Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Gold

ports for ACS

What ports are need to be open for ACS remote managemet , default port 2002 its clear, but communication than move to 3857 so any others???... Is there any list of required ports????

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: ports for ACS

The way in which the Web server manages web sessions is using specific ports. By default this is random, which as you have observed creates an issue with firewalls.

You can restrict the range of ports used for sessions via

Administration Control -> Access Policy

Then down the bottom is a section called HTTP Configuration

Here you can configure the ports that can be used for administration sessions.

So 2002 is always used for the initial login, and then once sucesfull the admin will be placed on to one of these ports.

Only one admin per port, so only opening 2 ports means that only 2 admins can have concurrent access.

Once you have determined how many admins you want to have concurrent access, select an appropriate port range and open this up in your firewall as well.

2 REPLIES
New Member

Re: ports for ACS

The way in which the Web server manages web sessions is using specific ports. By default this is random, which as you have observed creates an issue with firewalls.

You can restrict the range of ports used for sessions via

Administration Control -> Access Policy

Then down the bottom is a section called HTTP Configuration

Here you can configure the ports that can be used for administration sessions.

So 2002 is always used for the initial login, and then once sucesfull the admin will be placed on to one of these ports.

Only one admin per port, so only opening 2 ports means that only 2 admins can have concurrent access.

Once you have determined how many admins you want to have concurrent access, select an appropriate port range and open this up in your firewall as well.

Re: ports for ACS

Hello,

Here is a list with different UDP and TCP ports used by the ACS:

Cisco Secure ACS Ports Usage

Service name - UDP Port

Dynamic Host Configuration Protocol (DHCP) - 68

RADIUS authentication and authorization (original draft RFC) - 1645

RADIUS accounting (original draft RFC) - 1646

RADIUS authentication and authorization (revised RFC) - 1812

RADIUS accounting (original draft RFC) - 1813

Service name - TCP Port

TACACS+ AAA - 49

Replication and RDBM synchronization - 2000

ACS remote logging - 2001

HTTP administrative access (at login) - 2002

ACS distributed logging (appliance only) - 2003

Administrative access (after login)

port range Configurable (default 1024-65535) ACS assigns unique port number from the range to each administration session

Hope this helps! Please rate all posts.

Regards, Martin

878
Views
3
Helpful
2
Replies
CreatePlease login to create content