Port Usage

Marcelo Zanata
Intracluster Ports Between CUCMs

From (Sender) To (Listener)

Des Port

Purpouse

Endpoint
CUCM
CUCM
RTMT
CUCM (DB)
CUCM (DB)
CUCM (DB)
CUCM (DB)
Cisco Extended
CUCM (DB)
Functions (QRT)
CUCM
CUCM
CUCM (RIS)
CUCM (RIS)
CUCM
CUCM (RIS)
(RTMT/AMC/SOAP)
CUCM (DRF)
CUCM (DRF)
CUCM (Tomcat)
CUCM (SOAP)
Endpoint
License Manager

514/udp
1090,1099/tcp
1500,1501/tcp
1515/tcp

System Logging Service

Cisco AMC Service for RTMT performance monitors, data collection, logging, and alerting
Database connection (1501/tcp is the secondary connection)
Database replication between nodes during installation

2552/tcp

Allows subscribers to receive CUCM database change notification

2551/tcp
2555/tcp

Intracluster communication between Cisco Extended Services for Active/Backup determination

Real-time Information Services (RIS) database server

2556/tcp

Real-time Information Services (RIS) database client for Cisco RIS

4040/tcp
5007/tcp
5555/tcp

CUCM (RTMT)

CUCM (TCTS)

Ephemeral/tcp

DRF Master Agent

SOAP monitor
License Manager to listen to license request
Cisco Trace Collection Tool Service (TCTS) -- the backend service for RTMT Trace & Log Central
(TLC)

CUCM (Tomcat)

CUCM (TCTS)

CUCM
CUCM (DB)
CUCM (SDL)
CUCM (SDL)
CUCM
CUCM (Tomcat)
CUCM (IPSec)
CUCM (RIS)

7000 then
Ephemeral
(Linux)/tcp
Certificate Manager 7070/tcp
CUCM (CDLM)
8001/tcp
CUCM (SDL)
8002/tcp
CUCM (SDL)
8003/tcp
CMI Manager
8004/tcp
CUCM (Tomcat)
8005/tcp
CUCM (IPSec)
8500/tcp,udp
CUCM (RIS)
8888-8889/tcp

This port is used for communication between Cisco Trace Collection Tool Service and Cisco Trace
Collection servlet.
Certificate Manager service
Client database change notification
Intracluster communication service
Intracluster communication service (to CTI)
Intracluster communication between CUCM and CMI Manager
Internal listening port used by Tomcat shutdown scripts
Intracluster replication of system data by IPSec Cluster Manager
RIS Service Manager status request and reply

Common Service Ports

From (Sender) To (Listener)
Endpoint
CUCM
CUCM
Endpoint
CUCM

Des Port

Purpouse

CUCM
Endpoint or
Gateway
CUCM
SNMP Server
SNMP Server

CUCM
7
Endpoint
Endpoint
22/tcp
CUCM (DNS Server)
Ephemeral/udp
DNS Server
CUCM (DHCP
67/udp
Server)
DHCP Server
68/udp
69, 6969, then
CUCM
Ephemeral/udp
NTP Server
123/udp
CUCM
161/udp
CUCM
199/tcp

CUCM

CUCM

6161/udp

CUCM

CUCM

6162/udp

CUCM
Centralized TFTP
CUCM
SNMP Server
CUCM

CUCM
Alternate TFTP
CUCM
CUCM
CUCM

6666/udp
6970/tcp
7161/tcp
7999/tcp
9050/tcp

CUCM

CUCM

61441/udp

CUCM

CUCM

Ephemeral

Endpoint

Internet Control Message Protocol (ICMP) This protocol number carries echo-related traffic. It does
not constitute a port as indicated in the column heading.
Secure FTP service, SSH access
CUCM acting as a DNS server or DNS client
CUCM acting as a DHCP server (Note: Cisco does not recommend running DHCP server on CUCM.)
CUCM acting as a DHCP client
Trivial File Transfer Protocol (TFTP) service to phones and gateways
Network Time Protocol (NTP)
SNMP service response (requests from management applications)
Native SNMP agent listening port for SMUX support
Used for communication between Master Agent and Native Agent to process Native agent MIB
requests
Used for communication between Master Agent and Native Agent to forward notifications
generated from Native Agent
Netdump server
Centralized TFTP File Locator Service
Used for communication between SNMP Master Agent and subagents
Cisco Discovery Protocol (CDP) agent communicates with CDP executable
Service CRS requests through the TAPS residing on CUCM
CUCM applications send out alarms to this port via UDP. CUCM MIB agent listens on this port and
generates SNMP traps per CUCM MIB definition.
Provide trunk-based SIP services

Between CUCM and LDAP Directory

From (Sender) To (Listener)
CUCM
External Directory
CUCM
CUCM

Des Port

External Directory
Ephemeral/ tcp
CUCM
LDAP Server
3268/???
LDAP Server
389

Purpouse
Lightweight Directory Access Protocol
Microsoft AD Global Catalog Search
Subtree specific search (LDAP Default Port)

Web Requests from CCMAdmin or CCMUser to CUCM

From (Sender)To (Listener) Des Port
Purpouse
CUCM
QRT
RTMT
Find and List
Phones page
Phone

Phone

80/tcp

Hypertext Transport Protocol (HTTP)

Port Usage

Marcelo Zanata

Configuration
page

Signaling, Media, and Other Communication Between Phones and CUCM

From (Sender) To (Listener)

Des Port

Purpouse

Phone

CUCM (TFTP)

69, Ephemeral/udp Trivial File Transfer Protocol (TFTP) used to download firmware and configuration files

Phone

CUCM

8080/tcp

Phone
Phone

CUCM
CUCM

2000/tcp
2443/tcp

Phone

CUCM (CAPF)

3804/tcp

Phone

CUCM

CUCM
Phone
CUCM

Phone
CUCM
Phone

IP VMS

Phone

Phone

IP VMS

Phone URLs for XML applications, authentication, directories, services, and so on. You can
configure these ports on a per-service basis.
Skinny Client Control Protocol (SCCP)
Secure Skinny Client Control Protocol (SCCPS)
Certificate Authority Proxy Function (CAPF) listening port for issuing Locally Significant Certificates
(LSCs) to IP phones

5060/tcp,udp

Session Initiation Protocol (SIP) phone

5061/tcp,udp

Secure Session Initiation Protocol (SIPS) phone

16384 - 32767/udp

Real-Time Protocol (RTP), Secure Real-Time Protocol (SRTP) (Note: CUCM only uses 24576-32767
although other devices use the full range.)

Signaling, Media, and Other Communication Between Gateways and CUCM

From (Sender) To (Listener)
Gateway

Des Port

Purpouse

47, 50, 51

Generic Routing Encapsulation (GRE), Encapsulating Security Payload (ESP), Authentication Header
(AH). These protocols numbers carry encrypted IPSec traffic. They do not constitute a port as
indicated in the column heading.

500/udp

Internet Key Exchange (IKE) for IP Security protocol (IPSec) establishment

CUCM

CUCM

Gateway

Gateway
CUCM

CUCM
Gateway

Gateway

CUCM (TFTP)

Gatekeeper
Gateway
CUCM
Gateway
CUCM
Gateway
CUCM
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
CUCM
Gateway
CUCM
Gateway
CUCM

CUCM
CUCM
Gateway
CUCM
Gateway
CUCM
Gateway
CUCM
CUCM
CUCM
CUCM
CUCM
CUCM
CUCM
Gateway
CUCM
Gateway
CUCM
Gateway

69, then
Ephemeral/udp
1719/udp
1720/tcp
Ephemeral/tcp
Ephemeral/tcp

Trivial File Transfer Protocol (TFTP)

Gatekeeper (H.225) RAS
H.225 signaling services for H.323 gateways and Intercluster Trunk (ICT)
H.225 signaling services on gatekeeper-controlled trunk
H.245 signaling services for establishing voice, video, and data

2000/tcp
2001 /tcp
2002 /tcp
2427/udp
2428/tcp
2727/tcp

Skinny Client Control Protocol (SCCP)

Upgrade port for 6608 gateways with Cisco CUCM deployments
Upgrade port for 6624 gateways with Cisco CUCM deployments
Media Gateway Control Protocol (MGCP) gateway control
Media Gateway Control Protocol (MGCP) backhaul
Media Gateway Control Protocol (MGCP) backhaul

5060/tcp ,udp

Session Initiation Protocol (SIP) gateway and Intercluster Trunk (ICT)

5061/tcp ,udp

Secure Session Initiation Protocol (SIPS) gateway and Intercluster Trunk (ICT)

16384 - 32767/udp

Real-Time Protocol (RTP), Secure Real-Time Protocol (SRTP) (Note: CUCM only uses 24576-32767
although other devices use the full range.)

Signaling, Media, and Other Communication Between Phones and CUCM

From (Sender) To (Listener)

Des Port

CTL Client
CUCM CTL Provider 2444/tcp
Unified Comm. App CUCM
2748/tcp
Unified Comm. App CUCM
2749/tcp
Unified Comm. App CUCM
2789/tcp
CUCM Assistant
CUCM
2912/tcp
Console
CUCM Attendant CUCM
1103 -1129/tcp
Console
CUCM Attendant CUCM
1101/tcp
Console
CUCM Attendant CUCM
1102/tcp
Console
CUCM Attendant CUCM
3223/udp
Console
CUCM Attendant CUCM
3224/udp
Console
CUCM Attendant CUCM
4321/udp
Console

Purpouse
Certificate Trust List (CTL) provider listening service in CUCM
CTI application server
TLS connection between CTI applications (JTAPI/TSP) and CTIManager
JTAPI application server
CUCM Assistant server (formerly IPMA)
CUCM Attendant Console (AC) JAVA RMI Registry server
RMI server sends RMI callback messages to clients on these ports.
Attendant Console (AC) RMI server bind port -- RMI server sends RMI messages on these ports.
CUCM Attendant Console (AC) server line state port receives ping and registration message from,
and sends line states to, the attendant console server.
CUCM Attendant Console (AC) clients register with the AC server for line and device state
information.
CUCM Attendant Console (AC) clients register to the AC server for call control.

Port Usage
Cisco Unified
Communications
App

Marcelo Zanata
CUCM

8443/tcp

AXL / SOAP API for programmatic reads from or writes to the CUCM database that third parties
such as billing or telephony management applications use.

Sender

Listener

Communication Between CTL Client and Firewalls

Dest Port
Purpouse

CTL Client

TLS Proxy Server

2444/tcp

Sender

Listener

Dest Port

Endpoint
Endpoint
Endpoint

Endpoint

HP SIM
HP SIM
HP SIM
Compaq Mgmt
Agent
HP SIM

280/tcp
2301/tcp
2381/tcp
25375, 25376,
25393/udp
50000 - 50004/tcp

Sender

Listener

CUVA
Endpoint

Endpoint
CUVA

Endpoint

Certificate Trust List (CTL) provider listening service in an ASA firewall

Special Ports on HP Servers

Purpouse
HTTP port to HP SIM
HTTP port to HP agent
HTTPS port to HP agent
COMPAQ Management Agent extension (cmaX)
HTTPS port to HP SIM

Communication Between IP Phone and Cisco VT Advantage

Dest Port
Purpouse
4224/tcp

Ephemeral = port range from 32768 to 61000

Tunnel (CAST) traffic between Video Advantage and IP Phone