TCP/UDP ports between Cisco PI 2.0 and WLC5508
Hello,
I will install Cisco PI 2.0 behind a firewall for security reason. The WLC5508 is before a firewall. Can anybody let me know which TCP/UDP ports need to be open specifically between the Cisco PI and WLC? I don't see that from the below link.
Cisco Prime Infrastructure 2.0 Quick Start Guide
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/quickstart/guide/cpi_qsg.html#wp46865
Thanks,
Robert
Firewall Between the WCS and Controller or WCS and the WCS User Interface
When a PI server and a PI user interface are on different sides of a firewall, they cannot communicate unless these ports on the firewall are open to two-way traffic:
80 (for initial http)
69 (tftp)
162 (trap port)
443 (https)
Open these ports in order to configure your firewall to allow communications between a PI server and a PI user interface.
Regards
Dont forget to rate helpful posts
Similar Messages
-
QOS Network Planning - TCP/UDP Ports used in CWMS 2.5 MDC deployment
Does anyone know if there is documentation that describes the WAN traffic in CWMS 2.5 MDC? I'm looking for the TCP/UDP ports that must be prioritized on the WAN to properly class our traffic between the two data centers. I can't find any such document.
Thanks,
MattHI Matt,
All the network requirements are listed in the CWMS 2.5 Planning Guide in Networking Checklist: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html
I hope this is what you are looking for.
-Dejan -
TCP/UDP Port Utilization question for CCX 8.5
Greetings,
I have gone through the CCX 8.5 TCP/UDP port utilization guide.
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/configuration/guide/uccx851pug.pdf
I always do this as a matter of practice and I had a question concerning Java RMI ports. In the guide there is an ephemeral range TCP:32768-61000 that is used for Java RMI. Based on the context clues in the footnote this is an intra-cluster communication between processes running on CCX. This jives with ACLs I have built for previous versions.
The hang up I have is that Table 1 (page 6) of the guide shows that one of the remote devices is "Editor". I take this to mean CRS Editor, which can run on a desktop in the environment. I want to keep the ACL as trim as possible, so I don't want to open up the TCP ephemeral range unnecessarily. So, I guess my question is:
When that document refers to "Editor" do they mean that the CRS Editor is communicating using the referenced ports? Or is there a server-side process called Editor listening on those ports. The shift in how I apparently have to account for RMI is causing me to question.
Thanks in advance,
BillI followed the port guide, but am still having issues connecting to the editor from my workstation with my access-list in place.
When I remove the ACL the editor connects and I can do reactive debugging. The ACL breaks this.
Followed this
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf
Does anyone have a sample acl that works? -
What TCP/UDP ports need to be open for VPN Client version 4.8?
What TCP/UDP ports need to be open for Cisco VPN Client version 4.8 to work?
Thanks,Normally, you need the following ports and protocol :
UDP 500
UDP 4500
ESP
In case, you are using IPSec over TCP you have to open, TCP port 10000 or any other port you want to use for IPSec connections (Its configurable).
-Kanishka -
Does anyone know the TCP/UDP Port numbers that have to be opened up when using NAT, this is what I have:
CTC PC >>>>>>>>>>> ROUTER >>>>>>>>>>>ONS15454
The CTC PC and the ONS are on different IP Networks so I'm the router to translate from one to the other with NAT, configured the ONS15454 to use Socks.
I used to have a document that explained this but I've lost it.
THanks
ChrisHi Chris.
I see you already have provisioned the node for SOCKS Proxy. If you want to be able to still have IP connectivity (for ping or telnet) to the ENE's, then enable the SOCKS Proxy Only option. The SOCKS Proxy needs to be provisioned on the LAN connected 15454 at the very least. You can also go to the CTC drop down menu: Edit -> Preferences -> Firewall and change the port from being variable to static default. That will further restrict the ports that are used by CTC. This should resolve any intermittent connectivity issues in CTC if it is being caused by a firewall.
www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp42216
"If you launch CTC against a node through a Network Address Translation (NAT) or Port Address Translation (PAT) router and that node does not have proxy enabled, your CTC session starts and initially appears to be fine. However, CTC never receives alarm updates and disconnects and reconnects every two minutes. If the proxy is accidentally disabled, it is still possible to enable the proxy during a reconnect cycle and recover your ability to manage the node, even through a NAT/PAT firewall."
Lastly, to answer your question directly below is a link to the list:
www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp59962
Table 14-6 Ports Used by the TCC2/TCC2P
Thanks,
Will -
TCP/UDP Ports and site used by FEP to download updates - needed to allow on perimeter firewall
Can some one point me with information like what TCP/UDP ports are utilized by FEP and what DNS / site Name it uses to download FEP Updates. This is needed to tighten perimeter FireWall policies
Thank youIt should be the same as the documentation for all Software Updates:
https://technet.microsoft.com/en-us/library/bcf8ed65-3bea-4bec-8bc5-22d9e54f5a6d#BKMK_ConfigureFirewalls
Make sure to expand the "restrict access to specific domains" section to see the update related URLs. -
Should I block TCP/UDP ports 135 to 139 on my router?
For the sake of Internet and Desktop security should I block TCP/UDP ports 135 to 139 both ways at all times on my router? This seems to be recommended for Windows environments. Does Mavericks need these ports for its proper operation? When tested, ports 135, 137,18 show as closed whereas all other ports are Stealth. Ideally, they should all be Stealth.
Have a read here: http://securityspread.com/2013/07/26/firewall/
Stealth is just as good as closed, some would argue that stealth is just as much of a giveaway of the port being present as it being closed.
The specific ports you mention pose no risk to OS X as far as I am aware. -
Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplayer?
Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplaer to operate properly? This would include updating, linking, and any subset of features.
The Acrobat Family uses TCP HTTP/HTTPS for all traffic. The following processes and ports may be active on a Windows client machine:
AdobeARM.exe - automatic updates - port 443
AcroRd32.exe - brand messages - port 443
AcroRd32.exe - links in documents - anything specified in the URL
Acrobat.exe - brand messages - port 443
Acrobat.exe - links in documents - anything specified in the URL
AdobeCollabSync.exe - Tracker review data - port 443
The same ports are used by the program components on OS X.
There are no inbound listening ports for any elements of the Acrobat Family. Automatic updates are not pushed and there are no server processes within the software. -
Hi Experts,
Is the above statement true?. I learnt later that adding tcp and udp ports on the nat 0 statements are supported . But does it take away the entire nat statement? Please answer my question at the earliest.
Regards
KrishnaKrishna,
"NAT exemption (nat 0 access-list command)—NAT exemption allows both translated and remote hosts to initiate connections. Like identity NAT, you do not limit translation for a host on specific interfaces; you must use NAT exemption for connections through all interfaces. However, NAT exemption does enable you to specify the real and destination addresses when determining the real addresses to translate (similar to policy NAT), so you have greater control using NAT exemption. However unlike policy NAT, NAT exemption does not consider the ports in the access list. NAT exemption also does not support connection settings, such as maximum TCP connections."
Reference
So, since the documentation clearly says that this rule does not consider any ports in the ACL, then one should not be testing unsupported configurations.
If one adds an ACL with specific ports, then unexpected results may be expected.
My suggestion, dont add any ACL entry with specific ports to your NAT exempt statement.
Thanks.
Portu.
Please rate any helpful posts -
Checking TCP/UDP ports!
What's up everybody,
Does anyobody know how to check if a port is open? (tcp/udp)
thanks!
matio,Welcome to the forums.
Common Mac OS X tools used here include Network Utility, lsof, and telnet and ping, and dns-sd and ping for Bonjour and mDNS, depending on details are sought.
(With the Windows entries from your footer, various of these tools and equivalents are what can be obtained by loading Cygwin or by loading Microsoft's SUA/SFU tools, and with some add-ons. PowerShell might or does have analogs here, but the old MS-DOS shell was pretty limited in what diagnostics were available without additions. There was telnet and ping, but some other bits were missing.)
Add-on tools include nmap. (nmap is a fairly gonzo-useful tool for this sort of thing.)
telnet works nicely for brute-force port tests on the LAN.
And FWIW, if those public web site tools do work and if you're on your own LAN, then definitely also consider checking the settings of and consider upgrading the LAN security. Those tools and those web sites should be blocked by default by the firewall or the gateway device found on most any LAN; whether that's a low-end NAT device, a server-grade firewall, or otherwise. -
Dears,
Please i need to know what is the difference in the features between Cisco prime infrastructure 1.2 and Cisco prime 1.4.
Already i see the release note for each one but the release indicate only the New feature for every one. so i need to know the difference between them not new features.
Wait your kind feedback plz
Regards,Hi,
New Features and Enhancements
The following topics describe new features and enhancements in Cisco Prime Infrastructure 1.4.
Management Support for WLC Release 7.5
Support for 802.11ac Module
Support for Cisco AP 700
Policy Classification Engine
FlexConnect Audit Support
Autonomous AP Support
Client Stateful Switchover
Cable Modem Monitoring
Support for Secure File Transfer Protocol
and please go through the link and check the data sheet for further clearance.
http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/datasheet-c78-729879.html -
how can i make a graph
y is number(the blue wire)pasing from UDP port,
x is the time stamp.
plus in the same time this graph can display several differenr numbers to compare. -
ACS Communication TCP/UDP ports
Hi,
I have a WEBVPN (on Cisco 2811) which will authenticate its client using ACS, ACS in turn will be integrated with AD.
the three components (WEBVPN, ACS and AD) have a firewall in between them, I need to configure to allow the communication between the three components, I need a list the ports required for such configuration.
Also I have to ACS appliances working in HA mode, they will be installed in different locations with firewall in between,What are the ports the 2 appliances are communicating through to ensure full HA?Table 2 have this information,
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps2086/ps7032/prod_qas0900aecd80108148_ps2086_Products_Q_and_A_Item.html
Regards,
~JG
Do rate helpful posts -
Does anyone know which ports on the firewall/router do I need to open for NAT (Network Address Translation) so that I can access the database from outside the firewall by SQLnet.
default tcp/1521
but u can change it -
What TCP/UDP ports are required for Sunray to communicate withSunray server
Hi,
Our Sunray appliances and Sunray servers are setting in two different VLANs. For there is no ACL applied between both the VLANs, but we are plannin g to place ACL between these two VLAN for security reason. Do any have a list of ports require for Sunrays to communicate with the Sunray server.
Thanks for the Help
Moe Hans
Network Administrator
Kwantlen Polytechnic University
Surrey, BC
[email protected][http://wikis.sun.com/display/SRSS4dot2/Ports+and+Protocols]
Maybe you are looking for
-
HT202651 Is java required for OS X 10.10?
Is java required for OS X 10.10?
-
Time Machine- Copied files INSIDE the Sparsebundle into trash-HELP!
Long story short-Time Machine was giving an error when attempting to back up. I was on a rampage and threw the files IN my Time Machine disk image into the trash (an immediate "oh crap" moment). It took seconds to get the files into the trash but try
-
Connections from other applications.
Hello, Is there any parameter we can set to control the number of connections from an external application. I am using J2EE application server connection pool to connect to Oracle from Java. In Applciation server setting we can configure the number o
-
Hi I Have createdd a form with a signature box on in Acrobat XI I have sent it to a client who has only got Adobe reader. when the click on the sign box the box flashes green for a second and nothing happens also all of the sign tool bar is grey out.
-
Isolation and continuity testing
Looking for ideas and options for the following. I want to automate a series of continuity and isolation test required for cables. There could be dozens of variations of cables each having many measurement requirements. has anyone done this before? [