Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 2.3
Appendix B Port and Protocol Values
Download this chapter
Appendix B Port and Protocol ValuesAppendix B Port and Protocol Values
Download the complete book
Book-level PDF: Firewall Services Module Command Reference, 2.3Book-level PDF: Firewall Services Module Command Reference, 2.3 (PDF - 7 MB)
 Feedback

Table Of Contents

Port and Protocol Values

Specifying Port Values

Specifying Protocol Values


Port and Protocol Values

This appendix lists the port and protocol values used by the FWSM and contains these sections:

Specifying Port Values

Specifying Protocol Values

Specifying Port Values

You can use literal names instead of numerical port values in command syntax.

The FWSM permits the following TCP literal names: bgp, chargen, cmd, citrix-ica, daytime, discard, domain, echo, exec, finger, ftp, ftp-data, gopher, h323, hostname, http, ident, irc, klogin, kshell, lpd, nntp, pop2, pop3, pptp, rpc, smtp, sqlnet, sunrpc, tacacs, talk, telnet, time, uucp, whois, and www.

The FWSM uses port 1521 for SQL*Net. This is the default port used by Oracle for SQL*Net; however, this value does not agree with IANA port assignments.

The FWSM listens for RADIUS on ports 1645 and 1646. If your RADIUS server uses ports 1812 and 1813, you will need to reconfigure it to listen on ports 1645 and 1646.

To assign a port for DNS access, use domain, not dns. The dns keyword translates into the port value for dnsix.

Note The FWSM drops DNS packets sent to UDP port 53 (usually used for DNS) that have a packet size larger than 512 bytes.

Permitted UDP literal names are biff, bootpc, bootps, discard, dnsix, echo, mobile-ip, nameserver, netbios-dgm, netbios-ns, ntp, rip, snmp, snmptrap, sunrpc, syslog, tacacs, talk, tftp, time, who, and xdmcp.

You can view port numbers online at this URL:

http://www.iana.org/assignments/port-numbers

Table B-1 lists the port values and literal names.

Table B-1 Port Values and Literal Names 

Literal
Value
Description

administratively-prohibited

93

 

alternate-address

102

 

aol

60

America Online

bgp

179

Border Gateway Protocol, RFC 1163

biff

512

Used by mail system to notify users that new mail is received

bootpc

68

Bootstrap Protocol Client

bootps

67

Bootstrap Protocol Server

chargen

19

Character Generator

citrix-ica

1494

Citrix Independent Computing Architecture (ICA) protocol

cmd

514

Similar to exec except that cmd has automatic authentication

conversion-error

120

 

ctiqbe

14

 

daytime

13

Day time, RFC 867

discard

9

Discard

DHCP server

67

 

DHCP client

68

 

dod-host-prohibited

92

 

dod-net-prohibited

91

 

domain

53

DNS (Domain Name System)

dnsix

195

DNSIX Session Management Module Audit Redirector

echo

7, 103

Echo

echo-reply

78

Echo reply

exec

512

Remote process execution

finger

79

Finger

ftp

21

File Transfer Protocol (control port)

ftp-data

20

File Transfer Protocol (data port)

general-parameter

110

 

gopher

70

Gopher

h323

1720

H.323 call signaling

host-isolated

90

 

hostname

101

NIC Host Name Server

host-precedence-unreachable

94

 

host-tos-unreachable

89

 

host-redirect

   

host-tos-redirect

101

 

host-unknown

87

 

host-unreachable

81

 

https

62

 

ident

113

Ident authentication service

imap4

63

 

information-reply

116

 

information-request

117

 

irc

194

Internet Relay Chat protocol

isakmp

500

ISAKMP

kerberos

64

 

klogin

543

KLOGIN

kshell

544

Korn Shell

ldap

65

 

ldaps

66

 

lpd

515

Line Printer Daemon-printer spooler

login

513

Remote login

lotusnotes

67

 

mask-reply

118

 

mask-request

117

 

mobile-ip

434

Mobile IP-Agent

mobile-redirect

121

 

nameserver

42

Host Name Server

netbios-dgm

138

NETBIOS Datagram Service

net-redirect

98

 

net-tos-redirect

100

 

net-tos-unreachable

88

 

network-unknown

86

 

nntp

119

Network News Transfer Protocol

netbios-ns

137

NETBIOS Name Service

netbios-ssn

68

Network Basic Input Output System

netreachable

80

 

no-room-for-option

112

 

ntp

123

Network Time Protocol

option-missing

111

 

packet-too-big

84

 

pcanywhere-data

69

 

parameter-problem

109

 

pcanywhere-status

73

 

pim-auto-rp

496

Protocol Independent Multicast, reverse path flooding, dense mode

pop2

109

Post Office Protocol—Version 2

pop3

110

Post Office Protocol—Version 3

port-unreachable

83

Port cannot be found

pptp

70

Point-to-Point Tunneling Protocol. RFC 2637 describes the PPTP protocol

precedence-unreachable

95

Precedence cannot be found

protocol-unreachable

82

Protocol cannot be found

radius

74, 1645, 1646

Remote Authentication Dial-In User Service

radius-acct

75

Remote Authentication Dial-In User Service

reassembly-timeout

108

Specifies the timeout for reassembly

redirect

97

Redirect

router-advertisement

104

Router sends advertisement

router-solicitation

105

Queries the router

rip

520

Routing Information Protocol

rpc

71

Remote Procedure Call

secureid-udp

76

Specifies UDP secure ID

sip

58

Session Initiation Protocol

skinny

59

Simple (Skinny) Client Control Protocol

smtp

25

Simple Mail Transport Protocol

snmp

161

Simple Network Management Protocol

snmptrap

162

Simple Network Management Protocol—Trap

source-route-failed

85

Route inactive

source-quench

96

Remove sourcing

sqlnet

1521

Structured Query Language Network

ssh

72

Secure shell

sunrpc

111

Sun RPC (Remote Procedure Call)

syslog

514

System Log

tacacs

49

TACACS+ (Terminal Access Controller Access Control System Plus)

talk

517

Talk

telnet

23

RFC 854 Telnet

tftp

69

Trivial File Transfer Protocol

time

37

Time

time-exceeded

106

Time exceeded

timestamp-reply

114

Returns the time stamp

timestamp-request

113

Requests a time stamp

traceroute

119

Specifies trace routing

ttl-exceeded

107

TTL is exceeded

unreachable

79

Connection refused or inactive

uucp

540

UNIX-to-UNIX Copy Program

who

513

Who

whois

43

Who Is

www

80

World Wide Web

xdmcp

177

X Display Manager Control Protocol, used to communicate between X terminals and workstations running UNIX


Specifying Protocol Values

You can specify protocols by numeric and literal values. Possible literal values are ahp, eigrp, esp, gre, icmp, igmp, igrp, ip, ipinip, ipsec, nos, ospf, pcp, snp, tcp, and udp.

You can view protocol numbers at this URL:

http://www.iana.org/assignments/protocol-numbers

Note Many routing protocols use multicast packets to transmit their data. If you send routing protocols across the FWSM, configure the surrounding routers with the Cisco IOS software neighbor command. If routes on an unprotected interface are corrupted, the routes that are transmitted to the protected side of the firewall will corrupt routers there.

Table B-2 lists the numeric values and literal names for the protocols.

Table B-2 Protocol Numeric and Literal Values 

Literal
Value
Description

ah

51

Authentication Header for IPv6, RFC 1826

eigrp

88

Enhanced Interior Gateway Routing Protocol

esp

50

Encapsulated Security Payload for IPv6, RFC 1827

gre

47

General Routing Encapsulation

icmp

1

Internet Control Message Protocol, RFC 792

igmp

2

Internet Group Management Protocol, RFC 1112

igrp

9

Interior Gateway Routing Protocol

ip

0

Internet Protocol

ipinip

4

IP-in-IP encapsulation

nos

94

Network Operating System (Novell's NetWare)

ospf

89

Open Shortest Path First routing protocol, RFC 1247

pcp

108

Payload Compression Protocol

snp

109

Sitara Networks Protocol

tcp

6

Transmission Control Protocol, RFC 793

udp

17

User Datagram Protocol, RFC 768