Hi Jeff, The ports in the ACL

jedavis · ‎03-09-2015

Is there a list of the port and protocol mnemonics used by Cisco somewhere? I am talking about those used in access lists, like "www" for port 80 and "smtp" for port 25, e.g.

access-list XXX extended permit udp host 1.1.1.1 host 1.1.1.2 eq domain

I have never seen one anywhere. I just ran across an ACE with the mnemonics file-tcp and file-udp. How do I resolve those to numeric port numbers? Is there some way to display ACLs numerically?

Thanks,

-Jeff

jackshe · ‎03-09-2015

Hi Jeff,

You might find these threads helpful.

http://www.techexams.net/forums/ccna-ccent/42866-how-do-you-all-remember-common-port-numbers.html

https://learningnetwork.cisco.com/docs/DOC-22385

Regards,

Jack

jedavis · ‎03-09-2015

Thanks Jack, but I am not trying to memorize anything. I just want to know what port file-tcp and file-udp refer to. I thought maybe Cisco used the service names documented in RFC6335, Service Name and Transport Protocol Port Number Registry.

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

But when I search that list I find no reference to file-tcp or file-udp.

jedavis · ‎03-09-2015

Um... oops. The file-tcp and file-udp were references to service object groups, not service names. So that clears that up. Still, I have run into this issue before and this is still a valid question. Where is the list of port number and service names used by Cisco?

jedavis · ‎03-09-2015

Ok well I used the brute force method and created an ACL with all possible ports from 1 - 8192 on PixOS 8.2. This is what I came up with:

7	echo
9	discard
13	daytime
19	chargen
20	ftp-data
21	ftp
22	ssh
23	telnet
25	smtp
43	whois
49	tacacs
53	domain
70	gopher
79	finger
80	www
101	hostname
109	pop2
110	pop3
111	sunrpc
113	ident
119	nntp
139	netbios-ssn
143	imap4
179	bgp
194	irc
389	ldap
443	https
496	pim-auto-rp
512	exec
513	login
514	rsh
515	lpd
517	talk
540	uucp
543	klogin
544	kshell
554	rtsp
636	ldaps
750	kerberos
1352	lotusnotes
1494	citrix-ica
1521	sqlnet
1720	h323
1723	pptp
2049	nfs
2748	ctiqbe
3020	cifs
5060	sip
5190	aol
5631	pcanywhere-data

jackshe · ‎03-09-2015

Hi Jeff,

The ports in the ACL are complied to IANA's registration here http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml. Not all routers support every single port number here. But they should be compliant if they do support the port number.

Here's a list of port I found using VIRL's simulated router. They are the most commonly used one.

bgp Border Gateway Protocol (179)

chargen Character generator (19)

cmd Remote commands (rcmd, 514)

daytime Daytime (13)

discard Discard (9)

domain Domain Name Service (53)

drip Dynamic Routing Information Protocol (3949)

echo Echo (7)

exec Exec (rsh, 512)

finger Finger (79)

ftp File Transfer Protocol (21)

ftp-data FTP data connections (20)

gopher Gopher (70)

hostname NIC hostname server (101)

ident Ident Protocol (113)

irc Internet Relay Chat (194)

klogin Kerberos login (543)

kshell Kerberos shell (544)

login Login (rlogin, 513)

lpd Printer service (515)

nntp Network News Transport Protocol (119)

onep-plain ONEP Cleartext (15001)

onep-tls ONEP TLS (15002)

pim-auto-rp PIM Auto-RP (496)

pop2 Post Office Protocol v2 (109)

pop3 Post Office Protocol v3 (110)

smtp Simple Mail Transport Protocol (25)

sunrpc Sun Remote Procedure Call (111)

tacacs TAC Access Control System (49)

talk Talk (517)

telnet Telnet (23)

time Time (37)

uucp Unix-to-Unix Copy Program (540)

whois Nicname (43)

www World Wide Web (HTTP, 80)

Regards,

Jack

List of TCP/UDP port mnemonics