Escolar Documentos
Profissional Documentos
Cultura Documentos
Communication Matrix
Issue 03
Date 2017/08/31
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of t
products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherw
specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties,
guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the preparation of this document
ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty
kind, express or implied.
y the contract made between Huawei and the customer. All or part of the
y not be within the purchase scope or the usage scope. Unless otherwise
mendations in this document are provided "AS IS" without warranties,
plied.
otice. Every effort has been made in the preparation of this document to
, and recommendations in this document do not constitute a warranty of any
Overview
This document describes the ports to be opened for the energy NMS to achieve proper service communicatio
of the OM communication ports to guide engineers to set firewalls. Do not open ports that are not mentioned
Product Version
Product
SPM
Intended Audience
This document is intended for:
Maintenance engineers
Technical support engineers
Structure
Describe the content of each sheet and the meaning of each field in port tables.
Describes the firewall setting principles, port design process, and precautions. R
Ports Design Process
wall.
Describes the communication ports between the energy NMS server and the NM
Ports Between the Energythird-party
NMS andmanagement
the NMS devices (such as the SMS server) provided by some te
Describes ports to be opened by the energy NMS server for each NE. If the sou
Ports Opened by the Energy NMS
be opened
for NEs
for all NEs that access to the energy NMS system. If the specific situ
source devices or in special scenarios, the port only needs to be opened for thes
Describes ports, including the ports opened by the energy NMS server for the w
Ports Between the Energyother
NMS and Client
OM clients, to be opened by the energy NMS server for the client.
Open ports on a hardware server, including ports used for interoperation betwee
ports used by the iMana on an RH2288 server, RH2288H server, and RH5885 s
Ports on the Hardware Server
firewall.
The ports that are opened in all networking modes include the ports between th
U2000-SPM
server, the ports between U2000-SPM and NEs.
In the energy NMS networking system, some functions, such as the client remo
Third-party Tool the use of third-party tools. If the firewalls are deployed between the third-party
must be opened by following the instructions provided in this sheet.
Describes local ports on the energy NMS server and ports that do not need to b
Appendix - Local Ports
are used on the internal network and will be scanned during the port scanning.
Description of each field insending
Port for port signaling traffic, that is, the start point where signaling traffic i
tables Target Device. Generally, the number of the port used by Source Device is ran
the source device uses a specified port, the information about the specified port
If Source Device is Local, it indicates that a local port is used as the source dev
Source Device need to be opened on the firewall.
Source IP IP address
Source of indicates
Port: source device.
the port from which the signal flow is initiated, that is, th
Source Port port
If of a source
Target Devicedevice to the destination port of a destination device."102465
is Local
Target Device random
that portport
a local within this as
is used range.
the destination device. In such a case, the port does n
Indicates the listening port that or a number segment in which the ports can pro
Target IP Port
Destination IP address of
destination target
port device.
contains two or more ports, and one of the ports contains speci
(Listening) 31600 (SSL), port 31100 is a non-encryption port and port 31600 is an SSL enc
Protocol Type specified in the port description. You need to open related ports based on the ac
Port Description destination
Descriptionport
of a contains twomainly
port, which or moreincludes
ports, and
the the port difference
functions is not speci
that are implemented
Authentication Mode to open all these ports.
Authentication mode of a port. If the value is None, it indicates that no authent
Encryption Mode Encryption mode of a port. If the value is None, it indicates that no encryption
Indicates the versions of products to which a port is applicable.
Describes which plane the listening port belongs to, such as one of the OM plan
If one or multiple version numbers are available, it indicates that the port is app
Plane plane, or all the three planes. For the energy NMS, all ports belong to the OM p
If all versions are available, it indicates that the port is applicable to all versions
If the port is applicable to a version and later versions or a version and earlier v
Version added.
Special scenario to which a port is only applicable. For example, a port is appli
certain networking scenario, or a specified type of server.
Special Scenario If the value is None, it indicates that the port is a common port and applicable t
Deployment Scenarios
Scenario Description
The energy NMS is When the energy NMS is independently deployed, it indicates the NetEco in th
independently deployed. server indicates the NetEco server.
The energy NMS is co-
When the energy NMS is co-deployed with the U2000, it indicates the SPM in
deployed with the U2000.
server indicates the SPM server.
(SPM)
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains all updates
Issue Date
03 2017-08-31
02 2016-12-09
01 2016-06-15
be opened for the energy NMS to achieve proper service communication and provides the design workflow
uide engineers to set firewalls. Do not open ports that are not mentioned in this document on the firewalls.
Version
iManager TOOL(U2000-SPM)V200R016C10
s the firewall setting principles, port design process, and precautions. Read this sheet before you set a fire
s the communication ports between the energy NMS server and the NMS devices. The NMS devices include
ty management devices (such as the SMS server) provided by some telecom operators.
s ports to be opened by the energy NMS server for each NE. If the source device is an NE, the port needs to
ed for all NEs that access to the energy NMS system. If the specific situation has been specified for some
evices or in special scenarios, the port only needs to be opened for these NEs.
s ports, including the ports opened by the energy NMS server for the web-based energy NMS client and
M clients, to be opened by the energy NMS server for the client.
rts on a hardware server, including ports used for interoperation between hardware in an ATAE subrack and
ed by the iMana on an RH2288 server, RH2288H server, and RH5885 server. Do not open these ports on the
s that are opened in all networking modes include the ports between the U2000 server and the energy NMS
he ports between U2000-SPM and NEs.
ergy NMS networking system, some functions, such as the client remote access and system backup, require
f third-party tools. If the firewalls are deployed between the third-party tools and other devices, the ports
opened by following the instructions provided in this sheet.
s local ports on the energy NMS server and ports that do not need to be opened on the firewall. These ports
on the internal network and will be scanned during the port scanning.
sending signaling traffic, that is, the start point where signaling traffic is sent to Destination Port Number of
Device. Generally, the number of the port used by Source Device is randomly selected from 1024 to 65535. If
ce device uses a specified port, the information about the specified port is added in Port Description.
e Device is Local, it indicates that a local port is used as the source device. In such a case, the port does not
be opened on the firewall.
ss of indicates
Port: source device.
the port from which the signal flow is initiated, that is, the signal flow is transmitted from this
tsource
Devicedevice to the
is Local, destination port of a destination device."102465535" indicates that the source port is a
it indicates
portport
cal within this as
is used range.
the destination device. In such a case, the port does not need to be opened on the firewall.
s the listening port that or a number segment in which the ports can provide services on the server. If the
ss
onof target
port device.
contains two or more ports, and one of the ports contains special illustration, for example, 31100,
SSL), port 31100 is a non-encryption port and port 31600 is an SSL encryption port. This situation is also
d in the port description. You need to open related ports based on the actual transmission mode. If the
on
ionport
of a contains twomainly
port, which or moreincludes
ports, and
the the port difference
functions is not specified
that are implemented in the the
through portport.
description, you need
all these ports.
cation mode of a port. If the value is None, it indicates that no authentication is performed.
tion
e energy NMS is independently deployed, it indicates the NetEco in this document and the energy NMS
dicates the NetEco server.
e energy NMS is co-deployed with the U2000, it indicates the SPM in this document and the energy NMS
dicates the SPM server.
e cumulative. Therefore, the latest document issue contains all updates made in previous issues.
Description
Added
Add the 22107 port.
This issue is the second official release for iManager TOOL(U2000-SPM)V200R016C10.
Compared with 01 (2016-06-15), this issue has no changes.
1 Between the energy NMS server and network management system (NMS) servers
Between the energy NMS server and NEs
Between the energy NMS server and clients
Between the Citrix client and Citrix server (applicable only when the Citrix tool is used)
Collect field system information, including the information about third-party tools, northbound interfaces, NEs
the ports to be opened according to actual requirements.
2 NOTICE:
1) You need to enable the function of detecting the FTP transfer on firewalls to ensure that data is properly tran
to enable this function, see the documents related to the actual firewall.
2) The source IP addresses of all OM ports (on the NE side) opened for OSS servers such as the U2000, energy
physical IP addresses and floating IP addresses configured for the service Ethernet ports of these OSS servers.
esign the OM ports to be opened on the firewalls.
ns:
ransfer on firewalls to ensure that data is properly transmitted through FTP. For details about how
ctual firewall.
de) opened for OSS servers such as the U2000, energy NMS, and AP Manager servers contain the
d for the service Ethernet ports of these OSS servers.
Ports to be opened between the energy NMS and the NMS
Destination
Source Source IP Destination Destination IP
Source Port Port Protocol
Device Address Device Address
(Listening)
Ports to be opened on the between the energy NMS and the SMS/email server
Destination
Source Source IP Destinatio Destination
Source Port Port Protocol
Device Address n Device IP Address
(Listening)
IP address
Energy NMS of the IP address of 7890 (peer
102465535 SMSGW TCP
server energy the SMSGW port)
NMS server
IP address SMSGW
Energy NMS of the IP address of 7891 (peer
102465535 TCP
server energy the SMSGW port)
NMS server
IP address SMSGW
Energy NMS of the IP address of 5018 (peer
102465535 TCP
server energy the SMSGW port)
NMS server
IP address SMSGW
Energy NMS of the IP address of 8801 (peer
102465535 TCP
server energy the SMSGW port)
NMS server
IP address
IP address of
Energy NMS of the 102465535 Email server the email 25 (peer port) TCP
server energy
server
NMS server
IP address
IP address of
Energy NMS of the 465 (peer
102465535 Email server the email TCP
server energy port)
server
NMS server
IP address
Energy NMS of the IP address of 8900 (peer
server
Random port SMSGW TCP
energy the SMSGW port)
NMS server
Listening Port
Authentication
Port Description Configurable
Mode
(Y/N)
v1/v2c: community
Port for the energy NMS system to receive SNMP commands name
Yes
issued by the NMS. v3: user
name/password
Port for the energy NMS to send SNMP trap messages to the
NMS. v1/v2c: community
Note: When firewalls are deployed on both the energy NMS name
Yes
and NMS sides, ensure that the northbound trap receiving port v3: user
on the NMS side can communicate with the port on the energy name/password
NMS side through the firewalls.
Listening Port
Authentication
Port Description Configurable
Mode
(Y/N)
Port for the email server to receive emails sent by the energy
Yes Certificate
NMS server using SMTPS in SSL mode.
v1/v2c: none
v3: supports iManager
NONE, TOOL(U2000-
OM None
CBC_DES, SPM)V200R016C
IDEA and 00 or later
AES_128.
v1/v2c: none
v3: supports iManager
NONE, TOOL(U2000-
OM None
CBC_DES, SPM)V200R016C
IDEA and 00 or later
AES_128.
iManager
TOOL(U2000- The FTP is disabled
None OM
SPM)V200R016C by default.
10 or later
iManager
TOOL(U2000-
SSL OM None
SPM)V200R016C
10 or later
Encryption
Plane Version Special Scenario
Mode
iManager
TOOL(U2000-
None OM Peer port
SPM)V200R016C
00 or later
iManager
TOOL(U2000-
None OM Peer port
SPM)V200R016C
00 or later
iManager
TOOL(U2000-
None OM Peer port
SPM)V200R016C
00 or later
iManager
TOOL(U2000-
None OM Peer port
SPM)V200R016C
00 or later
iManager
TOOL(U2000-
None OM Peer port
SPM)V200R016C
00 or later
iManager
TOOL(U2000-
SSL OM Peer port
SPM)V200R016C
00 or later
iManager
TOOL(U2000-
None OM Peer port
SPM)V200R016C
00 or later
Remarks:
NEs in inband networking are connected to the energy NMS without interruption. Users cannot enable the firewall t
Destination
Source Source IP Destination Destination IP
Source Port Port
Device Address Device Address
(Listening)
IP address of the
IP address
NE 102465535 Energy NMS server energy NMS 31238
of the NE
server
IP address of the
IP address
NE 102465535 Energy NMS server energy NMS 31239
of the NE
server
IP address of the
IP address
NE 102465535 Energy NMS server energy NMS 31220
of the NE
server
IP address of the
IP address
NE 102465535 Energy NMS server energy NMS 21
of the NE
server
IP address of the
IP address
NE 102465535 Energy NMS server energy NMS 21
of the NE
server
IP address of the
IP address
NE 102465535 Energy NMS server energy NMS 10000-10499
of the NE
server
IP address of the
IP address
NE 102465535 Energy NMS server energy NMS 10000-10499
of the NE
server
IP address of the
IP address
NE 102465535 Energy NMS server energy NMS 162
of the NE
server
IP address of the
IP address
NE 10162 Energy NMS server energy NMS 10162
of the NE
server
IP address
Energy of the
IP address of the
NMS energy 10162 NE 161(Peer port)
NE
server NMS
server
sers cannot enable the firewall to automatically detect and proactively interrupt the connection generating no packet.
pened for the communication between the energy NMS and NEs.
Listening Port
Authentication Encryption
Protocol Port Description Configurable
Mode Mode
(Y/N)
Port for NEs in the out-of-
band networking to connect to
TCP No None None
the MED process of the
energy NMS.
iManager
TOOL(U2000-
OM None
SPM)V200R016C
00 or later
iManager
TOOL(U2000-
OM None
SPM)V200R016C
00 or later
iManager
TOOL(U2000- The FTP is disabled by
OM
SPM)V200R016C default.
00 or later
iManager
TOOL(U2000-
OM None
SPM)V200R016C
00 or later
iManager
TOOL(U2000-
OM None
SPM)V200R016C
00 or later
iManager
TOOL(U2000-
OM None
SPM)V200R016C
00 or later
iManager
TOOL(U2000-
OM Peer port
SPM)V200R016C
00 or later
Ports on the ATAE Hardware
NOTE:
For details on the ports that need to be enabled on the ATAE hardware, see U2000 Communication Matrix.
You can log in to the http://support.huawei.com website, search for iManager U2000 MBB Network Management System Produc
IP address of
Energy IP address of the
the energy 102465535 NodeB/eNodeB 6007
NMS server NodeB/eNodeB
NMS server
IP address of
Energy IP address of the
the energy 102465535 OMU 6000, 8000 (SSL)
NMS server OMU
NMS server
IP address of
Energy IP address of the
the energy 102465535 OMU 6006, 8006 (SSL)
NMS server OMU
NMS server
ed to be opened for the OM of the NodeB/eNodeB.
Listening Port
Protocol Port Description Configurable
(Y/N)
iManager
TOOL(U2000-
Reauthentication SSL OM
SPM)V200R016
C00 or later
Authentication Encryption
Plane Version
Mode Mode
iManager
TOOL(U2000-
Reauthentication SSL OM
SPM)V200R016
C00 or later
iManager
TOOL(U2000-
Reauthentication SSL OM
SPM)V200R016
C00 or later
Special Scenario
Special Scenario
IP address of the
App client 1024-65535 APP Server APP Server IP
app client
Destination Port
Protocol Port Description
(Listening)
Destination Port
Protocol Port Description
(Listening)
This port is used for the APP client to invoke the APP
32800 TCP server services and to interact with the energy NMS
services.
Listening Port Authentication Encryption
Plane Version
Configurable (Y/N) Mode Mode
iManager
TOOL(U2000-
Yes User name/password None OM
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
No User name/password SSL OM
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
No User name/password None OM
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
No User name/password SSL OM
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
No User name/password SSL OM
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
No User name/password SSL OM
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
No User name/password SSL OM SPM)V200R016C0
0 or later
Special Scenario
1. HTTP automatically
redirects to HTTPS when
users open a page through
the web browser.
2. Users need to manually
enter the port number
when installing the energy
NMS. The port number
can be changed.
None
None
None
None
None
Special Scenario
None
Remarks:
The following lists the ports to be opened by the energy NMS in the U2000-SPM. The ports are opened by t
MBB Network Management System Product Documentation. You can visit http://support.huawei.com and
System Product Documentation".
Ports between the U2000 server and the energy NMS server
Destinati
Destinati
Source Source IP Source Destinati on Port
on IP Protocol
Device Address Port on Device (Listening
Address
)
IP address
IP address
Energy of the
U2000 of the 1024 ~
NMS energy 32102 HTTPS
server U2000 65535
server NMS
server
server
Ports for the energy NMS server and the U2000 Client
Destinati
Destinati
Source Source IP Source Destinati on Port
on IP Protocol
Device Address Port on Device (Listening
Address
)
IP address
IP address
Energy of the
U2000 of the 1024 ~
NMS energy 32803 TCP
client U2000 65535
server NMS
client
server
Destinati
Destinati
Source Source IP Source Destinati on Port
on IP Protocol
Device Address Port on Device (Listening
Address
)
IP address
Energy of the
1024 ~
NE NE IP NMS energy 31921 TCP
65535
server NMS
server
n the U2000-SPM. The ports are opened by the U2000 see the communication matrix in iManager U2000
You can visit http://support.huawei.com and search for "iManager U2000 MBB Network Management
Listening
Authentic
Port Encryptio
Port Description ation Plane Version
Configura n Mode
Mode
ble (Y/N)
iManager
TOOL(U2
This port is opened for the U2000 server User
000-
to communicate with the energy NMS No name/pass SSL OM
SPM)V200
server using HTTPS. word
R016C00
or later
Listening
Authentic
Port Encryptio
Port Description ation Plane Version
Configura n Mode
Mode
ble (Y/N)
Listening
Authentic
Port Encryptio
Port Description ation Plane Version
Configura n Mode
Mode
ble (Y/N)
iManager
FTP protocol command port of the energy TOOL(U2
NMS FTP server. The port supports the username/p 000-
No SSL OM
file transfer between NEs and the energy assword SPM)V200
NMS system. R016C00
or later
Manager U2000
Management
Special
Scenario
None
Special
Scenario
None
Special
Scenario
The FTP is
disabled by
default.
OM ports to be opened for the database and management tool
IP address of the
SSH IP address of the Energy NMS
102465535 energy NMS 22
client SSH client server
server
Listening Port
Protocol Port Description Configurable
(Y/N)
1. Port for the SSH client to remotely maintain the energy NMS
TCP server. No
2. Port for downloading files from the SFTP server.
Authentication Encryption
Plane Version Special Scenario
Mode Mode
iManager
TOOL(U2000-
User name/password SSH OM None
SPM)V200R016
C00 or later
Local ports to be opened on the energy NMS server
Destination
Source Source IP Destination Destination IP
Source Port Port
Device Address Device Address
(Listening)
Energy IP address of
Energy NMS IP address of the
NMS the energy 31916 31917
server energy NMS server
server NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 31916 31967
server Med center
server NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 102465535 32002
server energy NMS server
server NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 102465535 32003
server energy NMS server
server NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 102465535 32007
server energy NMS server
server NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 102465535 32008
server energy NMS server
server NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 102465535 32020
server energy NMS server
server NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 102465535 32033
server energy NMS server
server NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 102465535 31900
server energy NMS server
server NMS server
IP address of the
BMC IP address of Energy NMS
102465535 BMC port on the 80
client the BMC client server
energy NMS server
IP address of the
BMC IP address of Energy NMS
102465535 BMC port on the 443
client the BMC client server
energy NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 102465535 31927
server energy NMS server
server NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 1024 ~ 65535 32031
server energy NMS server
server NMS server
IP address of
APP Energy NMS IP address of the
the energy 1024~65535 32801
server server energy NMS server
NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 32008 32012
server energy NMS server
server NMS server
Energy IP address of
Energy NMS IP address of the
NMS the energy 1024~65535 22107
server energy NMS server
server NMS server
Listening Port
Authentication
Protocol Port Description Configurable
Mode
(Y/N)
iManager
TOOL(U2000- This port is disabled in the
None OM
SPM)V200R016C0 official release by default.
0 or later
iManager
TOOL(U2000-
SSL OM None
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
SSL OM None
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
None OM None
SPM)V200R016C0
0 or later
iManager
TOOL(U2000- Automatically redirects to port
None OM
SPM)V200R016C0 443.
0 or later
iManager
TOOL(U2000-
SSL OM None
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
SSL OM None
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
SSL OM None
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
SSL OM None
SPM)V200R016C0
0 or later
iManager
TOOL(U2000-
SSL OM None
SPM)V200R016C1
0 or later