A P P E N D I X

Port and Protocol Values

This appendix lists the port and protocol values used by the FWSM and contains these sections:

Specifying Port Values, page B-1 Specifying Protocol Values, page B-5

Specifying Port Values

You can use literal names instead of numerical port values in command syntax. The FWSM permits the following TCP literal names: bgp, chargen, cmd, citrix-ica, daytime, discard, domain, echo, exec, finger, ftp, ftp-data, gopher, h323, hostname, http, ident, irc, klogin, kshell, lpd, nntp, pop2, pop3, pptp, rpc, smtp, sqlnet, sunrpc, tacacs, talk, telnet, time, uucp, whois, and www. The FWSM uses port 1521 for SQL*Net. This is the default port used by Oracle for SQL*Net; however, this value does not agree with IANA port assignments. The FWSM listens for RADIUS on ports 1645 and 1646. If your RADIUS server uses ports 1812 and 1813, you will need to reconfigure it to listen on ports 1645 and 1646. To assign a port for DNS access, use domain, not dns. The dns keyword translates into the port value for dnsix.

Note

The FWSM drops DNS packets sent to UDP port 53 (usually used for DNS) that have a packet size larger than 512 bytes. Permitted UDP literal names are biff, bootpc, bootps, discard, dnsix, echo, mobile-ip, nameserver, netbios-dgm, netbios-ns, ntp, rip, snmp, snmptrap, sunrpc, syslog, tacacs, talk, tftp, time, who, and xdmcp. You can view port numbers online at this URL: http://www.iana.org/assignments/port-numbers Table B-1 lists the port values and literal names.

Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference OL-6513-01

B-1

Appendix B Specifying Port Values

Acronyms and Abbreviations

Table B-1

Port Values and Literal Names

Literal administratively-prohibited alternate-address aol bgp biff bootpc bootps chargen citrix-ica cmd conversion-error ctiqbe daytime discard DHCP server DHCP client dod-host-prohibited dod-net-prohibited domain dnsix echo echo-reply exec finger ftp ftp-data general-parameter gopher h323 host-isolated hostname host-precedence-unreachable host-tos-unreachable host-redirect host-tos-redirect host-unknown

Value 93 102 60 179 512 68 67 19 1494 514 120 14 13 9 67 68 92 91 53 195 7, 103 78 512 79 21 20 110 70 1720 90 101 94 89 101 87

Description

America Online Border Gateway Protocol, RFC 1163 Used by mail system to notify users that new mail is received Bootstrap Protocol Client Bootstrap Protocol Server Character Generator Citrix Independent Computing Architecture (ICA) protocol Similar to exec except that cmd has automatic authentication

Day time, RFC 867 Discard

DNS (Domain Name System) DNSIX Session Management Module Audit Redirector Echo Echo reply Remote process execution Finger File Transfer Protocol (control port) File Transfer Protocol (data port) Gopher H.323 call signaling NIC Host Name Server

Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference

B-2

OL-6513-01

Appendix B

Acronyms and Abbreviations Specifying Port Values

Table B-1

Port Values and Literal Names (continued)

Literal host-unreachable https ident imap4 information-reply information-request irc isakmp kerberos klogin kshell ldap ldaps lpd login lotusnotes mask-reply mask-request mobile-ip mobile-redirect nameserver netbios-dgm net-redirect net-tos-redirect net-tos-unreachable network-unknown nntp netbios-ns netbios-ssn netreachable no-room-for-option ntp option-missing packet-too-big pcanywhere-data parameter-problem

Value 81 62 113 63 116 117 194 500 64 543 544 65 66 515 513 67 118 117 434 121 42 138 98 100 88 86 119 137 68 80 112 123 111 84 69 109

Description

Ident authentication service

Internet Relay Chat protocol ISAKMP KLOGIN Korn Shell

Line Printer Daemonprinter spooler Remote login

Mobile IP-Agent Host Name Server NETBIOS Datagram Service

Network News Transfer Protocol NETBIOS Name Service Network Basic Input Output System

Network Time Protocol

Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference OL-6513-01

B-3

Appendix B Specifying Port Values

Acronyms and Abbreviations

Table B-1

Port Values and Literal Names (continued)

Literal pcanywhere-status pim-auto-rp pop2 pop3 port-unreachable pptp precedence-unreachable protocol-unreachable radius

Value 73 496 109 110 83 70 95 82 74, 1645, 1646 75 108 97 104 105 520 71 76 58 59 25 161 162 85 96 1521 72 111 514 49 517 23 69

Description Protocol Independent Multicast, reverse path flooding, dense mode Post Office ProtocolVersion 2 Post Office ProtocolVersion 3 Port cannot be found Point-to-Point Tunneling Protocol. RFC 2637 describes the PPTP protocol Precedence cannot be found Protocol cannot be found Remote Authentication Dial-In User Service

radius-acct reassembly-timeout redirect router-advertisement router-solicitation rip rpc secureid-udp sip skinny smtp snmp snmptrap source-route-failed source-quench sqlnet ssh sunrpc syslog tacacs talk telnet tftp

Remote Authentication Dial-In User Service Specifies the timeout for reassembly Redirect Router sends advertisement Queries the router Routing Information Protocol Remote Procedure Call Specifies UDP secure ID Session Initiation Protocol Simple (Skinny) Client Control Protocol Simple Mail Transport Protocol Simple Network Management Protocol Simple Network Management ProtocolTrap Route inactive Remove sourcing Structured Query Language Network Secure shell Sun RPC (Remote Procedure Call) System Log TACACS+ (Terminal Access Controller Access Control System Plus) Talk RFC 854 Telnet Trivial File Transfer Protocol

Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference

B-4

OL-6513-01

Appendix B

Acronyms and Abbreviations Specifying Protocol Values

Table B-1

Port Values and Literal Names (continued)

Literal time time-exceeded timestamp-reply timestamp-request traceroute ttl-exceeded unreachable uucp who whois www xdmcp

Value 37 106 114 113 119 107 79 540 513 43 80 177

Description Time Time exceeded Returns the time stamp Requests a time stamp Specifies trace routing TTL is exceeded Connection refused or inactive UNIX-to-UNIX Copy Program Who Who Is World Wide Web X Display Manager Control Protocol, used to communicate between X terminals and workstations running UNIX

Specifying Protocol Values

You can specify protocols by numeric and literal values. Possible literal values are ahp, eigrp, esp, gre, icmp, igmp, igrp, ip, ipinip, ipsec, nos, ospf, pcp, snp, tcp, and udp. You can view protocol numbers at this URL: http://www.iana.org/assignments/port-numbers

Note

Many routing protocols use multicast packets to transmit their data. If you send routing protocols across the FWSM, configure the surrounding routers with the Cisco IOS software neighbor command. If routes on an unprotected interface are corrupted, the routes that are transmitted to the protected side of the firewall will corrupt routers there. Table B-2 lists the numeric values and literal names for the protocols.
Table B-2 Protocol Numeric and Literal Values

Literal ah eigrp esp gre icmp igmp igrp ip

Value 51 88 50 47 1 2 9 0

Description Authentication Header for IPv6, RFC 1826 Enhanced Interior Gateway Routing Protocol Encapsulated Security Payload for IPv6, RFC 1827 General Routing Encapsulation Internet Control Message Protocol, RFC 792 Internet Group Management Protocol, RFC 1112 Interior Gateway Routing Protocol Internet Protocol

Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference OL-6513-01

B-5

Appendix B Specifying Protocol Values

Acronyms and Abbreviations

Table B-2

Protocol Numeric and Literal Values (continued)

Literal ipinip nos ospf pcp snp tcp udp

Value 4 94 89 108 109 6 17

Description IP-in-IP encapsulation Network Operating System (Novells NetWare) Open Shortest Path First routing protocol, RFC 1247 Payload Compression Protocol Sitara Networks Protocol Transmission Control Protocol, RFC 793 User Datagram Protocol, RFC 768

Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference

B-6

OL-6513-01