Nokia recommends using a strict CPM management access filter policy allowing traffic from trusted IP subnets for protocols and ports actively used in the router and to explicitly drop other traffic.
The following table identifies the protocols and TCP/UDP ports used per application on 7210 SAS platforms. The source port and destination port reflect the CPM management access filter entry configuration for traffic ingressing the router and sent to the CPM.
| TCP/UDP port number | IP protocol | Application description | Protocols and ports available for in-band and out-of-band management on 7210 SAS platforms | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Source | Destination | SAS-T (network mode) | SAS-T (access-uplink mode) | SAS-MXP | SAS-R6 and SAS-R12 | SAS-Sx/S 1/10GE | SAS-Sx 10/100GE | ||||||||
| In-band | Out-of-band | In-band | Out-of-band | In-band | Out-of-band | In-band | Out-of-band | In-band | Out-of-band | In-band | Out-of-band | ||||
| BFD application | |||||||||||||||
3784 |
UDP |
BFD control 1 hop BFD |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
3785 |
UDP |
BFD echo |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
4784 |
UDP |
BFD control multi-hop |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
6784 |
UDP |
Micro-BFD |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
| BGP application | |||||||||||||||
179 |
TCP |
BGP: server terminated TCP sessions |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
179 |
TCP |
BGP: client responses for initiated TCP session |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
Cflowd application |
|||||||||||||||
1025 to 65535 |
UDP |
✓ |
✓ |
✓ |
✓ |
||||||||||
| DHCPv4 application | |||||||||||||||
67 |
67 |
UDP |
DHCPv4: relay agent to server; server to relay agent; relay agent to relay agent |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||
68 |
67 |
UDP |
DHCPv4: client to relay agent; client to server |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||
67 |
68 |
UDP |
DHCPv4: relay agent to server; relay agent to client |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||
| DHCPv6 application | |||||||||||||||
546 |
547 |
UDP |
DHCPv6: client to server; client to relay agent |
✓ |
|||||||||||
547 |
546 |
UDP |
DHCPv6: server to relay agent; relay agent to server; relay agent to relay agent |
✓ |
|||||||||||
| DNS application | |||||||||||||||
53 |
UDP |
DNS Client |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
| FTP application | |||||||||||||||
20 |
TCP |
FTP server data and active FTP client |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
21 |
TCP |
FTP server control |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
20 |
TCP |
FTP client data |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
21 |
TCP |
FTP client control |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
| GRE application | |||||||||||||||
N/A |
N/A |
GRE |
GRE |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
| ICMP application | |||||||||||||||
N/A |
N/A |
ICMP |
ICMP |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
| IGMP application | |||||||||||||||
N/A |
N/A |
IGMP |
IGMP |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||
| LDP application | |||||||||||||||
646 |
UDP |
LDP hello adjacency |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
646 |
TCP |
LDP/T-LDP: terminated TCP sessions |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
646 |
TCP |
LDP/T-LDP: responses for initiated TCP sessions |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
| MC-APS application | |||||||||||||||
1025 |
UDP |
Multi-chassis LAG |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
| MCS application | |||||||||||||||
45067 |
TCP |
Multi-chassis synchronization: terminated TCP session |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
45067 |
TCP |
Multi-chassis synchronization: responses for initiated TCP session |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
| NETCONF application | |||||||||||||||
830 |
TCP |
NETCONF |
✓ |
||||||||||||
| NTP application | |||||||||||||||
123 |
UDP |
NTP server |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
123 |
UDP |
NTP client |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
| OAM application | |||||||||||||||
3503 |
UDP |
LSP ping |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
33408 to 33535 |
UDP |
OAM traceroute |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
| OSPF application | |||||||||||||||
N/A |
N/A |
OSPF |
OSPF |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
| PCEP application | |||||||||||||||
4189 |
TCP |
Path Computation Element Protocol (PCEP) |
✓ |
✓ |
✓ |
✓ |
|||||||||
| PIM application | |||||||||||||||
3232 |
UDP |
PIM MDT |
✓ |
✓ |
✓ |
✓ |
✓ |
||||||||
N/A |
N/A |
PIM |
PIM |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
| PTP application | |||||||||||||||
319 |
UDP |
1588 PTP event |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
320 |
UDP |
1588 PTP general |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
| RADIUS application | |||||||||||||||
1812 |
UDP |
Radius authentication |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
1813 |
UDP |
Radius accounting |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
| RIP application | |||||||||||||||
520 |
UDP |
RIP (only on SAS-Mxp) |
✓ |
||||||||||||
| RSVP application | |||||||||||||||
N/A |
N/A |
RSVP |
RSVP |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
| SSH application | |||||||||||||||
22 |
TCP |
SSH server and terminated TCP session |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
22 |
TCP |
SSH client and responses for initiated TCP sessions |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
| SNMP application | |||||||||||||||
161 |
UDP |
SNMP server; SET and GET commands |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
| TACACS application | |||||||||||||||
49 |
TCP |
TACACS client and responses for initiated TCP sessions |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
| TELNET application | |||||||||||||||
23 |
TCP |
TELNET server |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|
| TWAMP application | |||||||||||||||
862 |
TCP |
TWAMP control: terminated TCP session |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
Any |
UDP |
TWAMP test |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
1 to 65535 |
UDP |
TWAMP light (per router instance) |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||
| VRRP application | |||||||||||||||
N/A |
N/A |
VRRP |
VRRP |
✓ |
✓ |
✓ |
✓ |
✓ |
|||||||