Hello:
I am testing a Cisco IP Phone (e.g. 7942) and attempting to determine what TCP / UDP Ports that the Cisco IP Hard Phone (i.e .7942) requires to fully function / access CUCM / CUC. The below is what I have tallied from the listed Cisco documentation. A Peer Review of the TCP / UDP Requirements would be appreciated as I am only concerned about the Cisco IP Phone obtaining Dial Tone, making / receiving Phone Calls and access / leave / retrieve Voicemails.
- CUC (Unity Connection Voicemail / Auto Attendant / Call Handlers)
Source: https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/11x/security/b_11xcucsecx/b_11xcucsecx_chapter_00.html
- Service Ports
Ports and Protocols1 | Operating System Firewall Setting | Executable/Service or Application | Service Account | Comments |
TCP and UDP ports allocated by administrator for SIP traffic. TCP ports 5001, 5002, 5003 and 5004 are open. Possible ports are 5060–5199 | Open | CuCsMgr/Unity Connection Conversation Manager | ucsmgr | Unity Connection SIP Control Traffic handled by conversation manager. SIP devices must be able to connect to these ports. |
UDP: 16384–21511 | Open | CuMixer/Unity Connection Mixer | cumixer | VoIP devices (phones and gateways) must be able to send traffic to these UDP ports to deliver inbound audio streams. |
TCP: 21000–21512 | Open | CuCsMgr/Unity Connection Conversation Manager | cucsmgr | IP phones must be able to connect to this range of ports on the Unity Connection server for some phone client applications. |
UDP: 16384–21511 | Open | CuMixer/Unity Connection Mixer | cumixer | VoIP devices (phones and gateways) must be able to send traffic to these UDP ports to deliver inbound audio streams. |
- Outbound Connections Made by Unity Connection
Ports and Protocols | Executable | Service Account | Comments |
TCP: 2000* (Default SCCP port) Optionally TCP port 2443* if you use SCCP over TLS. * Many devices and applications allow configurable RTP port allocations. | CuCsMgr | cucsmgr | Unity Connection SCCP client connection to Cisco Unified CM when they are integrated using SCCP. |
UDP: 16384–32767* (RTP) * Many devices and applications allow configurable RTP port allocations. | CuMixer | cumixer | Unity Connection outbound audio-stream traffic. |
|
- Secure Transport Layer
Ports | Executable/Service or Application | Service Account | Comments |
5061-5199 | CuCsMgr/Unity Connection Conversation Manager | cucsmgr | Unity Connection SIP Control Traffic handled by conversation manager. SIP devices must be able to connect to these ports. |
- CUCM Functionality with a Cisco IP Phone Port Requirements
Source: https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/11_5_1/sysConfig/11_5_1_SU1/cucm_b_system-configuration-guide-1151su1/cucm_b_system-configuration-guide-1151su1_chapter_01010101.html#CUCM_TP_IBA67974_00
I have the IP Address of the CUCM Publisher / Subscriber:
Unified CM 1 3.30.64.11 Active
Unified CM 2 3.30.64.12 Standby
Unified CM 3 3.30.64.13
I am not able to verify the CUCM Version as the version shows up after initial logon. In consulting the Cisco Unified Communications Documentation, the following are the Required Ports for IP Phone functionality with the CUCM.
- Common Service Ports
From (Sender) | To (Listener) | Destination Port | Purpose |
Endpoint | CUCM | 1090, 1099 / TCP | Cisco AMC Service for RTMT performance monitors, data collection, logging, and alerting |
Endpoint | Unified Communications Manager | 7 | Internet Control Message Protocol (ICMP) This protocol number carries echo-related traffic. It does not constitute a port as indicated in the column heading. |
Unified Communications Manager | Endpoint |
Unified Communications Manager | Endpoint | 22 / TCP | Secure FTP service, SSH access |
Endpoint | Unified Communications ManagerDNS Server) | Ephemeral / UDP | Cisco Unified Communications Manager acting as a DNS server or DNS client Note | Cisco recommends that Cisco Unified Communications Manager not act as a DNS server and that all IP telephony applications and endpoints use static IP addresses instead of hostnames. |
|
Endpoint | Unified Communications Manager (DHCP Server) | 67 / UDP | Cisco Unified Communications Manager acting as a DHCP server Note | Cisco does not recommend running DHCP server on Cisco Unified Communications Manager. |
|
Endpoint or Gateway | Unified Communications Manager | 69, 6969, then Ephemeral / UDP | Trivial File Transfer Protocol (TFTP) service to phones and gateways |
Endpoint or Gateway | Unified Communications Manager | 6970 / TCP | Trivial File Transfer Protocol (TFTP) between master and proxy servers. HTTP service from the TFTP server to phones and gateways. |
Endpoint | Unified Communications Manager | 8443 / TCP | Used for Cisco User Data Services (UDS) requests |
- Web Requests From Cisco Unified Communications Manager to Phone
From (Sender) | To (Listener) | Destination Port | Purpose |
Unified Communications Manager · QRT · RTMT · Find and List Phones page · Phone Configuration page | Phone | 80 / TCP | Hypertext Transport Protocol (HTTP) |
| |
- Signaling, Media, and Other Communication Between Phones and Cisco Unified Communications Manager
From (Sender) | To (Listener) | Destination Port | Purpose |
Phone | Unified Communications Manager | 53/ TCP | Session Initiation Protocol (SIP) phones resolve the Fully Qualified Domain Name (FQDN) using a Domain Name System (DNS) Note | By default, some wireless access points block TCP 53 port, which prevents wireless SIP phones from registering when CUCM is configured using FQDN. |
|
Phone | Unified Communications Manager (TFTP) | 69, then Ephemeral / UDP | Trivial File Transfer Protocol (TFTP) used to download firmware and configuration files |
Phone | Unified Communications Manager | 2000 / TCP | Skinny Client Control Protocol (SCCP) |
Phone | Unified Communications Manager | 2443 / TCP | Secure Skinny Client Control Protocol (SCCPS) |
Phone | Unified Communications Manager | 2445 / TCP | Provide trust verification service to endpoints. |
Phone | Unified Communications Manager (CAPF) | 3804 / TCP | Certificate Authority Proxy Function (CAPF) listening port for issuing Locally Significant Certificates (LSCs) to IP phones |
Phone | Unified Communications Manager | 5060 / TCP and UDP | Session Initiation Protocol (SIP) phone |
Unified Communications Manager | Phone |
Phone | Unified Communications Manager | 5061 TCP | Secure Session Initiation Protocol (SIPS) phone |
Unified Communications Manager | Phone |
Phone | Unified Communications Manager (TFTP) | 6970 TCP | HTTP-based download of firmware and configuration files |
Phone | Unified Communications Manager (TFTP) | 6971, 6972 / TCP | HTTPS interface to TFTP. Phones use this port to download a secure configuration file from TFTP. |
Phone | Unified Communications Manager | 8080 / TCP | Phone URLs for XML applications, authentication, directories, services, etc. You can configure these ports on a per-service basis. |
Phone | Unified Communications Manager | 9443 / TCP | Phone use this port for authenticated contact search. |
IP VMS | Phone | 16384 - 32767 / UDP | Real-Time Protocol (RTP), Secure Real-Time Protocol (SRTP) Note | Cisco Unified Communications Manager only uses 24576-32767 although other devices use the full range. |
|
Phone | IP VMS |
