Nokia recommends using a strict CPM management access filter that allows traffic from trusted IP subnets for protocols and ports actively used in the router and explicitly drops other traffic.
The following table identifies the protocols and TCP/UDP ports used per application on 7210 SAS platforms. The source port and destination port reflect the CPM management access filter entry configuration for traffic that is ingressing the router and is sent to the CPM.
Out-of-band management ports are not supported on the 7210 SAS platforms as described in this guide.
TCP/UDP port number |
IP protocol |
Application description |
Protocols and ports available for in-band and out-of-band management on 7210 SAS platforms |
|||||
---|---|---|---|---|---|---|---|---|
Source |
Destination |
SAS-D |
SAS-Dxp |
SAS-K 2F2C2T |
SAS-K 2F6C4T |
SAS-K 3SFP+ 8C |
||
In-band |
In-band |
In-band |
In-band |
In-band |
||||
BFD application |
||||||||
3784 |
UDP |
BFD control 1 hop BFD |
✓ |
✓ |
||||
3785 |
UDP |
BFD echo |
✓ |
✓ |
||||
4784 |
UDP |
BFD control multi-hop |
✓ |
✓ |
||||
BGP application |
||||||||
179 |
TCP |
BGP: server terminated TCP sessions |
✓ |
✓ |
||||
179 |
TCP |
BGP: client responses for initiated TCP session |
✓ |
✓ |
||||
DHCPv4 application |
||||||||
67 |
67 |
UDP |
DHCPv4: relay agent to server; server to relay agent; relay agent to relay agent |
✓ |
✓ |
✓ |
✓ |
✓ |
68 |
67 |
UDP |
DHCPv4: client to relay agent; client to server |
✓ |
✓ |
✓ |
✓ |
✓ |
67 |
68 |
UDP |
DHCPv4: relay agent to server; relay agent to client |
✓ |
✓ |
✓ |
✓ |
✓ |
DHCPv6 application |
||||||||
546 |
547 |
UDP |
DHCPv6: client to server; client to relay agent |
✓ |
✓ |
|||
547 |
546 |
UDP |
DHCPv6: server to relay agent; relay agent to server; relay agent to relay agent |
✓ |
✓ |
|||
DNS application |
||||||||
53 |
UDP |
DNS Client |
✓ |
✓ |
✓ |
✓ |
✓ |
|
FTP application |
||||||||
20 |
TCP |
FTP server data and active FTP client |
✓ |
✓ |
✓ |
✓ |
✓ |
|
21 |
TCP |
FTP server control |
✓ |
✓ |
✓ |
✓ |
✓ |
|
20 |
TCP |
FTP client data |
✓ |
✓ |
✓ |
v |
✓ |
|
21 |
TCP |
FTP client control |
✓ |
✓ |
✓ |
✓ |
✓ |
|
GRE application |
||||||||
N/A |
N/A |
GRE |
GRE |
✓ |
✓ |
|||
ICMP application |
||||||||
N/A |
N/A |
ICMP |
ICMP |
✓ |
✓ |
✓ |
✓ |
✓ |
IGMP application |
||||||||
N/A |
N/A |
IGMP |
IGMP |
✓ |
✓ |
✓ |
✓ |
✓ |
LDP application |
||||||||
646 |
UDP |
LDP hello adjacency |
✓ |
✓ |
||||
646 |
TCP |
LDP/T-LDP: terminated TCP sessions |
✓ |
✓ |
||||
646 |
TCP |
LDP/T-LDP: responses for initiated TCP sessions |
✓ |
✓ |
||||
MC-APS application |
||||||||
1025 |
UDP |
Multi-chassis LAG |
✓ |
✓ |
||||
MCS application |
||||||||
45067 |
TCP |
Multi-chassis synchronization: terminated TCP session |
✓ |
✓ |
||||
45067 |
TCP |
Multi-chassis synchronization: responses for initiated TCP session |
✓ |
✓ |
||||
NETCONF application |
||||||||
830 |
TCP |
NETCONF |
✓ |
✓ |
||||
NTP application |
||||||||
123 |
UDP |
NTP server |
✓ |
✓ |
✓ |
✓ |
✓ |
|
123 |
UDP |
NTP client |
✓ |
✓ |
✓ |
✓ |
✓ |
|
OAM application |
||||||||
3503 |
UDP |
LSP ping |
✓ |
✓ |
||||
33408 to 33535 |
UDP |
OAM traceroute |
✓ |
✓ |
||||
OSPF application |
||||||||
N/A |
N/A |
OSPF |
OSPF |
✓ |
✓ |
|||
PCEP application |
||||||||
4189 |
TCP |
Path Computation Element Protocol (PCEP) |
✓ |
✓ |
||||
PIM application |
||||||||
3232 |
UDP |
PIM MDT |
✓ |
✓ |
||||
N/A |
N/A |
PIM |
PIM |
✓ |
✓ |
|||
PTP application |
||||||||
319 |
UDP |
1588 PTP event |
✓ |
✓ |
✓ |
✓ |
✓ |
|
320 |
UDP |
1588 PTP general |
✓ |
✓ |
✓ |
✓ |
✓ |
|
RADIUS application |
||||||||
1812 |
UDP |
Radius authentication |
✓ |
✓ |
✓ |
✓ |
✓ |
|
1813 |
UDP |
Radius accounting |
✓ |
✓ |
✓ |
✓ |
✓ |
|
RSVP application |
||||||||
N/A |
N/A |
RSVP |
RSVP |
✓ |
✓ |
|||
SNMP application |
||||||||
161 |
UDP |
SNMP server; SET and GET commands |
✓ |
✓ |
✓ |
✓ |
✓ |
|
SSH application |
||||||||
22 |
TCP |
SSH server and terminated TCP session |
✓ |
✓ |
✓ |
✓ |
✓ |
|
22 |
TCP |
SSH client and responses for initiated TCP sessions |
✓ |
✓ |
✓ |
✓ |
✓ |
|
TACACS application |
||||||||
49 |
TCP |
TACACS client and responses for initiated TCP sessions |
✓ |
✓ |
✓ |
✓ |
✓ |
|
TELNET application |
||||||||
23 |
TCP |
TELNET server |
✓ |
✓ |
✓ |
✓ |
✓ |
|
TWAMP application |
||||||||
862 |
TCP |
TWAMP control: terminated TCP session |
✓ |
✓ |
✓ |
✓ |
✓ |
|
Any |
UDP |
TWAMP test |
✓ |
✓ |
✓ |
✓ |
✓ |
|
1 to 65535 |
UDP |
TWAMP light (per router instance) |
✓ |
✓ |
✓ |
✓ |
||
VRRP application |
||||||||
N/A |
N/A |
VRRP |
VRRP |
✓ |
✓ |