manager Assistant server (formerly IPMA) |
Unified CM Attendant Console |
Unified CM |
1103 -1129 / TCP |
Cisco Unified Communications Manager Attendant Console (AC) JAVA RMI Registry server |
Unified CM Attendant Console |
Unified CM |
1101 / TCP |
RMI server sends RMI callback messages to clients on these ports. |
Unified CM Attendant Console |
Unified CM |
1102 / TCP |
Attendant Console (AC) RMI server bind port -- RMI server sends RMI messages on these ports. |
Unified CM Attendant Console |
Unified CM |
3223 / UDP |
Cisco Unified Communications Manager Attendant Console (AC) server line state port receives ping and registration message from, and sends line states to, the attendant console server. |
Unified CM Attendant Console |
Unified CM |
3224 / UDP |
Cisco Unified Communications Manager Attendant Console (AC) clients register with the AC server for line and device state information. |
Unified CM Attendant Console |
Unified CM |
4321 / UDP |
Cisco Unified Communications Manager Attendant Console (AC) clients register to the AC server for call control. |
Unified CM with SAF/CCD |
IOS Router running SAF image |
5050 / TCP |
Multi-Service IOS Router running EIGRP/SAF Protocol. |
Cisco Unified Communications App |
Unified CM |
8443 / TCP |
AXL / SOAP API for programmatic reads from or writes to the Cisco Unified Communications Manager database that third parties such as billing or telephony management applications use. |
Table 9 Communication between CTL Client and Firewalls
|
From (Sender)
|
To (Listener)
|
Destination Port
|
Purpose
|
CTL Client |
TLS Proxy Server |
2444 / TCP |
Certificate Trust List (CTL) provider listening service in an ASA firewall |
Table 10 Special Ports on HP Servers
|
From (Sender)
|
To (Listener)
|
Destination Port
|
Purpose
|
Endpoint |
HP SIM |
2301 / TCP |
HTTP port to HP agent |
Endpoint |
HP SIM |
2381 / TCP |
HTTPS port to HP agent |
Endpoint |
Compaq Management Agent |
25375, 25376, 25393 / UDP |
COMPAQ Management Agent extension (cmaX) |
Endpoint |
HP SIM |
50000 - 50004 / TCP |
HTTPS port to HP SIM |
Glossary
AXL / SOAP
Cisco Unified Communications XML Layer / Simple Object Access Protocol - API that applications use to read from or write to the Cisco Unified Communications Manager database.
CAPF
Certificate Authority Proxy Function - Used to load X.509 digital certificates into IP phones.
CDLM
Cisco Database Layer Monitor - Used to synchronize the database with what is running in active memory.
CTI
Computer Telephony Integration - Provides a link between telephone systems and computers to facilitate incoming and outgoing call handling and control; the physical link between a telephone and server.
CTL Client
Certificate Trust List Client - Application that creates the Certificate Trust List that gets loaded into IP phones. This plug-in comes with Cisco Unified Communications Manager and can be run on any computer that has IP connectivity to all Cisco Unified Communications Managers in the cluster and has a USB port.
DRF
Disaster Recovery Framework
Ephemeral Ports
In virtually all cases, source ports are ephemeral, meaning random within a specified range. When an outgoing request is made, the application solicits the host device for a port from its ephemeral pool. In a few cases, the destination port is also ephemeral, meaning that both the source and destination ports are random.
JTAPI
Java Telephony Application Program Interface - Sun Microsystems telephony programming interface for Java. It provides a set of classes and interfaces that provide access to call control and telephony device control as well as media and administrative services.
LDAP
Lightweight Directory Access Protocol - Used to validate user credentials against the designated directory service.
LDAPS
Lightweight Directory Access Protocol over TLS/SSL - Used to validate user credentials against the designated directory service.
IP VMS
Cisco IP Voice Media Streaming Application - Used for music on hold, annunciator, conference bridge, media termination point (MTP), and so on.
RIS
Real-Time Information Services database - Used by the Real-Time Monitoring Tool (RTMT) in the Serviceability application.
RTMT
Real-Time Monitoring Tool
SDL
Signal Distribution Layer Link - Used for intracluster communications.
SOAP
Simple Object Access Protocol
TCTS
Trace Collection Tool Service - The backend service for RTMT Trace & Log Central (TLC)
TFTP
Trivial File Transfer Protocol - Used to load firmware and configurations into phones, gateways, and so on.
Tomcat
Web server
References
Firewall Application Inspection Guides
ASA Series reference information
http://www.cisco.com/en/US/products/ps6120/tsd_products_support_series_home.html
PIX 6.3 Application Inspection Configuration Guide
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/fixup.html
PIX 7.1 Application Inspection Configuration Guide
http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/inspect.html
FWSM 3.1 Application Inspection Configuration Guide
http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/inspct_f.html
IP Telephony Configuration and Port Utilization Guides
Cisco CRS 4.0 (IP IVR and IPCC Express) Port Utilization Guide
http://www.cisco.com/en/US/products/sw/custcosw/ps1846/products_installation_and_configuration_guides_list.html
Port Utilization Guide for Cisco ICM/IPCC Enterprise and Hosted Editions
http://www.cisco.com/en/US/products/sw/custcosw/ps1001/products_installation_and_configuration_guides_list.html
Cisco Unified Communications Manager Express Security Guide to Best Practices
http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e30.html
Cisco Unity Express Security Guide to Best Practices
http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e31.html#wp41149
IETF TCP/UDP Port Assignment List
Internet Assigned Numbers Authority (IANA) IETF assigned Port List
http://www.iana.org/assignments/port-numbers
CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1002R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2010 Cisco Systems, Inc. All rights reserved.
