[cisco-voip] RTP ports used by phones

Ed Leatherman ealeatherman at gmail.com
Tue Jan 19 16:18:05 EST 2016 

Thanks Anthony,

I should have looked in the SRND - I was googling around for port
utilization. Your explanation sounds plausible, it is a SCCP phone and I've
never seen any other port numbers pop up like that.

In this case the ACL is actually just running on a 4500X, no real firewall
in play to do inspection.. so i'll probably just revise and get it queued
up to push out to all the devices that run that acl. Thanks!



On Tue, Jan 19, 2016 at 4:08 PM, Anthony Holloway <
avholloway+cisco-voip at gmail.com> wrote:

> Is this a SCCP or SIP phone?  I wouldn't worry too much about where you
> saw "IPVMS", it's likely specific to the context of the chapter/section.
> I.g., Table 6 in Port Usage Guide is only for Phone to CUCM communication
>
> *For SCCP Phones, From the SRND*
>
> *SCCP endpoints use a non-configurable hard-coded range of 16384 to 32767
> for voice-only calls*
>
> *For SIP Phones, From the CUCM Administration Guide*
>
> *SIP Profile*
> *Start Media Port = This field designates the start real-time protocol
> (RTP) port for media. Media port ranges from 2048 to 65535. Default
> specifies 16384.*
> *Stop Media Port = This field designates the stop real-time protocol (RTP)
> port for media. Media port ranges from 2048 to 65535. Default specifies
> 32766. *
>
> *For Gateways, From Port Usage Guide*
>
> *Gateway to Unified Communications Manager 16384 - 32767 / UDP*
>
> First recommendation, is to use deep packet inspection and let the UDP
> ports be opened by the firewall dynamically.  This works with MGCP, H323,
> SIP and SCCP.
>
>
> http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/inspect_voicevideo.html
>
> Second recommendation, is to use SIP signaling so you can control the RTP
> port range so that it always matches your configured ACLs exactly.
>
> And in closing, I think there is probably some confusion around what the
> exact upper bound is: 32766 or 32768, and you probably found a phone model
> firmware that thought 32768 was the upper bound.  I personally, have always
> gone with 32766 as being the upper bound, but then again, I've never
> created an ACL for this range either, so it hasn't presented itself as a
> problem thus far.
>
> On Tue, Jan 19, 2016 at 10:46 AM, Ed Leatherman <ealeatherman at gmail.com>
> wrote:
>
>> I've notice this a few times bouncing on ACL, thought it was worth asking
>> about.
>>
>> I see in numerous documentation that CUCM uses 16384 - 32767 for RTP -
>> the documents specifically say IP Phone to IPVMS.
>>
>> I observed an 8945 Cisco phone listening on 32768 and 32769 (assuming RTP
>> and associated RTCP) due to access list not permitting it. Is there a doc
>> somewhere that shows different/expanded range of ports that Cisco phones
>> will use?
>>
>>
>>
>> --
>> Ed Leatherman
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>


-- 
Ed Leatherman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160119/53699368/attachment.html>

More information about the cisco-voip mailing list