Re: cucm access

bluesea2010 · ‎09-28-2020

Hi,

From the telphone vlan is it ok blocking http and http access to the call manager ?

Or what port need to be opened from phone vlan to cucm

Thanks

Nithin Eluvathingal · ‎09-28-2020

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/12_0_1/systemConfig/cucm_b_system-configuration-guide-1201/cucm_b_system-configuration-guide-1201_chapter_01010110.html#CUCM_RF_T6346A06_00

Signaling, Media, and Other Communication Between Phones and Cisco Unified Communications Manager

Table 6. Signaling, Media, and Other Communication Between Phones and Cisco Unified Communications ManagerFrom (Sender)To (Listener)Destination PortPurpose

Phone

Unified Communications Manager

53/ TCP

Session Initiation Protocol (SIP) phones resolve the Fully Qualified Domain Name (FQDN) using a Domain Name System (DNS)

Note

By default, some wireless access points block TCP 53 port, which prevents wireless SIP phones from registering when CUCM is configured using FQDN.

Phone

Unified Communications Manager (TFTP)

69, then Ephemeral / UDP

Trivial File Transfer Protocol (TFTP) used to download firmware and configuration files

Phone

Unified Communications Manager

2000 / TCP

Skinny Client Control Protocol (SCCP)

Phone

Unified Communications Manager

2443 / TCP

Secure Skinny Client Control Protocol (SCCPS)

Phone

Unified Communications Manager

2445 / TCP

Provide trust verification service to endpoints.

Phone

Unified Communications Manager (CAPF)

3804 / TCP

Certificate Authority Proxy Function (CAPF) listening port for issuing Locally Significant Certificates (LSCs) to IP phones

Phone

Unified Communications Manager

5060 / TCP and UDP

Session Initiation Protocol (SIP) phone

Unified Communications Manager

Phone

Unified Communications Manager

5061 TCP

Secure Session Initiation Protocol (SIPS) phone

Unified Communications Manager

Phone

Unified Communications Manager (TFTP)

6970 TCP

HTTP-based download of firmware and configuration files

Phone

Unified Communications Manager (TFTP)

6971, 6972 / TCP

HTTPS interface to TFTP. Phones use this port to download a secure configuration file from TFTP.

Phone

Unified Communications Manager

8080 / TCP

Phone URLs for XML applications, authentication, directories, services, etc. You can configure these ports on a per-service basis.

Phone

Unified Communications Manager

9443 / TCP

Phone use this port for authenticated contact search.

Phone

Unified Communications Manager

9444

IP VMS

Phone

16384 - 32767 / UDP

Real-Time Protocol (RTP), Secure Real-Time Protocol (SRTP)

Note

Cisco Unified Communications Manager only uses 24576-32767 although other devices use the full range.

Phone

IP VMS

lior look · ‎10-12-2020

first of all its varies between phone types and what you configured in CUCM side.

mostly, the phones use http/s to get xml files from some services like extension mobility, directory services and so on.

but I think your question is not for the "http" protocol but the protocol tcp port.

http default port is tcp/80

but cucm http default port is tcp/8080

go to system>enterprise parameters and see what pathes did you configured for directory services + see if your cucm use custom phone services and then decide if to block or not.