The
platforms (SBC 5000 series, SBC 7000, SBC SWe) listen to the TCP/IP network ports listed in the following tables. Some of these ports will not be open if the corresponding product features are not configured.
| Note |
|---|
icon| Info |
|---|
|
The actual ports that the listens to depends on the actual system configuration. |
| Warning |
|---|
|
Due to an IPMI vulnerability, Sonus Ribbon recommends not connecting the BMC Ethernet port to an external network unless the network is deemed well-protected.
[Reference: NIST National Vulnerability Database website] |
...
| Multiexcerpt |
|---|
|
SBC 5000/7000 Series BMC Ports| Caption |
|---|
| 0 | Table |
|---|
| 1 | SBC 5000/7000 Series BMC Ports |
|---|
|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|
| TCP | 22 | SSH | SSHD | BMC CLI via SSH | BMC CLI over SSHv2. | | TCP | 80 | TLS 1.2 | lighttpd | BMC GUI redirection to port 443 | HTTP server redirects browser to port 443 for HTTPS. No actual BMC access on port 80. | | TCP | 443 | TLS 1.2 | lighttpd | BMC GUI via HTTPS |
|
| | TCP | 5120 | TCP | cdserver opp | BMC Remote Console: CD |
|
| | TCP | 5121 | not used | not used | BMC Remote Console: Keyboard and Mouse |
|
| | TCP | 5123 | not used | not used | BMC Remote Console: Diskette |
|
| | TCP | 5555 | not used | not used | BMC Remote Console: Encryption |
|
| | TCP | 5556 | not used | not used | BMC Remote Console: Authentication |
|
| | TCP | 6481 | not used | not used | BMC Remote Console: Servicetag Daemon |
|
| BMC Remote Console: Video |
| |
|
| BMC Remote Console: Serial |
|
|
|
| Multiexcerpt |
|---|
|
SBC Core Management Ports| Caption |
|---|
| 0 | Table |
|---|
| 1 | SBC Core Management Ports |
|---|
|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|
| TCP |
| 22 | SSH | SSHD | SBC application CLI via SSH | Application CLI over SSHv2. | 80 | TLS 1.2 |
lighttpd| apache2 | Embedded Management Application (EMA) GUI redirection to port 443 | HTTP server redirects browser to port 443 for HTTPS. No actual EMA access on port 80. | 443 | TLS 1.2 |
lighttpd | apache2 | EMA GUI, Platform Mode via https |
| |
| Netconf OAM interface | Netconf over SSHv2. Used by |
Sonus Ribbon EMS to manage the SBC. | 2024 | sftp |
|
| Linux SFTP access via SSH |
|
| | 3091 | ssreq-tcp | SSREQ | SSReq troubleshooting tool | Default TCP port | 4680 |
|
|
| SecureLink client GUI via http | The SecureLink client is a RASO feature that creates and maintains an SSH connection to the SecureLink server at |
SonusHQRibbonHQ, to support remote troubleshooting. This port presents a GUI interface to manage the SL client. NOTE: SecureLink runs on a separate VM instance for SBC SWe; hence this port is not applicable for SBC SWe.
|
UDP
Port 4680 is restricted to "localhost." This ensures that Gatekeeper (the SecureLink GUI) cannot be accessed remotely using the management port of the SBC. | | UDP
| 123 | NTP | NTPD | Network Timing Protocol Daemon (NTPD) |
|
| 161 | SNMP | SNMP daemon | SNMP agent | Statistics and status retrieval. Read only. | | 3054 | DIAMETER+ | DS | PSX call processing requests | This port is used for call processing requests coming from the PSX to the SBC over Diameter+. This can also be configured through PKT ports. | | 3055 | DIAMETER+ | DS | Keep alive messages and registration (Diameter). | This can also be configured through PKT ports. | 3069 | DMARSH | SCPA | ERE | ERE SIP SCPA process. | | 3090 | ssreq-udp | SSREQ | SSReq troubleshooting tool | Default UDP port | 65xxx |
| |
|
| PSX | Dynamically allocated server port number. Part of SBC communication with external PSX. |
|
| Caption |
|---|
| 0 | Table |
|---|
| 1 | SBC Core Media Physical Ports at Interface IP Addresses |
|---|
|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|
| UDP | 500 | IKE | IKE | IKE | IKEv1 or IKEv2 Internet Key Exchange for IPSec | 1024-65534 | RTP, RTCP,SRTP,SRTCP |
|
| RTP, RTCP, SRTP, SRTCP | Real time media | | ESP | N/A |
| |
|
| IPSec ESP | Encapsulating Security Payload |
|
| Caption |
|---|
| 0 | Table |
|---|
| 1 | SBC Core Media Physical Ports at Signaling Port IP Addresses |
|---|
|
| Protocol | Network Port | Application Level Protocol | Process Using the Ports | Usage | Notes |
|---|
| TCP | 2569 | MSC | SAM | GW – GW signaling |
Sonus Ribbon proprietary gateway-to-gateway signaling. Listen port is configurable; 2569 is the default |
.NOTE: This port is not applicable for SBC SWe as GW-GW signaling is not supported for SWe. | 5060 | SIP | SIPE | SIP signaling over TCP | Listen port is configurable; 5060 is the default. | 5061 | SIP | SIPE | SIP signaling over TLS over TCP | Listen port is configurable; 5061 is the default. | | UDP | 5060 | SIP | SIPE | SIP signaling over UDP | Listen port is configurable; 5060 is the default. | | SCTP | 5060 | SIP | SIPE | SIP signaling over SCTP | Listen port is configurable; 5060 is the default. | | ESP | N/A |
| |
|
| IPsec ESP | Encapsulating Security Payload. Terminates on signaling address when IPSec is used in IMS access and peering modes (in peering mode, the protected address may be different). |
|
|
| Info |
|---|
|
note |
If a zone's sipSigPort is configured for transportProtocolsAllowed = sip-tls-tcp, and either Egress IPSP Transport Type is TLS Over TCP and/or the Egress TG’s transportPreference is tls-tcp, the SBC increments the configured portNumber by 1 and uses it as the new port number for SIP over TLS signaling. The SBC then opens a TCP socket for SIP over TLS for the new TCP port number. Example: When sipSigPort is configured with a portNumber of 5060 and transportProtocolsAllowed = sip-tls-tcp, the SBC listens on TCP port 5061 for SIP over TLS. |
...