QOS Network Planning - TCP/UDP Ports used in CWMS 2.5 MDC deployment
Does anyone know if there is documentation that describes the WAN traffic in CWMS 2.5 MDC? I'm looking for the TCP/UDP ports that must be prioritized on the WAN to properly class our traffic between the two data centers. I can't find any such document.
Thanks,
Matt
HI Matt,
All the network requirements are listed in the CWMS 2.5 Planning Guide in Networking Checklist: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html
I hope this is what you are looking for.
-Dejan
Similar Messages
-
TCP/UDP Ports and site used by FEP to download updates - needed to allow on perimeter firewall
Can some one point me with information like what TCP/UDP ports are utilized by FEP and what DNS / site Name it uses to download FEP Updates. This is needed to tighten perimeter FireWall policies
Thank youIt should be the same as the documentation for all Software Updates:
https://technet.microsoft.com/en-us/library/bcf8ed65-3bea-4bec-8bc5-22d9e54f5a6d#BKMK_ConfigureFirewalls
Make sure to expand the "restrict access to specific domains" section to see the update related URLs. -
Does anyone know the TCP/UDP Port numbers that have to be opened up when using NAT, this is what I have:
CTC PC >>>>>>>>>>> ROUTER >>>>>>>>>>>ONS15454
The CTC PC and the ONS are on different IP Networks so I'm the router to translate from one to the other with NAT, configured the ONS15454 to use Socks.
I used to have a document that explained this but I've lost it.
THanks
ChrisHi Chris.
I see you already have provisioned the node for SOCKS Proxy. If you want to be able to still have IP connectivity (for ping or telnet) to the ENE's, then enable the SOCKS Proxy Only option. The SOCKS Proxy needs to be provisioned on the LAN connected 15454 at the very least. You can also go to the CTC drop down menu: Edit -> Preferences -> Firewall and change the port from being variable to static default. That will further restrict the ports that are used by CTC. This should resolve any intermittent connectivity issues in CTC if it is being caused by a firewall.
www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp42216
"If you launch CTC against a node through a Network Address Translation (NAT) or Port Address Translation (PAT) router and that node does not have proxy enabled, your CTC session starts and initially appears to be fine. However, CTC never receives alarm updates and disconnects and reconnects every two minutes. If the proxy is accidentally disabled, it is still possible to enable the proxy during a reconnect cycle and recover your ability to manage the node, even through a NAT/PAT firewall."
Lastly, to answer your question directly below is a link to the list:
www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp59962
Table 14-6 Ports Used by the TCC2/TCC2P
Thanks,
Will -
What TCP/UDP ports need to be open for VPN Client version 4.8?
What TCP/UDP ports need to be open for Cisco VPN Client version 4.8 to work?
Thanks,Normally, you need the following ports and protocol :
UDP 500
UDP 4500
ESP
In case, you are using IPSec over TCP you have to open, TCP port 10000 or any other port you want to use for IPSec connections (Its configurable).
-Kanishka -
Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplayer?
Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplaer to operate properly? This would include updating, linking, and any subset of features.
The Acrobat Family uses TCP HTTP/HTTPS for all traffic. The following processes and ports may be active on a Windows client machine:
AdobeARM.exe - automatic updates - port 443
AcroRd32.exe - brand messages - port 443
AcroRd32.exe - links in documents - anything specified in the URL
Acrobat.exe - brand messages - port 443
Acrobat.exe - links in documents - anything specified in the URL
AdobeCollabSync.exe - Tracker review data - port 443
The same ports are used by the program components on OS X.
There are no inbound listening ports for any elements of the Acrobat Family. Automatic updates are not pushed and there are no server processes within the software. -
TCP/UDP Port Utilization question for CCX 8.5
Greetings,
I have gone through the CCX 8.5 TCP/UDP port utilization guide.
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/configuration/guide/uccx851pug.pdf
I always do this as a matter of practice and I had a question concerning Java RMI ports. In the guide there is an ephemeral range TCP:32768-61000 that is used for Java RMI. Based on the context clues in the footnote this is an intra-cluster communication between processes running on CCX. This jives with ACLs I have built for previous versions.
The hang up I have is that Table 1 (page 6) of the guide shows that one of the remote devices is "Editor". I take this to mean CRS Editor, which can run on a desktop in the environment. I want to keep the ACL as trim as possible, so I don't want to open up the TCP ephemeral range unnecessarily. So, I guess my question is:
When that document refers to "Editor" do they mean that the CRS Editor is communicating using the referenced ports? Or is there a server-side process called Editor listening on those ports. The shift in how I apparently have to account for RMI is causing me to question.
Thanks in advance,
BillI followed the port guide, but am still having issues connecting to the editor from my workstation with my access-list in place.
When I remove the ACL the editor connects and I can do reactive debugging. The ACL breaks this.
Followed this
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf
Does anyone have a sample acl that works? -
Should I block TCP/UDP ports 135 to 139 on my router?
For the sake of Internet and Desktop security should I block TCP/UDP ports 135 to 139 both ways at all times on my router? This seems to be recommended for Windows environments. Does Mavericks need these ports for its proper operation? When tested, ports 135, 137,18 show as closed whereas all other ports are Stealth. Ideally, they should all be Stealth.
Have a read here: http://securityspread.com/2013/07/26/firewall/
Stealth is just as good as closed, some would argue that stealth is just as much of a giveaway of the port being present as it being closed.
The specific ports you mention pose no risk to OS X as far as I am aware. -
Special QoS config on the witch port used for unity ?
Hi, I'm actually tunning my qos config and I want to know if you apply a special Qos Config on the sowth port used by unity.
ThanksThe following document talks about QoS config for Unity Express. You can use the same appropriately for Unity too.
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_installation_guide_chapter09186a0080527151.html -
TCP/UDP ports between Cisco PI 2.0 and WLC5508
Hello,
I will install Cisco PI 2.0 behind a firewall for security reason. The WLC5508 is before a firewall. Can anybody let me know which TCP/UDP ports need to be open specifically between the Cisco PI and WLC? I don't see that from the below link.
Cisco Prime Infrastructure 2.0 Quick Start Guide
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/quickstart/guide/cpi_qsg.html#wp46865
Thanks,
RobertFirewall Between the WCS and Controller or WCS and the WCS User Interface
When a PI server and a PI user interface are on different sides of a firewall, they cannot communicate unless these ports on the firewall are open to two-way traffic:
80 (for initial http)
69 (tftp)
162 (trap port)
443 (https)
Open these ports in order to configure your firewall to allow communications between a PI server and a PI user interface.
Regards
Dont forget to rate helpful posts -
I work for a large enterprise organisation with dual layer firewalls. The Apple article titled "allowing well known ports through the firewall "does not provide enough information on what the destination ip addresses of Apple servers are which host Apple ICloud services.
Does anyone have information on the destination Apple Ip addresses? So that I can lock down my firewall rules, just so that Apple devices, access Apple services on the Internet.
Many thanksOne option is to use "connection-reuse" cli under sip-ua configuration mode.
sip-ua
connection-reuse
This will enable the 7200 to create a connection with source and destination udp port number set to 5060. This feature is available in IOS 12.4(25d) which requires minimum of 256 / 512MB DRAM (depends on the feature set) and flash of 48 MB. -
Checking TCP/UDP ports!
What's up everybody,
Does anyobody know how to check if a port is open? (tcp/udp)
thanks!
matio,Welcome to the forums.
Common Mac OS X tools used here include Network Utility, lsof, and telnet and ping, and dns-sd and ping for Bonjour and mDNS, depending on details are sought.
(With the Windows entries from your footer, various of these tools and equivalents are what can be obtained by loading Cygwin or by loading Microsoft's SUA/SFU tools, and with some add-ons. PowerShell might or does have analogs here, but the old MS-DOS shell was pretty limited in what diagnostics were available without additions. There was telnet and ping, but some other bits were missing.)
Add-on tools include nmap. (nmap is a fairly gonzo-useful tool for this sort of thing.)
telnet works nicely for brute-force port tests on the LAN.
And FWIW, if those public web site tools do work and if you're on your own LAN, then definitely also consider checking the settings of and consider upgrading the LAN security. Those tools and those web sites should be blocked by default by the firewall or the gateway device found on most any LAN; whether that's a low-end NAT device, a server-grade firewall, or otherwise. -
Hi Experts,
Is the above statement true?. I learnt later that adding tcp and udp ports on the nat 0 statements are supported . But does it take away the entire nat statement? Please answer my question at the earliest.
Regards
KrishnaKrishna,
"NAT exemption (nat 0 access-list command)—NAT exemption allows both translated and remote hosts to initiate connections. Like identity NAT, you do not limit translation for a host on specific interfaces; you must use NAT exemption for connections through all interfaces. However, NAT exemption does enable you to specify the real and destination addresses when determining the real addresses to translate (similar to policy NAT), so you have greater control using NAT exemption. However unlike policy NAT, NAT exemption does not consider the ports in the access list. NAT exemption also does not support connection settings, such as maximum TCP connections."
Reference
So, since the documentation clearly says that this rule does not consider any ports in the ACL, then one should not be testing unsupported configurations.
If one adds an ACL with specific ports, then unexpected results may be expected.
My suggestion, dont add any ACL entry with specific ports to your NAT exempt statement.
Thanks.
Portu.
Please rate any helpful posts -
Hello all,
I have recently installed a piece of hardware which transmits information to UDP port 6001 on my computer. Some software then runs on the computer listens to this port in order to detect the hardware.
However, LabVIEW shared variable engine seems to use the same port. On the computer in question the port is used by NITaggerService (National Instruments Variable Engine).
One solution is to stop this service - this works and allows the software to detect the hardware. However, eventually, I want to run this hardware alongside LabVIEW (indeed, LabVIEW will communicate with the hardware), so this is not a desirable solution.
http://www.ni.com/white-paper/12402/en suggestst that UDP ports 6000-6010 are used by Shared Variables and Network Streams, which is consistant with the service identified above. It suggests that these ports are fixed, however, I have noticed that on different computers, port 6001 is used by a different NI Service (e.g. on another computer, it is used by lkTimeSync (National Instruements Time Synchronization) ), suggesting that there is /some/ flexibility. In addition, not all the ports from 6000-6010 are used in practice, suggesting that it might be possible to use another port in the range 6000-6010 rather than 6001.
Does anyone know how to force NI SVE to use a different range of UDP port, or at least to not use 6001?
All the best
James PolyblankHi James,
It is not possible to pre-define which ports the NI services should use. One way to get around this would be to have these services not auto start on windows launch and manually start it once your other software has established communication with the hardware through UDP port 6001.
You have taken the first step in this direction by stopping the service. After the hardware has been detected (on port 6001), restart the NITaggerService that you stopped. This will automatically start the service on a port that is free and available.
Try this and see if it works. You can also try starting the service automatically from your labview application using 'System Exec.vi' .
Thanks and Regards,
Supreeth.K
Applications Engineer
NIUK -
10.6.5 firewall blocking udp ports used by ethernet MFC printer
Hi All, is there any way to apply a custom rule to allow access through the 10.6.5 firewall for a couple of UDP ports? I am trying to enable scanning from the front panel on a Brother MFC990CW with static IP on our local net (adsl router) and the printer docs specify up to 3 ports to be opened. Have played with IPFW via term but my rule attempts are not having any impact. Also unable to find log location where firewall activity is logged.
Would appreciate any tips.
Happy New YearHI Michalien,
happy new years eve
have you tried adding the Image Capture Utility to the firewall? It Should open the port for you.
system preferences, security, advanced button, + button
navigate to Macintosh HD, Applications, Image Capture (witch handles most scanning in 10.6)
You may also need to add the cannon scan utility as well. -
Measuring performance tcp udp connection using java
ho
find t answers for these questions ..
1. Is it possible to set some upper cut off for the data rate or transmission rate in TCP or UDP ?
2. IF true, get t source code for t same ?
3. is it possible to measure t data rate of a TCP or UDP connection ?
4. get t compl source code for broadcasting using java ?
sry im learning to use java sry if my questions are rookie and absurd . .
pl bear wit me . .
thank u in advance . .
bye byehi ebj and kayaman ,
thanks for the reply for my first question . .
"No, but you can limit the receive window which can have a similar effect."
my second question was ...
can help me out by giving the java code for the first question`s solution ?
and my third question ...
Is it possible to measure the throughput / transmission rate in which the udp or tcp transfer is taking place ??
i think i ve made myself clear to you guys ..
Maybe you are looking for
-
Want know a table name in which material movement field exits
hi, if any know the table name which contains "material movement" field and ("vendor number" or any vendor related field)
-
SOA Suite 11g HA install and EDNDataSource problem
Hi all, We have installed and configured Oracle SOA Suite 11g (11.1.1.5) cluster per the instructions in the Enterprise Deployment Guide and Anthony Reynold's blog (http://blogs.oracle.com/reynolds/entry/installing_an_11g_soa_cluster). We are encount
-
How can I change and pause songs on the locked itouch with the iOS 7 update?
With the previous update I used to be able to pause and play songs or change songs when the itouch was locked but I can't with the new update. How am I able to?
-
How to read xml file that has changing element names?
Idon't know much about xml, nor reading it with java, but I have this problem with reading xml file. The file something like this: <configuration> <DEV001> <serial>001</serial> <id>number 1</id> </DEV001> <DEV002> <serial>0
-
Data Guard data population issue
Hi ... I have data guard config with a scenario that new user schema is created (couple tablespaces and datafiles). The tablespace is setup in NOLOGGING mode. After checking the physical standby server, the datafiles are created. My questions: 1. How