Cisco APIC-EM Appliance Port Reference

Cisco APIC-EM Ports Reference

The following tables list the Cisco APIC-EM ports that permit incoming traffic, as well as the Cisco APIC-EM ports that are used for outgoing traffic. You should ensure that these ports on the controller are open for both incoming and outgoing traffic flows.


Note


Ensure that proper protections exist in your network for accessing ports 22 and 14141. For example, you can configure a proxy gateway or secure subnets to access these ports.


Table 1 Cisco APIC-EM Incoming Traffic Port Reference

Port Number

Permitted Traffic

Protocol (TCP or UDP)

22

SSH

TCP

67

bootps

UDP

80

HTTP

TCP

123

NTP

UDP

162

SNMP

UDP

443

1

HTTPS

TCP

500

ISAKMP

In order for deploying multiple hosts across firewalls in certain deployments, the IPSec ISAKMP (Internet Security Association and Key Management Protocol) UDP port 500 has to be allowed to be traversed.

UDP

14141

Grapevine APIs

TCP

16026

SCEP

TCP

1 You can configure the TLS version for this port using the Cisco APIC-EM. For more information, see the Cisco APIC-EM Deployment Guide.
Table 2 Cisco APIC-EM Outgoing Traffic Port Reference

Port Number

Permitted Traffic

Protocol (TCP or UDP)

22

SSH (to the network devices)

TCP

23

Telnet (to the network devices)

TCP

53

DNS

UDP

80

Port 80 may be used for an outgoing proxy configuration.

Additionally, other common ports such as 8080 may also be used when a proxy is being configured by the Cisco APIC-EM configuration wizard (if a proxy is already in use for your network).

Note   

To access Cisco supported certificates and trust pools, you can configure your network to allow for outgoing IP traffic from the controller to Cisco addresses at the following URL:

http:/​/​www.cisco.com/​security/​pki/​

TCP

123

NTP

UDP

161

SNMP agent

UDP

443

2

HTTPS

TCP

500

ISAKMP

In order for deploying multiple hosts across firewalls in certain deployments, the IPSec ISAKMP ( (Internet Security Association and Key Management Protocol) UDP port 500 has to be allowed to be traversed.

UDP

2 You can configure the TLS version for this port using the Cisco APIC-EM. For more information, see the Cisco APIC-EM Deployment Guide.