Document ID: 113344
Updated: Dec 09, 2011
Contents
Introduction
This document provides information about protocols and port numbers used across the entire product series as they interact in a comprehensive Cisco Unified Wireless Network (CUWN) deployment. This information is based on software version 7.0.220.0 series code release train. This information is not meant to replace or supersede specific product documentation found in existing configuration guides, but only as a consolidated listing of information available at the time this document was created.
Prerequisites
Requirements
Cisco recommends that you have knowledge of Cisco Unified Wireless Solution.
Components Used
This document applies to the entire product series as they interact in a comprehensive CUWN deployment.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Background Information
The main purpose of this document is to provide a consolidated listing of communication protocols that incorporate a CUWN solution. Goals are to implement appropriate firewall and security policies based on this information to properly secure the CUWN infrastructure.
Network Overview
Tables in this document:
| WCS Protocols | ||||
|---|---|---|---|---|
| Source Device | Destination Device | Protocol | Destination Port | Description |
| WCS | WLC and MSE | TCP | 21 | FTP - Used to transfer files to/from devices |
| Various Management Stations | WCS Host Server OS-Linux | TCP | 22 | SSH - Used for remote Linux Host Access |
| WCS | aIOS AP | TCP | 23 | Telnet - Used for aIOS AP Configuration |
| WCS | SMTP mail servers | TCP | 25 | SMTP – used for fault notifications |
| AAA Servers | WCS | TCP/UDP | 49 | TACACS+ |
| WCS | aIOS AP | UDP | 53 | DNS – used for aIOS AP Configuration |
| WLC | WCS | UDP | 69 | TFTP - Used to transfer files to/from devices |
| Various Management Stations | WCS | TCP | 80 | HTTP (Configurable at install time) |
| NTP Server | WLC | UDP | 123 | NTP |
| WLC and MSE | WCS | UDP | 161 | SNMP discovery, inventory aIOS AP and others |
| WLC and MSE | WCS | UDP | 162 | SNMP Trap Receiver |
| Various Management Stations | WCS | TCP | 443 | HTTPS (Configurable at install time) |
| MSE | WCS | TCP | 443 | SOAP/XML (Simple Object Access Protocol Used for MSE Management |
| WLC | WCS | UDP | 514 | Syslog (Optional) |
| Local only | WCS | TCP | 1299 | RMI Registry port (local only) |
| Various and HA Server | WCS | TCP | 1315 | Database Server HA(QOS) |
| WCS HA Server | WCS | TCP | 1316-1320 | HA DB Ports |
| AAA Servers | WCS | UDP | 1812 / 1645 | Radius |
| AAA Servers | WCS | UDP | 1813 / 1646 | Radius |
| Various Management Stations | WCS Host Server OS-Windows | TCP / UDP | 3389 | RDP - Windows Remote Desktop (Optional) |
| Various | WCS | TCP | 5001 | Apache Axis SOAP Monitoring: Java Listener |
| Various Management Stations | WCS Host Server OS-Windows | TCP | 5500 | VNC - (Optional) Used for remote Windows Host Access |
| Various Management Stations | WCS Host Server OS-Windows | TCP | 5800 | VNC - (Optional) Used for remote Windows Host Access |
| Various Management Stations | WCS Host Server OS-Windows | TCP / UDP | 5900 | VNC - (Optional) Used for remote Windows Host Access |
| Local only | WCS | TCP | 6789 | RmiServer Port (local only) |
| MSE-Location Appliance | WCS | TCP | 8001 | Location Server Data Sync. Communication Port |
| Local only | WCS | TCP | 8005 | Tomcat Shutdown Port |
| Local only | WCS | TCP | 8009 | Web Server / Java Server Connector (local only) |
| HA Web Server | WCS | TCP | 8082 | HA Web Server Port: Health Monitor for WCS HA |
| Various Management Stations | WCS | TCP | 8456 | HTTP Connector |
| Various Management Stations | WCS | TCP | 8457 | HTTP Redirect |
| Various Management Stations | WCS | TCP | 16113 | LOCP TLS Port |
| WLC | WCS | UDP | 29001-29005 | TFTP Child threads |
| Various | AP | ICMP | ICMP - Optional | |
| MSE - AwIPS Protocols | ||||
|---|---|---|---|---|
| Source Device | Destination Device | Protocol | Destination Port | Description |
| WCS | MSE | TCP | 21 | FTP - Used to transfer files to/from devices |
| Various Management Stations | MSE Host Server OS-Linux | TCP | 22 | SSH - Used for remote Linux Host Access |
| WCS | MSE | TCP | 80 | HTTP (Configurable at install time) |
| NTP Server | WLC | UDP | 123 | NTP |
| WCS | MSE | UDP | 161 | SNMP |
| MSE | WCS | UDP | 162 | SNMP Trap Receiver |
| WCS | MSE | TCP | 443 | HTTPS (Configurable at install time) |
| WCS | MSE | TCP | 443 | SOAP/XML (Simple Object Access Protocol |
| WCS | MSE | TCP | 8001 | HTTPS (Configurable at install time) |
| WLC | MSE and Spectrum Expert | TCP | 16113 | NMSP (Network Mobility Services Protocol) |
| Various | AP | ICMP | ICMP - Optional | |
| MSE – Context-Aware and AwIPS Protocols | ||||
|---|---|---|---|---|
| Source Device | Destination Device | Protocol | Destination Port | Description |
| WCS | MSE | TCP | 21 | FTP - Used to transfer files to/from devices |
| Various Management Stations | MSE Host Server OS-Linux | TCP | 22 | SSH - Used for remote Linux Host Access |
| WCS | MSE | TCP | 80 | HTTP (Configurable at install time) |
| NTP Server | WLC | UDP | 123 | NTP |
| WCS | MSE | UDP | 161 | SNMP |
| MSE | WCS | UDP | 162 | SNMP Trap Receiver |
| WCS | MSE | TCP | 443 | HTTPS (Configurable at install time) |
| WCS | MSE | TCP | 443 | SOAP/XML (Simple Object Access Protocol |
| WCS | MSE | TCP | 8001 | HTTPS (Configurable at install time) |
| WLC and Catalyst LAN Switches | MSE and Spectrum Expert | TCP | 16113 | NMSP (Network Mobility Services Protocol) |
| Various | AP | ICMP | ICMP - Optional | |
| WLC Protocols | ||||
|---|---|---|---|---|
| Source Device | Destination Device | Protocol | Destination Port | Description |
| WCS | WLC | TCP | 21 | FTP - Used to transfer files to/from devices |
| WCS and Various Management Stations | WLC | TCP | 22 | SSH - Used for remote Management (optional) |
| WCS and Various Management Stations | WLC | TCP | 23 | Telnet - Used for remote Management (optional) |
| AAA Servers | WLC | TCP/UDP | 49 | TACACS+ |
| WCS and Various Management Stations | WLC | UDP | 69 | TFTP - Used to transfer files to/from devices |
| Various Management Stations | WLC | TCP | 80 | HTTP (Configurable at install time) |
| WLC | WLC | TCP | 91 | |
| WLC Mobility Group members | WLC | EoIP IP Protocol 97 | EoIP IP Protocol 97 | EoIP Tunnel - Client Anchor/Tunneling traffic |
| NTP Server | WLC | UDP | 123 | NTP |
| WCS | WLC | UDP | 161 | SNMP |
| WCS | WLC | UDP | 162 | SNMP Trap Receiver |
| Various Management Stations | WLC | TCP | 443 | HTTPS (Configurable at install time) |
| WLC and Various Syslog Servers | WLC | UDP | 514 | Syslog (Optional) |
| AAA Servers | WLC | UDP | 1812 / 1645 | Radius |
| AAA Servers | WLC | UDP | 1813 / 1646 | Radius |
| AP | WLC | UDP | 6352 | RDLP |
| Various Management Stations (MSE, Spectrum Expert) | WLC | TCP | 16113 | LOCP TLS Port NMSP (Network Mobility Services Protocol) |
| WLC | WLC | UDP | 16666 | Mobility - non-secured |
| WLC | WLC | UDP | 16667 | Mobility – secured ** In release. 5.2+ feature was removed |
| AP | WLC | UDP | 5246-5247 | CAPWAP Ctl/Data |
| AP | WLC | UDP | 5248 | CAPWAP Mcast. |
| AP | WLC | UDP | 12222-12223 | LWAPP Ctl/Data |
| AP | WLC | UDP | 12224 | LWAPP Mcast. |
| Various | AP | ICMP | ICMP – Optional | |
| AP CAPWAP-LWAPP Protocols | ||||
|---|---|---|---|---|
| Source Device | Destination Device | Protocol | Destination Port | Description |
| Various | AP | UDP | 69 | TFTP - used for remote code update |
| Various | AP | TCP | 22 | SSH - used for optional remote troubleshooting access. Can be administratively disabled. |
| Various | AP | TCP | 23 | Telnet - used for optional remote troubleshooting access. Can be administratively disabled. |
| AP | DNS Server | TCP/UDP | 53 | DNS |
| AP | DHCP Server | UDP | 68 | DHCP |
| AP | Various | UDP | 514 | Syslog - Destination configurable. Default is 255.255.255.255 |
| WLC | AP | UDP | 11024 - 65535 | CAPWAP Ctl/Data |
| WLC | AP | UDP | 5248 | CAPWAP Mcast. |
| AP | WLC | UDP | 6352 | RDLP |
| WLC | AP | UDP | 12222-12223 | LWAPP Ctl/Data |
| WLC | AP | UDP | 12224 | LWAPP Mcast. |
| AP | Monitor PC | TCP | 37540 for 2.4 GHz 37550 for 5GHz | Network Spectrum Interface (NSI) Protocol for SE-Connect |
| Various | AP | ICMP | ICMP – Optional | |
1 - Arbitrary port number is assigned to every AP from range 1024 - 65535 when the AP joins the WLC. The WLC uses the number as the Destination Port for CAPWAP Ctl/Data as long as the AP is connected.
| AP CAPWAP-LWAPP Protocols | ||||
|---|---|---|---|---|
| Source Device | Destination Device | Protocol | Destination Port | Description |
| WLC | AP | UDP | 5246-5247 | CAPWAP Ctl/Data |
Related Information
Open a Support Case 
(Requires a Cisco Service Contract.)
Related Cisco Support Community Discussions
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.