WHITE PAPER

REV1.0

CISCO UNIFIED COMMUNICATIONS MANAGER 7.0 TCP AND UDP PORT USAGE

This document provides a list of the TCP and UDP ports that Cisco Unified Communications Manager (formerly Cisco Unified CallManager) 7.0 uses for intracluster connections and for communications with external applications or devices. It provides important information for the configuration of firewalls, Access Control Lists (ACLs), and quality of service (QoS) on a network when an IP Communications solution is implemented. Note: Cisco has not verified all possible configuration scenarios for these ports. If you are having configuration problems using this list, contact Cisco technical support for assistance. While virtually all protocols are bidirectional, this document gives directionality from the session originator perspective. In some cases, the administrator can manually change the default port numbers, though Cisco does not recommend this as a best practice. Be aware that Cisco Unified Communications Manager opens several ports strictly for internal use. Ports in this document apply specifically to Cisco Unified Communications Manager Release 7.0. Some ports change from one release to another, and future releases may introduce new ports. Therefore, make sure that you are using the correct version of this document for the version of Cisco Unified Communications Manager that is installed. Installing Cisco Unified Communications Manager 7.0 software automatically installs the following network services for serviceability and activates them by default: Cisco Log Partition Monitoring (to monitor and purge the common partition; no custom common port used) Cisco Trace Collection Service (see table for TCTS port usage) Cisco RIS Data Collector (see table for RIS server port usage) Cisco AMC Service (see table for AMC port usage) Configuration of firewalls, ACLs, or QoS will vary depending on topology, placement of telephony devices and services relative to the placement of network security devices, and which applications and telephony extensions are in use. Also, bear in mind that ACLs vary in format with different devices and versions. Note: You can also configure Multicast MOH ports in Cisco Unified CM Administration. Because the administrator specifies the actual port values, this document does not contain port values for multicast MOH.

Note: The Ephemeral (see tables below) port range for the system is 32768 61000.

2008 Cisco Systems, Inc. All right reserved. Page 1 of 12

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Rev 1.0

From
(Sender)

To
(Listener)

Dest. Port

Purpose

Intracluster Ports Between Cisco Unified Communications Managers

Endpoint Unified CM 514 / UDP System logging service

Unified CM

RTMT

1090, 1099 / TCP 1500, 1501 / TCP 1515 / TCP

Cisco AMC Service for RTMT performance monitors, data collection, logging, and alerting

Unified CM (DB) Unified CM (DB) Cisco Extended Functions (QRT) Unified CM

Unified CM (DB) Unified CM (DB)

Database connection (1501 / TCP is the secondary connection)

Database replication between nodes during installation

Unified CM (DB)

2552 / TCP

Allows subscribers to receive Cisco Unified Communications Manager database change notification

Unified CM

2551 / TCP 2555 / TCP 2556 / TCP 4040 / TCP 5007/ TCP 5555 / TCP Ephemeral / TCP 7000 then Ephemeral (Linux) / TCP

Intracluster communication between Cisco Extended Services for Active/Backup determination

Unified CM (RIS) Unified CM (RTMT/AMC / SOAP) Unified CM (DRF) Unified CM (Tomcat)

Unified CM (RIS) Unified CM (RIS) Unified CM (DRF) Unified CM (SOAP) License Manager Unified CM (TCTS) Unified CM (TCTS)

Real-time Information Services (RIS) database server

Real-time Information Services (RIS) database client for Cisco RIS

DRF Master Agent

SOAP monitor

Endpoint

License Manager to listen to license request

Unified CM (RTMT) Unified CM (Tomcat)

Cisco Trace Collection Tool Service (TCTS) -- the backend service for RTMT Trace & Log Central (TLC) This port is used for communication between Cisco Trace Collection Tool Service and Cisco Trace Collection servlet.

Copyright 2008 Cisco Systems, Inc. All rights reserved. Page 2 of 12

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Rev 1.0

Intracluster Ports Between Cisco Unified Communications Managers (continued)

Unified CM Certificate Manager Unified CM (CDLM) Unified CM (SDL) Unified CM (SDL) CMI Manager Unified CM (Tomcat) Unified CM (IPSec) Unified CM (RIS) 7070 / TCP Certificate Manager service

Unified CM (DB) Unified CM (SDL) Unified CM (SDL)

8001 / TCP

Client database change notification

8002 / TCP

Intracluster communication service

8003 / TCP

Intracluster communication service (to CTI)

Unified CM

8004 / TCP

Intracluster communication between Cisco Unified Communications Manager and CMI Manager

Unified CM (Tomcat) Unified CM (IPSec) Unified CM (RIS)

8005 / TCP

Internal listening port used by Tomcat shutdown scripts

8500 / TCP and UDP 8888 - 8889 / TCP

Intracluster replication of system data by IPSec Cluster Manager

RIS Service Manager status request and reply

Common Service Ports

Endpoint Unified CM Unified CM 7 Endpoint Internet Control Message Protocol (ICMP) This protocol number carries echo-related traffic. It does not constitute a port as indicated in the column heading.

Unified CM

Endpoint Unified CM (DNS Server) DNS Server Unified CM (DHCP Server)

22 / TCP

Secure FTP service, SSH access Cisco Unified Communications Manager acting as a DNS server or DNS client (Note: Cisco recommends that Cisco Unified Communications Manager not act as a DNS server and that all IP telephony applications and endpoints use static IP addresses instead of hostnames.) Cisco Unified Communications Manager acting as a DHCP server (Note: Cisco does not recommend running DHCP server on Cisco Unified Communications Manager.)

Endpoint Unified CM

Ephemeral / UDP

Endpoint

67 / UDP

Copyright 2008 Cisco Systems, Inc. All rights reserved. Page 3 of 12

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Rev 1.0

Common Service Ports (continued)

DHCP Server Cisco Unified Communications Manager acting as a DHCP client (Note: Cisco does not recommend running DHCP client on Cisco Unified Communications Manager. Configure Cisco Unified Communications Manager with static IP addresses instead.)

Unified CM

68 / UDP

Endpoint or Gateway

Unified CM NTP Server Unified CM Unified CM Unified CM Unified CM Unified CM Alternate TFTP Unified CM Unified CM Unified CM Unified CM Unified CM

69, 6969, then Ephemeral / UDP 123 / UDP

Trivial File Transfer Protocol (TFTP) service to phones and gateways

Unified CM

Network Time Protocol (NTP)

SNMP Server SNMP Server

161 / UDP

SNMP service response (requests from management applications)

199 / TCP

Native SNMP agent listening port for SMUX support

Unified CM

6161 / UDP

Used for communication between Master Agent and Native Agent to process Native agent MIB requests Used for communication between Master Agent and Native Agent to forward notifications generated from Native Agent

Unified CM

6162 / UDP

Unified CM

6666 / UDP

Netdump server

Centralized TFTP

6970 / TCP

Centralized TFTP File Locator Service

Unified CM

7161 / TCP

Used for communication between SNMP Master Agent and subagents

SNMP Server

7999 / TCP

Cisco Discovery Protocol (CDP) agent communicates with CDP executable

Service CRS requests through the TAPS residing on Cisco Unified

9050 / TCP Communications Manager Cisco Unified Communications Manager applications send out alarms to this port via UDP. Cisco Unified Communications Manager MIB agent listens on this port and generates SNMP traps per Cisco Unified Communications Manager MIB definition.

Unified CM

Unified CM

61441 / UDP

Unified CM

Ephemeral

Provide trunk-based SIP services

Copyright 2008 Cisco Systems, Inc. All rights reserved. Page 4 of 12

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Rev 1.0

Between Cisco Unified Communications Manager and LDAP Directory

Unified CM External Directory External Directory Unified CM Ephemeral/ TCP Lightweight Directory Access Protocol (LDAP) query to external directory (Active Directory, Netscape Directory)

Web Requests from CCMAdmin or CCMUser to Cisco Unified Communications Manager

Browser Unified CM 80, 8080 / TCP 443, 8443 / TCP Hypertext Transport Protocol (HTTP)

Browser

Unified CM

Hypertext Transport Protocol over SSL (HTTPS)

Web Requests from Cisco Unified Communications Manager to Phone

Unified CM
QRT RTMT Find and List Phones page Phone Configuration page

Phone

80 / TCP

Hypertext Transport Protocol (HTTP)

Signaling, Media, and Other Communication Between Phones and Cisco Unified Communications Manager
Phone Unified CM (TFTP) 69, then Ephemeral / UDP 8080 / TCP 2000 / TCP 2443 / TCP Trivial File Transfer Protocol (TFTP) used to download firmware and configuration files

Phone

Unified CM

Phone URLs for XML applications, authentication, directories, services, and so on. You can configure these ports on a per-service basis.

Phone

Unified CM

Skinny Client Control Protocol (SCCP)

Phone

Unified CM

Secure Skinny Client Control Protocol (SCCPS)

Copyright 2008 Cisco Systems, Inc. All rights reserved. Page 5 of 12

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Rev 1.0 Signaling, Media, and Other Communication Between Phones and Cisco Unified Communications Manager (continued)
Phone Phone Unified CM Phone Unified CM IP VMS Phone Unified CM (CAPF) Unified CM Phone Unified CM Phone Phone IP VMS 3804 / TCP 5060 / TCP and UDP Certificate Authority Proxy Function (CAPF) listening port for issuing Locally Significant Certificates (LSCs) to IP phones

Session Initiation Protocol (SIP) phone

5061 TCP and UDP

Secure Session Initiation Protocol (SIPS) phone

16384 32767 / UDP

Real-Time Protocol (RTP), Secure Real-Time Protocol (SRTP) (Note: Cisco Unified Communications Manager only uses 24576-32767 although other devices use the full range.)

Signaling, Media, and Other Communication Between Gateways and Cisco Unified Communications Manager
Gateway Unified CM Gateway Unified CM Unified CM 47, 50, 51 Gateway Unified CM 500 / UDP Gateway Unified CM (TFTP) 69, then Ephemeral / UDP 1719 / UDP Generic Routing Encapsulation (GRE), Encapsulating Security Payload (ESP), Authentication Header (AH). These protocols numbers carry encrypted IPSec traffic. They do not constitute a port as indicated in the column heading.

Internet Key Exchange (IKE) for IP Security protocol (IPSec) establishment

Gateway

Trivial File Transfer Protocol (TFTP)

Gatekeeper

Unified CM

Gatekeeper (H.225) RAS

Gateway Unified CM

Unified CM 1720 / TCP Gateway

H.225 signaling services for H.323 gateways and Intercluster Trunk (ICT)

Copyright 2008 Cisco Systems, Inc. All rights reserved. Page 6 of 12

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Rev 1.0

Signaling, Media, and Other Communication Between Gateways and Cisco Unified Communications Manager (continued)
Gateway Unified CM Gateway Unified CM Unified CM Gateway Unified CM Gateway Ephemeral / TCP H.225 signaling services on gatekeeper-controlled trunk

Ephemeral / TCP

H.245 signaling services for establishing voice, video, and data

Gateway

Unified CM

2000 / TCP

Skinny Client Control Protocol (SCCP)

Gateway

Unified CM

2001 / TCP

Upgrade port for 6608 gateways with Cisco Unified CM deployments

Gateway

Unified CM

2002 / TCP

Upgrade port for 6624 gateways with Cisco Unified CM deployments

Gateway

Unified CM

2427 / UDP

Media Gateway Control Protocol (MGCP) gateway control

Gateway

Unified CM

2428 / TCP

Media Gateway Control Protocol (MGCP) backhaul

Gateway Unified CM Gateway Unified CM Gateway Unified CM

Unified CM Gateway Unified CM Gateway Unified CM Gateway

5060 / TCP and UDP

Session Initiation Protocol (SIP) gateway and Intercluster Trunk (ICT)

5061 / TCP and UDP

Secure Session Initiation Protocol (SIPS) gateway and Intercluster Trunk (ICT)

16384 32767 / UDP

Real-Time Protocol (RTP), Secure Real-Time Protocol (SRTP) (Note: Cisco Unified Communications Manager only uses 24576-32767 although other devices use the full range.)

Copyright 2008 Cisco Systems, Inc. All rights reserved. Page 7 of 12

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Rev 1.0

Communication Between Applications and Cisco Unified Communications Manager

CTL Client Cisco Unified Communications App Cisco Unified Communications App Cisco Unified Communications App Unified CM Assistant Console Unified CM Attendant Console Unified CM Attendant Console Unified CM Attendant Console Unified CM Attendant Console Unified CM Attendant Console Unified CM Attendant Console Cisco Unified Communications App Unified CM CTL Provider Unified CM Unified CM Unified CM Unified CM Unified CM Unified CM 2444 / TCP Certificate Trust List (CTL) provider listening service in Cisco Unified Communications Manager

2748 / TCP

CTI application server

2749 / TCP

TLS connection between CTI applications (JTAPI/TSP) and CTIManager

2789 / TCP

JTAPI application server

2912 / TCP

Cisco Unified Communications Manager Assistant server (formerly IPMA) Cisco Unified Communications Manager Attendant Console (AC) JAVA RMI Registry server RMI server sends RMI callback messages to clients on these ports.

1103 -1129 / TCP

1101 / TCP

Unified CM

1102 / TCP

Attendant Console (AC) RMI server bind port -- RMI server sends RMI messages on these ports. Cisco Unified Communications Manager Attendant Console (AC) server line state port receives ping and registration message from, and sends line states to, the attendant console server. Cisco Unified Communications Manager Attendant Console (AC) clients register with the AC server for line and device state information. Cisco Unified Communications Manager Attendant Console (AC) clients register to the AC server for call control. AXL / SOAP API for programmatic reads from or writes to the Cisco Unified Communications Manager database that third parties such as billing or telephony management applications use.

Unified CM Unified CM Unified CM Unified CM

3223 / UDP

3224 / UDP

4321 / UDP

8443 / TCP

Communication Between CTL Client and Firewalls

CTL Client TLS Proxy Server 2444 / TCP Certificate Trust List (CTL) provider listening service in an ASA firewall

Copyright 2008 Cisco Systems, Inc. All rights reserved. Page 8 of 12

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Rev 1.0

Special Ports on HP Servers

Endpoint HP SIM 280 / TCP HTTP port to HP SIM

Endpoint

HP SIM

2301 / TCP 2381 / TCP 25375, 25376, 25393 / UDP 50000 50004 / TCP

HTTP port to HP agent

Endpoint

HP SIM

HTTPS port to HP agent

Endpoint

Compaq Mgmt Agent

COMPAQ Management Agent extension (cmaX)

Endpoint

HP SIM

HTTPS port to HP SIM

Copyright 2008 Cisco Systems, Inc. All rights reserved. Page 9 of 12

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Rev 1.0

Glossary
AXL / SOAP: Cisco Unified Communications XML Layer / Simple Object Access Protocol API that applications use to read from or write to the Cisco Unified Communications Manager database. CAPF: Certificate Authority Proxy Function Used to load X.509 digital certificates into IP phones. CDLM: Cisco Database Layer Monitor Used to synchronize the database with what is running in active memory. CTI: Computer Telephony Integration Provides a link between telephone systems and computers to facilitate incoming and outgoing call handling and control; the physical link between a telephone and server. CTL Client: Certificate Trust List Client Application that creates the Certificate Trust List that gets loaded into IP phones. This plug-in comes with Cisco Unified Communications Manager and can be run on any computer that a) has IP connectivity to all Cisco Unified Communications Managers in the cluster and b) has a USB port. DRF: Disaster Recovery Framework Ephemeral Ports: In virtually all cases, source ports are ephemeral, meaning random within a specified range. When an outgoing request is made, the application solicits the host device for a port from its ephemeral pool. In a few cases, the destination port is also ephemeral, meaning that both the source and destination ports are random. JTAPI: Java Telephony Application Program Interface Sun Microsystems telephony programming interface for Java. It provides a set of classes and interfaces that provide access to call control and telephony device control as well as media and administrative services. LDAP: Lightweight Directory Access Protocol Used to validate user credentials against the designated directory service. LDAPS: Lightweight Directory Access Protocol over TLS/SSL Used to validate user credentials against the designated directory service. IP VMS: Cisco IP Voice Media Streaming Application Used for music on hold, annunciator, conference bridge, media termination point (MTP), and so on. RIS: Real-Time Information Services database Used by the Real-Time Monitoring Tool (RTMT) in the Serviceability application. RTMT: Real-Time Monitoring Tool SDL: Signal Distribution Layer Link Used for intracluster communications. SOAP: Simple Object Access Protocol TCTS: Trace Collection Tool Service The backend service for RTMT Trace & Log Central (TLC) TFTP: Trivial File Transfer Protocol Used to load firmware and configurations into phones, gateways, and so on. Tomcat: Web server

Copyright 2008 Cisco Systems, Inc. All rights reserved. Page 10 of 12

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Rev 1.0

References
Firewall Application Inspection Guides ASA Series
http://www.cisco.com/en/US/products/ps6120/tsd_products_support_series_home.html

PIX 6.3 Application Inspection Configuration Guide

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/fixup.html

PIX 7.1 Application Inspection Configuration Guide

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/inspect.html

FWSM 3.1 Application Inspection Configuration Guide

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/inspct_f.html

IOS 12.4 Configuring Context-Based Access Control

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804a41c5.html

IOS 12.4 Configuring IP Access Lists

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080430e5b.html

IP Telephony Configuration and Port Utilization Guides Cisco CRS 4.0 (IP IVR and IPCC Express) Port Utilization Guide
http://www.cisco.com/en/US/products/sw/custcosw/ps1846/products_installation_and_configuration_guides_list.html

Port Utilization Guide for Cisco ICM/IPCC Enterprise and Hosted Editions
http://www.cisco.com/en/US/products/sw/custcosw/ps1001/products_installation_and_configuration_guides_list.html

Cisco ICM / IPCC Enterprise and Hosted Editions 7.0(0) Port Utilization Guide
http://www.cisco.com/application/pdf/en/us/guest/products/ps1001/c1067/ccmigration_09186a00805abe34.pdf

Cisco Unified Communications Manager Express Security Guide to Best Practices

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e30.html

Cisco Unity Express Security Guide to Best Practices

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e31.html#wp41149

IETF TCP/UDP Port Assignment List Internet Assigned Numbers Authority (IANA) IETF assigned Port List
http://www.iana.org/assignments/port-numbers

Copyright 2008 Cisco Systems, Inc. All rights reserved. Page 11 of 12

Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Rev 1.0

Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100

European Headquarters Cisco Systems International BV Haarlerbergpark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands www-europe.cisco.com Tel: 31 0 20 357 1000 Fax: 31 0 20 357 1100

Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883

Asia Pacific Headquarters Cisco Systems, Inc. 168 Robinson Road #28-01 Capital Tower Singapore 068912 www.cisco.com Tel: +65 6317 7777 Fax: +65 6317 7799

Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices. Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia Cyprus Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0805R) Cisco Unified Communications Manager 7.0 TCP and UDP Port Usage Copyright 2008 Cisco Systems, Inc. All rights reserved.

Copyright 2008 Cisco Systems, Inc. All rights reserved. Page 12 of 12