Feedback
Contents
Cisco Unified Communications Manager TCP and UDP port usage
This chapter provides a list of the TCP and UDP ports that Cisco Unified Communications Manager release 9.0(1) uses for intracluster connections and for communication with external applications or devices. You will also find important information for the configuration of firewalls, Access Control Lists (ACLs), and quality of service (QoS) on a network when an IP Communications solution is implemented.
Port usage for release 9.0(1)
Cisco Unified Communications Manager TCP and UDP ports are organized into the following categories:
NoteCisco has not verified all possible configuration scenarios for these ports. If you are having configuration problems using this list, contact Cisco technical support for assistance.
Port references apply specifically to Cisco Unified Communications Manager Release 9.0(1). Some ports change from one release to another, and future releases may introduce new ports. Therefore, make sure that you are using the correct version of this document for the version of Cisco Unified Communications Manager that is installed.
While virtually all protocols are bidirectional, directionality from the session originator perspective is presumed. In some cases, the administrator can manually change the default port numbers, though Cisco does not recommend this as a best practice. Be aware that Cisco Unified Communications Manager opens several ports strictly for internal use.
Installing Cisco Unified Communications Manager software automatically installs the following network services for serviceability and activates them by default. Refer to Table 1 for details:
- Cisco Log Partition Monitoring (To monitor and purge the common partition. This uses no custom common port.)
- Cisco Trace Collection Service (TCTS port usage)
- Cisco RIS Data Collector (RIS server port usage)
- Cisco AMC Service (AMC port usage)
Configuration of firewalls, ACLs, or QoS will vary depending on topology, placement of telephony devices and services relative to the placement of network security devices, and which applications and telephony extensions are in use. Also, bear in mind that ACLs vary in format with different devices and versions.
NoteYou can also configure Multicast Music on Hold (MOH) ports in Cisco Unified Communications Manager. Port values for multicast MOH are not provided because the administrator specifies the actual port values.
NoteThe Ephemeral port range for the system is 32768 – 61000.
Port descriptions
Table 1 Intracluster Ports Between Cisco Unified Communications Manager Servers From (Sender)
To (Listener)
Destination Port
Purpose
Endpoint
Unified CM
514 / UDP
System logging service
Unified CM
RTMT
1090, 1099 / TCP
Cisco AMC Service for RTMT performance monitors, data collection, logging, and alerting
Unified CM (DB)
Unified CM (DB)
1500, 1501 / TCP
Database connection (1501 / TCP is the secondary connection)
Unified CM (DB)
Unified CM (DB)
1510 / TCP
CAR IDS DB. CAR IDS engine listens on waiting for connection requests from the clients.
Unified CM (DB)
Unified CM (DB)
1511 / TCP
CAR IDS DB. An alternate port used to bring up a second instance of CAR IDS during upgrade.
Unified CM (DB)
Unified CM (DB)
1515 / TCP
Database replication between nodes during installation
Cisco Extended Functions (QRT)
Unified CM (DB)
2552 / TCP
Allows subscribers to receive Cisco Unified Communications Manager database change notification
Unified CM
Unified CM
2551 / TCP
Intracluster communication between Cisco Extended Services for Active/Backup determination
Unified CM (RIS)
Unified CM (RIS)
2555 / TCP
Real-time Information Services (RIS) database server
Unified CM (RTMT/AMC/SOAP)
Unified CM (RIS)
2556 / TCP
Real-time Information Services (RIS) database client for Cisco RIS
Unified CM (DRS)
Unified CM (DRS)
4040 / TCP
DRS Master Agent
Unified CM (Tomcat)
Unified CM (SOAP)
5007 / TCP
SOAP monitor
Unified CM (RTMT)
Unified CM (TCTS)
Ephemeral / TCP
Cisco Trace Collection Tool Service (TCTS) -- the back end service for RTMT Trace and Log Central (TLC)
Unified CM (Tomcat)
Unified CM (TCTS)
7000, 7001, 7002 / TCP
This port is used for communication between Cisco Trace Collection Tool Service and Cisco Trace Collection servlet.
Unified CM
Certificate Manager
7070 / TCP
Certificate Manager service
Unified CM (DB)
Unified CM (CDLM)
8001 / TCP
Client database change notification
Unified CM (SDL)
Unified CM (SDL)
8002 / TCP
Intracluster communication service
Unified CM (SDL)
Unified CM (SDL)
8003 / TCP
Intracluster communication service (to CTI)
Unified CM
CMI Manager
8004 / TCP
Intracluster communication between Cisco Unified Communications Manager and CMI Manager
Unified CM (Tomcat)
Unified CM (Tomcat)
8005 / TCP
Internal listening port used by Tomcat shutdown scripts
Unified CM (Tomcat)
Unified CM (Tomcat)
8080 / TCP
Communication between servers used for diagnostic tests
Unified CM (IPSec)
Unified CM (IPSec)
8500 / TCP and UDP
Intracluster replication of system data by IPSec Cluster Manager
Unified CM (RIS)
Unified CM (RIS)
8888 - 8889 / TCP
RIS Service Manager status request and reply
Location Bandwidth Manager (LBM)
Location Bandwidth Manager (LBM)
9004 / TCP
Intracluster communication between LBMs
Unified CM [Dialed Number Analyzer (DNA) initializing server]
JNIWrapper server
30000 / TCP
Dialed Number Analyzer (DNA)
Port used by the server that handles DNA initialization. JNIWrapper functions respond to requests that the DNA Java service sends.
Table 2 Common Service Ports From (Sender)
To (Listener)
Destination Port
Purpose
Endpoint
Unified CM
7
Internet Control Message Protocol (ICMP) This protocol number carries echo-related traffic. It does not constitute a port as indicated in the column heading.
Unified CM
Endpoint
Unified CM
Endpoint
22 / TCP
Secure FTP service, SSH access
Endpoint
Unified CM (DNS Server)
Ephemeral / UDP
Cisco Unified Communications Manager acting as a DNS server or DNS client
Note Cisco recommends that Cisco Unified Communications Manager not act as a DNS server and that all IP telephony applications and endpoints use static IP addresses instead of hostnames.
Unified CM
DNS Server
Endpoint
Unified CM (DHCP Server)
67 / UDP
Cisco Unified Communications Manager acting as a DHCP server
Note Cisco does not recommend running DHCP server on Cisco Unified Communications Manager.
Unified CM
DHCP Server
68 / UDP
Cisco Unified Communications Manager acting as a DHCP client
Note Cisco does not recommend running DHCP client on Cisco Unified Communications Manager. Configure Cisco Unified Communications Manager with static IP addresses instead.)
Endpoint or Gateway
Unified CM
69, 6969, then Ephemeral / UDP
Trivial File Transfer Protocol (TFTP) service to phones and gateways
Endpoint or Gateway
Unified CM
6970 / TCP
Trivial File Transfer Protocol (TFTP) between master and proxy servers.
HTTP service from the TFTP server to phones and gateways.
Unified CM
NTP Server
123 / UDP
Network Time Protocol (NTP)
SNMP Server
Unified CM
161 / UDP
SNMP service response (requests from management applications)
CUCM Server SNMP Master Agent application
SNMP trap destination
162 / UDP
SNMP traps
SNMP Server
Unified CM
199 / TCP
Native SNMP agent listening port for SMUX support
Unified CM
DHCP Server
546 / UDP
DHCPv6. DHCP port for IPv6.
Unified CM Serviceability
Location Bandwidth Manager (LBM)
5546 / TCP
Enhanced Location CAC Serviceability
Unified CM
Location Bandwidth Manager (LBM)
5547 / TCP
Call Admission requests and bandwidth deductions
Unified CM
Unified CM
6161 / UDP
Used for communication between Master Agent and Native Agent to process Native agent MIB requests
Unified CM
Unified CM
6162 / UDP
Used for communication between Master Agent and Native Agent to forward notifications generated from Native Agent
Unified CM
Unified CM
6666 / UDP
Netdump server
Centralized TFTP
Alternate TFTP
6970 / TCP
Centralized TFTP File Locator Service
Unified CM
Unified CM
7161 / TCP
Used for communication between SNMP Master Agent and subagents
SNMP Server
Unified CM
7999 / TCP
Cisco Discovery Protocol (CDP) agent communicates with CDP executable
Unified CM
Unified CM
9050 / TCP
Service CRS requests through the TAPS residing on Cisco Unified Communications Manager
Unified CM
Unified CM
61441 / UDP
Cisco Unified Communications Manager applications send out alarms to this port through UDP. Cisco Unified Communications Manager MIB agent listens on this port and generates SNMP traps per Cisco Unified Communications Manager MIB definition.
Unified CM
Unified CM
Ephemeral
Provide trunk-based SIP services
Table 3 Ports Between Cisco Unified Communications Manager and LDAP Directory From (Sender)
To (Listener)
Destination Port
Purpose
Unified CM
External Directory
Ephemeral/ TCP
Lightweight Directory Access Protocol (LDAP) query to external directory (Active Directory, Netscape Directory)
External Directory
Unified CM
Table 4 Web Requests From CCMAdmin or CCMUser to Cisco Unified Communications Manager From (Sender)
To (Listener)
Destination Port
Purpose
Browser
Unified CM
80, 8080 / TCP
Hypertext Transport Protocol (HTTP)
Browser
Unified CM
443, 8443 / TCP
Hypertext Transport Protocol over SSL (HTTPS)
Browser or CLI
Unified CM
2355, 2356 / TCP
Log audit events from the CLI and Web applications
Table 5 Web Requests From Cisco Unified Communications Manager to Phone From (Sender)
To (Listener)
Destination Port
Purpose
Unified CM
Phone
80 / TCP
Hypertext Transport Protocol (HTTP)
Table 6 Signaling, Media, and Other Communication Between Phones and Cisco Unified Communications Manager From (Sender)
To (Listener)
Destination Port
Purpose
Phone
Unified CM (TFTP)
69, then Ephemeral / UDP
Trivial File Transfer Protocol (TFTP) used to download firmware and configuration files
Phone
Unified CM
8080 / TCP
Phone URLs for XML applications, authentication, directories, services, etc. You can configure these ports on a per-service basis.
Phone
Unified CM
2000 / TCP
Skinny Client Control Protocol (SCCP)
Phone
Unified CM
2443 / TCP
Secure Skinny Client Control Protocol (SCCPS)
Phone
Unified CM
2445 / TCP
Provide trust verification service to endpoints.
Phone
Unified CM (CAPF)
3804 / TCP
Certificate Authority Proxy Function (CAPF) listening port for issuing Locally Significant Certificates (LSCs) to IP phones
Phone
Unified CM
5060 / TCP and UDP
Session Initiation Protocol (SIP) phone
Unified CM
Phone
Phone
Unified CM
5061 TCP and UDP
Secure Session Initiation Protocol (SIPS) phone
Unified CM
Phone
Phone
Unified CM (TFTP)
6970 TCP
HTTP-based download of firmware and configuration files IP VMS
Phone
16384 - 32767 / UDP
Real-Time Protocol (RTP), Secure Real-Time Protocol (SRTP)
Note Cisco Unified Communications Manager only uses 24576-32767 although other devices use the full range.
Phone
IP VMS
Table 7 Signaling, Media, and Other Communication Between Gateways and Cisco Unified Communications Manager From (Sender)
To (Listener)
Destination Port
Purpose
Gateway
Unified CM
47, 50, 51
Generic Routing Encapsulation (GRE), Encapsulating Security Payload (ESP), Authentication Header (AH). These protocols numbers carry encrypted IPSec traffic. They do not constitute a port as indicated in the column heading.
Unified CM
Gateway
Gateway
Unified CM
500 / UDP
Internet Key Exchange (IKE) for IP Security protocol (IPSec) establishment
Unified CM
Gateway
Gateway
Unified CM (TFTP)
69, then Ephemeral / UDP
Trivial File Transfer Protocol (TFTP)
CUCM with Cisco Intercompany Media Engine (CIME) trunk
CIME ASA
1024-65535 / TCP
Port mapping service. Only used in the CIME off-path deployment model.
Gatekeeper
Unified CM
1719 / UDP
Gatekeeper (H.225) RAS
Gateway
Unified CM
1720 / TCP
H.225 signaling services for H.323 gateways and Intercluster Trunk (ICT)
Unified CM
Gateway
Gateway
Unified CM
Ephemeral / TCP
H.225 signaling services on gatekeeper-controlled trunk
Unified CM
Gateway
Gateway
Unified CM
Ephemeral / TCP
H.245 signaling services for establishing voice, video, and data
Unified CM
Gateway
Gateway
Unified CM
2000 / TCP
Skinny Client Control Protocol (SCCP)
Gateway
Unified CM
2001 / TCP
Upgrade port for 6608 gateways with Cisco Unified CM deployments
Gateway
Unified CM
2002 / TCP
Upgrade port for 6624 gateways with Cisco Unified CM deployments
Gateway
Unified CM
2427 / UDP
Media Gateway Control Protocol (MGCP) gateway control
Gateway
Unified CM
2428 / TCP
Media Gateway Control Protocol (MGCP) backhaul
--
--
4000 - 4005 / TCP
These ports are used as phantom Real-Time Transport Protocol (RTP) and Real-Time Transport Control Protocol (RTCP) ports for audio, video and data channel when Cisco Unified CM does not have ports for these media.
Gateway
Unified CM
5060 / TCP and UDP
Session Initiation Protocol (SIP) gateway and Intercluster Trunk (ICT)
Unified CM
Gateway
Gateway
Unified CM
5061 / TCP and UDP
Secure Session Initiation Protocol (SIPS) gateway and Intercluster Trunk (ICT)
Unified CM
Gateway
Gateway
Unified CM
16384 - 32767 / UDP
Real-Time Protocol (RTP), Secure Real-Time Protocol (SRTP)
Note Cisco Unified Communications Manager only uses 24576-32767 although other devices use the full range.
Unified CM
Gateway
Table 8 Communication Between Applications and Cisco Unified Communications Manager From (Sender)
To (Listener)
Destination Port
Purpose
CTL Client
Unified CM CTL Provider
2444 / TCP
Certificate Trust List (CTL) provider listening service in Cisco Unified Communications Manager
Cisco Unified Communications App
Unified CM
2748 / TCP
CTI application server
Cisco Unified Communications App
Unified CM
2749 / TCP
TLS connection between CTI applications (JTAPI/TSP) and CTIManager
Cisco Unified Communications App
Unified CM
2789 / TCP
JTAPI application server
Unified CM Assistant Console
Unified CM
2912 / TCP
Cisco Unified Communications Manager Assistant server (formerly IPMA)
Unified CM Attendant Console
Unified CM
1103 -1129 / TCP
Cisco Unified Communications Manager Attendant Console (AC) JAVA RMI Registry server
Unified CM Attendant Console
Unified CM
1101 / TCP
RMI server sends RMI callback messages to clients on these ports.
Unified CM Attendant Console
Unified CM
1102 / TCP
Attendant Console (AC) RMI server bind port -- RMI server sends RMI messages on these ports.
Unified CM Attendant Console
Unified CM
3223 / UDP
Cisco Unified Communications Manager Attendant Console (AC) server line state port receives ping and registration message from, and sends line states to, the attendant console server.
Unified CM Attendant Console
Unified CM
3224 / UDP
Cisco Unified Communications Manager Attendant Console (AC) clients register with the AC server for line and device state information.
Unified CM Attendant Console
Unified CM
4321 / UDP
Cisco Unified Communications Manager Attendant Console (AC) clients register to the AC server for call control.
Unified CM with SAF/CCD
IOS Router running SAF image
5050 / TCP
Multi-Service IOS Router running EIGRP/SAF Protocol.
Unified CM
Cisco Intercompany Media Engine (IME) Server
5620 / TCP
Cisco recommends a value of 5620 for this port, but you can change the value by executing the add ime vapserver or set ime vapserver port CLI command on the Cisco IME server.
VAP protocol used to communicate to the Cisco Intercompany Media Engine server.
Cisco Unified Communications App
Unified CM
8443 / TCP
AXL / SOAP API for programmatic reads from or writes to the Cisco Unified Communications Manager database that third parties such as billing or telephony management applications use.
Table 9 Communication Between CTL Client and Firewalls From (Sender)
To (Listener)
Destination Port
Purpose
CTL Client
TLS Proxy Server
2444 / TCP
Certificate Trust List (CTL) provider listening service in an ASA firewall
Table 10 Special Ports on HP Servers From (Sender)
To (Listener)
Destination Port
Purpose
Endpoint
HP SIM
2301 / TCP
HTTP port to HP agent
Endpoint
HP SIM
2381 / TCP
HTTPS port to HP agent
Endpoint
Compaq Management Agent
25375, 25376, 25393 / UDP
COMPAQ Management Agent extension (cmaX)
Endpoint
HP SIM
50000 - 50004 / TCP
HTTPS port to HP SIM
References
- Firewall application inspection guides
- IETF TCP/UDP port assignment list
- IP telephony configuration and port utilization guides
- VMware port assignment list
Firewall application inspection guides
ASA Series reference information
http://www.cisco.com/en/US/products/ps6120/tsd_products_support_series_home.html
PIX 6.3 Application Inspection Configuration Guide
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/fixup.html
PIX 7.1 Application Inspection Configuration Guide
http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/inspect.html
FWSM 3.1 Application Inspection Configuration Guide
http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/inspct_f.html
IETF TCP/UDP port assignment list
IP telephony configuration and port utilization guides
Cisco CRS 4.0 (IP IVR and IPCC Express) Port Utilization Guide
http://www.cisco.com/en/US/products/sw/custcosw/ps1846/products_installation_and_configuration_guides_list.html
Port Utilization Guide for Cisco ICM/IPCC Enterprise and Hosted Editions
http://www.cisco.com/en/US/products/sw/custcosw/ps1001/products_installation_and_configuration_guides_list.html
Cisco Unified Communications Manager Express Security Guide to Best Practices
http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e30.html
Cisco Unity Express Security Guide to Best Practices
http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e31.html#wp41149
