Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Internal_display_only

Include Page
ALLDOC:SBC Core Ports Descriptions
ALLDOC:SBC Core Ports Descriptions

Panel

In this section:

Table of Contents
maxLevel4

The

Spacevars
0series4
  platforms (SBC 5000 series, SBC 7000, SBC SWe) listen to the TCP/IP network ports listed in the following tables. Some of these ports will not be open if the corresponding product features are not configured.

Info
titleNote

The actual ports that the

Spacevars
0product
listens to depends on the actual system configuration.

Warning
titleWarning

Due to an IPMI vulnerability, Ribbon recommends not connecting the BMC Ethernet port to an external network unless the network is deemed well-protected.

[Reference: NIST National Vulnerability Database website]

Dynamic Port for SBC Service Discovery

With the Service Discovery for Trap Target Destinations and EMS Registration feature, a dynamic port opens on the SBC on boot at the end of an upgrade, so that the SBC can access the Name Server under Service Discovery. This is not configurable; no action is required on the part of the user. For more information about Service Discovery, see Service Discovery for Trap Target Destinations and EMS Registration. For configuration details, see Configuring Service Discovery for Trap Target Destinations and EMS Registration.

...

MultiExcerptNameME1

SBC 5000/7000 Series BMC Ports

...

0Table
1SBC 5000/7000 Series BMC Ports

...

Network Port

...

Usage

...

HTTP server redirects browser to port 443 for HTTPS. No actual BMC access on port 80.

...

5120

...

BMC Remote Console: CD

...

5121

...

 not used

...

BMC Remote Console: Keyboard and Mouse

...

5123

...

BMC Remote Console: Diskette

...

5555

...

BMC Remote Console: Encryption

...

5556

...

BMC Remote Console: Authentication

...

6481

...

BMC Remote Console: Servicetag Daemon

...

7578

...

BMC Remote Console: Video

...

MultiExcerptNameME2

SBC Core Management Ports

...

0Table
1SBC Core Management Ports

...

Network Port

...

Usage

...

Notes

...

22

...

SBC application CLI via SSH 

...

Application CLI over SSHv2.

...

80

...

Embedded Management Application (EMA) GUI redirection to port 443

...

HTTP server redirects browser to port 443 for HTTPS. No actual EMA access on port 80. 

...

443

...

EMA GUI via https

...

444

...

EMA GUI, Platform Mode via https

...

2022

...

Netconf OAM interface 

...

Netconf over SSHv2. Used by Ribbon EMS to manage the SBC.

...

2024

...

Linux SFTP access via SSH 

...

4680

...

SecureLink client GUI via http 

The SecureLink client is a RASO feature that creates and maintains an SSH connection to the SecureLink server at RibbonHQ, to support remote troubleshooting. This port presents a GUI interface to manage the SL client.

...

Port 4680 is restricted to "localhost." This ensures that Gatekeeper (the SecureLink GUI) cannot be accessed remotely using the management port of the SBC. 

...

161   

...

SNMP agent 

...

Statistics and status retrieval. Read only.

...

3069  

...

ERE   

...

ERE SIP SCPA process.

...

65xxx  

...

PSX    

...

Dynamically allocated server port number. Part of SBC communication with external PSX.

SBC Core Media Physical Ports at Interface IP Addresses

...

0Table
1SBC Core Media Physical Ports at Interface IP Addresses

...

Network Port

...

Usage

...

Notes

...

500

...

IKE

...

IKEv1 or IKEv2 Internet Key Exchange for IPSec

...

1024-65534

...

RTP, RTCP, SRTP, SRTCP

...

Real time media

...

N/A

...

IPSec ESP

...

Encapsulating Security Payload

SBC Core Media Physical Ports at Signaling Port IP Addresses

...

0Table
1SBC Core Media Physical Ports at Signaling Port IP Addresses

...

Network Port

...

Usage

...

Notes

...

2569

...

GW – GW signaling

...

Ribbon proprietary gateway-to-gateway signaling. Listen port is configurable; 2569 is the default.

NOTE: This port is not applicable for SBC SWe as GW-GW signaling is not supported for SWe.

...

5060

...

SIP signaling over TCP

...

Listen port is configurable; 5060 is the default.

...

5061

...

SIP signaling over TLS over TCP

...

Listen port is configurable; 5061 is the default.

...

5060

...

SIP signaling over UDP

...

Listen port is configurable; 5060 is the default.

...

5060

...

SIP signaling over SCTP

...

Listen port is configurable; 5060 is the default.

...

N/A

...

IPsec ESP

...

Encapsulating Security Payload. Terminates on signaling address when IPSec is used in IMS access and peering modes (in peering mode, the protected address may be different).

...

titleNote

If a zone's sipSigPort is configured for transportProtocolsAllowed = sip-tls-tcp, and either Egress IPSP Transport Type is TLS Over TCP and/or the Egress TG’s transportPreference is tls-tcp, the SBC increments the configured portNumber by 1 and uses it as the new port number for SIP over TLS signaling. The SBC then opens a TCP socket for SIP over TLS for the new TCP port number.

...

Pagebreak