Escolar Documentos
Profissional Documentos
Cultura Documentos
Specifying Port Values, page B-1 Specifying Protocol Values, page B-5
Note
The FWSM drops DNS packets sent to UDP port 53 (usually used for DNS) that have a packet size larger than 512 bytes. Permitted UDP literal names are biff, bootpc, bootps, discard, dnsix, echo, mobile-ip, nameserver, netbios-dgm, netbios-ns, ntp, rip, snmp, snmptrap, sunrpc, syslog, tacacs, talk, tftp, time, who, and xdmcp. You can view port numbers online at this URL: http://www.iana.org/assignments/port-numbers Table B-1 lists the port values and literal names.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference OL-6513-01
B-1
Table B-1
Literal administratively-prohibited alternate-address aol bgp biff bootpc bootps chargen citrix-ica cmd conversion-error ctiqbe daytime discard DHCP server DHCP client dod-host-prohibited dod-net-prohibited domain dnsix echo echo-reply exec finger ftp ftp-data general-parameter gopher h323 host-isolated hostname host-precedence-unreachable host-tos-unreachable host-redirect host-tos-redirect host-unknown
Value 93 102 60 179 512 68 67 19 1494 514 120 14 13 9 67 68 92 91 53 195 7, 103 78 512 79 21 20 110 70 1720 90 101 94 89 101 87
Description
America Online Border Gateway Protocol, RFC 1163 Used by mail system to notify users that new mail is received Bootstrap Protocol Client Bootstrap Protocol Server Character Generator Citrix Independent Computing Architecture (ICA) protocol Similar to exec except that cmd has automatic authentication
DNS (Domain Name System) DNSIX Session Management Module Audit Redirector Echo Echo reply Remote process execution Finger File Transfer Protocol (control port) File Transfer Protocol (data port) Gopher H.323 call signaling NIC Host Name Server
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference
B-2
OL-6513-01
Appendix B
Table B-1
Literal host-unreachable https ident imap4 information-reply information-request irc isakmp kerberos klogin kshell ldap ldaps lpd login lotusnotes mask-reply mask-request mobile-ip mobile-redirect nameserver netbios-dgm net-redirect net-tos-redirect net-tos-unreachable network-unknown nntp netbios-ns netbios-ssn netreachable no-room-for-option ntp option-missing packet-too-big pcanywhere-data parameter-problem
Value 81 62 113 63 116 117 194 500 64 543 544 65 66 515 513 67 118 117 434 121 42 138 98 100 88 86 119 137 68 80 112 123 111 84 69 109
Description
Network News Transfer Protocol NETBIOS Name Service Network Basic Input Output System
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference OL-6513-01
B-3
Table B-1
Literal pcanywhere-status pim-auto-rp pop2 pop3 port-unreachable pptp precedence-unreachable protocol-unreachable radius
Value 73 496 109 110 83 70 95 82 74, 1645, 1646 75 108 97 104 105 520 71 76 58 59 25 161 162 85 96 1521 72 111 514 49 517 23 69
Description Protocol Independent Multicast, reverse path flooding, dense mode Post Office ProtocolVersion 2 Post Office ProtocolVersion 3 Port cannot be found Point-to-Point Tunneling Protocol. RFC 2637 describes the PPTP protocol Precedence cannot be found Protocol cannot be found Remote Authentication Dial-In User Service
radius-acct reassembly-timeout redirect router-advertisement router-solicitation rip rpc secureid-udp sip skinny smtp snmp snmptrap source-route-failed source-quench sqlnet ssh sunrpc syslog tacacs talk telnet tftp
Remote Authentication Dial-In User Service Specifies the timeout for reassembly Redirect Router sends advertisement Queries the router Routing Information Protocol Remote Procedure Call Specifies UDP secure ID Session Initiation Protocol Simple (Skinny) Client Control Protocol Simple Mail Transport Protocol Simple Network Management Protocol Simple Network Management ProtocolTrap Route inactive Remove sourcing Structured Query Language Network Secure shell Sun RPC (Remote Procedure Call) System Log TACACS+ (Terminal Access Controller Access Control System Plus) Talk RFC 854 Telnet Trivial File Transfer Protocol
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference
B-4
OL-6513-01
Appendix B
Table B-1
Literal time time-exceeded timestamp-reply timestamp-request traceroute ttl-exceeded unreachable uucp who whois www xdmcp
Description Time Time exceeded Returns the time stamp Requests a time stamp Specifies trace routing TTL is exceeded Connection refused or inactive UNIX-to-UNIX Copy Program Who Who Is World Wide Web X Display Manager Control Protocol, used to communicate between X terminals and workstations running UNIX
Note
Many routing protocols use multicast packets to transmit their data. If you send routing protocols across the FWSM, configure the surrounding routers with the Cisco IOS software neighbor command. If routes on an unprotected interface are corrupted, the routes that are transmitted to the protected side of the firewall will corrupt routers there. Table B-2 lists the numeric values and literal names for the protocols.
Table B-2 Protocol Numeric and Literal Values
Value 51 88 50 47 1 2 9 0
Description Authentication Header for IPv6, RFC 1826 Enhanced Interior Gateway Routing Protocol Encapsulated Security Payload for IPv6, RFC 1827 General Routing Encapsulation Internet Control Message Protocol, RFC 792 Internet Group Management Protocol, RFC 1112 Interior Gateway Routing Protocol Internet Protocol
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference OL-6513-01
B-5
Table B-2
Description IP-in-IP encapsulation Network Operating System (Novells NetWare) Open Shortest Path First routing protocol, RFC 1247 Payload Compression Protocol Sitara Networks Protocol Transmission Control Protocol, RFC 793 User Datagram Protocol, RFC 768
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference
B-6
OL-6513-01