Está en la página 1de 38

1/38

Sheet:Introduction

Introduction
This document describes the IP flows involved in the OmniPCX Enterprise (OXE) solution for medium and large enterprises. Its aims is to allow a network
administrator to precisely configure its firewall devices to open the minimal amount of ports required to have a working OXE installation in its specific
deployment.

Every ingress and egress IP flows of each device of the OXE solution is described in a separate table. For each flow, source and destination ports are
mentioned along with the category of the flow: whether it is for user (voice) transport, signalling, management or support. This enables network
administrators to for example block at their firewalls all IP flows related to the activity of support, enabling them through on demand of a technician only.
Document organization

A first group of tab explains the notions and notations introduced later in the document. Those tabs are: Glossary, Headres, Services, Planes, Port Ranges.
The second group of tabs list the actual ingress and egress IP flows for the various network elements comprising the OXE solution. The elements are
grouped together into a reduced number of tabs: CS for the Call Server, MG for all types of media gateways, UA phones for all kinds of UA phone whether
hard phones (IP Phone and IP touch) or soft, OTUC, OTCC.
This document has been updated for OXE R7.1
Differences with the previous edition are marked in column 1

Synthesis of IP flows in OmniPCX Enterprise solution

2/38

Sheet:Glossary

Glossary
Only terms and acronyms used in a way different than standard or specific to the OXE solution are listed here.
Some terms actually represent functions found on one or the other element of the OXE solution. In that case the third column specifies where this
function is located.
Term

Meaning
4760
OmniVista console for the configuration, maintenance, accounting, and handling of
alarms of one or more OXE systems. OmniVista consists of 4760 clients connecting to
a 4760 server. The 4760 server in turn controls the OXE CS.
4059
Operator station on Windows PC
4635
Voice mail on A4400 hardware
4645
Voice mail on Alize hardware
4760i
E-config: light version of OmniVista Application
Alcatel Audio Station: a Windows application to record voice guides for the automated
AAS
attendant or voice mail system later transfered to the PBX.
ACAPI
Alcatel Configuration API: an API offered on Windows systems to enable applications
to remotely configure the OXE.
ACD
Advanced Call Distribution
AHL
Alcatel Hospitality Link to interface OXE with applications specifics to the
Hotel/Hospital business.
ATAPI
Alcatel Telephony API
Audiocode
Analog fax interface over IP, using the H.323 protocol suite.
Configurable value giving the lower bound of the range of port used on the LAN to
BASE_PORT
carry voice conversations. The range width is 256 ports.
Contact Center Distribution: calls distribution to agents or other resources
CCD
CMIP
Common Management Information Protocol
CMIS
Common Management Information System
CS
Communication Server
CSTA
Computer Supported Telephony Applications
Assigns IP addresses on a subnet + gives other subnet configuration information and
DHCP server
TFTP server address
MediaGateway applicative
GA
GD
MediaGateway driver
High Speed Link used between a GD and additionnal Aliz chassis.
HSL
INTerconnecting on IP network: Internode or H323 gateway and IP devices
INTIP-A
INTIP-B
INTerconnecting on IP network :only IP devices
IP link
Alcatel proprietary protocol used to control a Media Gateway. Also called UA when
targeting a phone set (IP phone or IP touch).
Synthesis of IP flows in OmniPCX Enterprise solution

Function usually assumed by

Some WindowsPC

BP = 32000 for OXE <= R5.0Lx


BP = 32512 for OXE >= R5.1

The Call Server

3/38
Term
IP phone
IP touch
IPP
LDAP server
LIOE
MAO
MG
MIB browser

Meaning
V1 (4098RE), V1S (4098FRE), V2 (embedded box) models
Also called NOE phone. IP phone sets have references: 4018, 4028, 4038, 4068
Abreviation for IP phone
Any LDAP server containing Phonebook information.
Link Optimizer board Ethernet: Inter-nodal and H.323 gateway
OXE central configuration database.
Media Gateway.
SNMP manager collecting information from the various network elements using the
SNMP protocol to browse the elements' internal databases (MIBs).

MIPT
MOXA box
MSM

Mobile IP Telephony handset


V24 port extension device
Server Security Module used to encrypt/decrypt the voice and fax flows. This module
is used in front of the Call Server (potentialy with embedded 4645).
Network Management Department (for example they produce the 4760).
Abreviation for IP touch & NOE IP.
Also called IPTouch: 4018, 4028, 4038, 4068 models
NTP is a standard (IETF) peer to peer protocol used to maintain a consistent view of
time amongst a set of cooperating systems.
OmniAccess Wireless LAN switch
Open Telephony Server: a server enabling feature-rich communication-oriented
applications to be developped around the OXE solution.
OmniTouch Unified Communication.
The workstations used by the various system administrators to configure, collect
statistics or billling information.
The PC used by the Business Partner technician or a system administrator to pursue
an investigation in the various systems constituting the installation.
Presentation Server. Runs 3d party applications displaying on the various NOE phone
sets.
Remote Authentication Dial-In User Service

NMD
NOE
NOE IP
NTP server
OAW
OTS
OTUC
PC admin
PC support
PRS
RADIUS
rGD
STAP
SSM
SVP

Sheet:Glossary
Function usually assumed by

GD, GA, INT_IP A or B.


Customer's network supervision
application (e.g. HP OpenView, IBM's
Tivoli)

The Call Server

A Windows PC

An administrator PC or workstation
A Windows PC

An authentication server provided by


the customer.

Remote GD over an HSL link (not over IP)


Simple Telephony Application Protocol
Server Security Module used to encrypt/decrypt the voice and fax flows. This module
is used in front of the Call Server (potentialy with embedded 4645).
SVP server
Spectralink Voice Protocol

Synthesis of IP flows in OmniPCX Enterprise solution

4/38
Term
Syslog

TFTP server
Trap supervisor

Trusted router

Meaning
A Linux framework enabling application to add entries to an event journal with
indication of the emitting facility indication, severity level, system name, date and time,
and free format text. The framework offers a rich dispatch mechanism, even allowing
records to be offloaded to a remote system.
Download boot image voice guides, phone configuration information, binaries
download (VoIP boards/setc), etc
System receiving the various events sent by all the network elements connected to the
customer's network.

UA phone set

Customer's router from which IP routing information (through RIP protocol) is


received.
Only the IP devices are considered here.
Universal Alcatel: proprietary signaling protocol. Also called IPlink when targeting a
media-gateway.
Any of the hardware or software phone set that supports the UA signaling protocol.

UPS

Uninterruptible Poser Supply

TSCLIOE
UA

Synthesis of IP flows in OmniPCX Enterprise solution

Sheet:Glossary
Function usually assumed by
The Call Server

The Call Server


Customer's network supervision
application (e.g. HP OpenView, IBM's
Tivoli)

IP phone, IP touch, Softphone

5/38

Sheet:Headers

Column headers
The meaning of the various column headers used in the product tabs (CS, 4645, UA phones, ...) is given here.
Not all headers are present in every tab.
Header name

Purpose
Plane
Protocol
Initiator

Source port

Responder
Service port

Condition of activation
Admission control
OXE version
OTUC version

Parent process (on CS)


Process image (on CS)
Authentication

Meaning

Function fulfilled by this flow.


Function group to which belongs this flow.
Layer 7 protocol carried by this flow.
System emitting the first packet. This is important for
connection tracking security functions like firewall or
NAT.
Port number or range or port from which this first
packet is emitted, if applicable.
Note that some protocols (e.g. TFTP) switch after
connection to a different port, this is specified in the
corresponding RFP.
The system toward which the packets are sent.
The specific port on the Responding system listening
to the incoming connection requests.
For some specific protocols not used in the LEV
solution this can be a range of port (e.g. Sun RPC).
Certain conditions are sometime required for this flow
to appear on a LAN.
Access to some services are subject to possession of
the proper credential.
Some flow have disappeared (< or <=) during the OXE
or OTUC product lifetime, or some new flows have
been introduced (> or >=) since the given version.
Information useful for R&D
Information useful for R&D
Tells whether some form of authentication is
performed on the requesting end-user and if this
authentication is carried over the wire to the server
(responder).

Synthesis of IP flows in OmniPCX Enterprise solution

Example

File transfert for what purpose.


User plane, control plane.
Telnet, HTTP.
CS, OTUC server

427/tcp, Dyn_Voice/udp

NOE, GD
23/tcp, 12345/udp

Licence XX purchased, presence of server YY


IP address, certificate
<R5.1.1, >=R6.2

login/password, cookie

For more
information see
tab
Services
Planes
Services

Port ranges

6/38
Header name

Confidentiality
Integrity

Notes

Meaning

Example

Tells whether confidentiality of the information


Partial or total encryption, challenge/response
crossing the network is preserved.
Tells whether integrity of the information sent over the CRC32, MD5, SHA1
wire is controlled against accidental or malicious
tampering.
Additional information deemed relevant.

Synthesis of IP flows in OmniPCX Enterprise solution

Sheet:Headers
For more
information see
tab

7/38

Sheet:Services

Services
Important:

The list below includes all IP services known to be used by Alcatel past and future products.
In no way this list implies that those ports shall be opened for the CSBU solution to deliver its expected service.
Name

Port

Standard

N/A

RFC 777

FTP data

20/tcp

RFC 959

FTP control
SSH

21/tcp
22/tcp

RFC 959
pending RFC
(WG=secsh)

telnet

23/tcp

RFC 854

SMTP
Domain Name Server (DNS)
Bootps/DHCP Client

25/tcp
53/udp
67/udp

RFC 2821
RFC 1034
RFC 2131

Bootpc/DHCP Server
TFTP

68/udp
69/udp

RFC 2131
RFC 1350

HTTP

80/tcp

ICMP

NTP
IMAP
SNMP trap

123/udp
143/tcp
162/udp

RFC 1945,
2068, 2616
RFC 1305
RFC 3501
RFC 1157

LDAP
HTTPS
shell
syslog
RIP
moxatty

389/tcp
443/tcp
514/tcp
514/udp
520/udp
1028/udp

RFC 2251
RFC 2818
RFC 1282
RFC 3164
RFC 2453
prop. NAOS

Synthesis of IP flows in OmniPCX Enterprise solution

Condition of
version?

Description
Only ping function is used by the voice applications: IPMP echo request and ICMP
echo reply. The IP stack may use other ICMP services as well (example: path MTU
discovery).
Only data is sent or received through this port. In FTP active mode the FTP server
opens the data connection towards the FTP client using this as the source port. In
passive mode the FTP client opens the FTP data connection towards the FTP
server using this port as the service port.
FTP standard service port. Used by client to establish the control connection.
Provides a robust, proven and extensible solution for secure connections

Used for remote connection for maintenance purpose and for management tool
(4760)
Alarms towards 4760 (no listening on)
Only used by SIP devices in case of spatial redundancy
Dynamic IP address management request to PC installer for CPU installation (no
listening on)
DHCP server for IP-Phones, GD, GA, INT-IP B boards, PCs,.
TFTP server used for binaries downloading for IP-Phones, GD, GA, INT-IP B
boards; for voice guides downloading to GD, GA boards
Browser for 4760i
Synchronization of Ccview clients (ACD V2) and Call Server
Internet Message Access Protocol
Call Server incidents (SNMP traps) notification to a Network Management Platform
LDAP client access in case of phonebook overflow
Secured Web Server by SSL protocol
Remote Shell for command execution
>=R6.2
Routing Information Protocol
Nport product from MOXA company to have multiple V24 accesses

8/38
Name

Port

Standard

H.323 Gateway discovery


H.323 Gateway stats and RAS
H.323 RAS signalling
H.323 H.225 signalling
RADIUS
H.323 H.245 signalling (Alcatel)
H.323 Registration Authentication
and Signalling (RAS)

1718/udp
1719/udp
1720/udp
1720/tcp
1812/udp
1961/tcp
9090/tcp

ITU-T H.323
ITU-T H.323
ITU-T H.323
ITU-T H.323
RFC 2865
prop. ALA
ITU-T H.323

2048/udp
10000/udp
dynamic port
2533/tcp

prop. ALA
prop. ALA

Receive incidents from IPT Security box (SSM)


Sending of start_srtp to IPT Security box (SSM)

prop. ALA

Network access for Alcatel configuration applications based on ACAPI v1.x (CMISD,
ABC-A and TSE applications) and sending of Accounting tickets over IP
PAD X.25

BTlink
BTlink
netaccess

pad (packet
assembly/disassembly)
cmisd
saverest

2534/tcp

ITU-T X.29

2535/tcp
2536/tcp

ITU-T CMIP?
prop. ALA

acd

2538/tcp

prop. ALA

builddistant
loaddistant
auditres1
auditres2
acdccs
acdpcag
suprout
alb
rtest
rcsta

2539/tcp
2540/tcp
2541/tcp
2542/tcp
2543/tcp
2544/tcp
2545/tcp
2546/tcp
2554/tcp
2555/tcp

prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA

STAP, hybrid-vpn
notif-gsm
redundancy

2556/udp
2557/udp
2558/tcp

prop. ALA
prop. ALA
prop. ALA

Synthesis of IP flows in OmniPCX Enterprise solution

Condition of
version?

Sheet:Services
Description

H.323 Internal Gatekeeper

>=R7.0
H.323 Internal Gatekeeper. Closed by default after F1.602.3m
H.323 Internal Gatekeeper

Cmis server for Call Server configuration


Used by network management application 4740 for save/restore operations
(obsolete).
ACDV2 applications (CCM, CCS, ASM). This port gives access to many different
services at the same time: Advanced Call Distribution protocol, telnet protocol (for
support only).
Audit/Broadcast between Call Servers
Audit/Broadcast between Call Servers
Audit/Broadcast: reserved for future use
Audit/Broadcast: reserved for future use
ACD terminal server
ACD PC agent
Suproutage: supervision X25
ACD Agent List Builder
Remote testing
ASN-1 CSTA access server. This port gives access to many different services at the
same time: CSTA protocol, telnet protocol (for support only), HTTP protocol (for
configuration).
ABC-F signalling over IP for IP hybrid links
GSM notification server (obsolete)
Call Server duplication over Ethernet

9/38
Name

Port

Standard

rsl
rlis
ahltcp
dhcdupli
dhcdupli_m
dhcdupli_s
servobs
servobs_c
dhcdupli_c
tftpd_dow
netadmin

2559/udp
2560/tcp
2561/tcp
2562/tcp
2563/udp
2564/udp
2565/tcp
2566/tcp
2567/udp
2568/udp
2569/tcp

prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
?
prop. ALA

prslink
nut

2570/udp
3305/udp
3305/tcp
3493/udp
3493/tcp
3595/tcp

prop. ALA
prop. NUT

>=R6.0
<R6.2

RSL socket port


lis server for SOSM
AHL link over IP for Hotel/Hospital with external management
DHCP duplication over Ethernet in case of Call Server duplication
DHCP duplication on main Call Server in case of Call Server duplication
DHCP duplication on standbye Call Server in case of Call Server duplication
Server for service observation
Client for service observation
DHCP dupli command
Use has been related TFTP download (obsolete).
Network configuration daemon. This port is used locally to the system the daemon is
running on. Not accessible from the LAN.
DLink between Prs and CS
UPS monitoring for OXE version before R6.2 (excluded)

prop. NUT

>=R6.2

UPS monitoring for OXE versions since R6.2 (inclusive)

RFC 3804
RFC 3501
prop. ALA
RFC 3261

Virtual domain IMAP

securid

4020/tcp
4021/tcp
4033/tcp
4560/udp
5060/udp
5060/tcp
5500/udp

prop. RSA

securidprop

5510/tcp

prop. RSA

sdlog

5520/tcp

prop. RSA

sdserv

5530/tcp

prop. RSA

nmccs
SIP gateway (Alcatel)

5540/tcp
6060/udp

prop. ALA
RFC 3261

incid2trap

12300/udp
13200/udp

Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
NMD supervision (4760i)
SIP gateway service port when the SIP proxy is active on CS (SIP gateway is
available on port 5060 when SIP proxy is not active).
Call Server incidents: resynchronization port for Network Management Platform

nut
ATAPI
VPIM
VIMAP
H.323 monitoring (Alcatel)
SIP proxy

Condition of
version?

Sheet:Services

prop. ALA

Synthesis of IP flows in OmniPCX Enterprise solution

Description

Alcatel Telephony API used by CTI applications to drive the Call Server for example
to dial outgoing phone calls.
Voice Profile for Internet Mail

Session Initiation Protocol proxy servier

<=R5.1
>=R5.1.1

10/38
Name
alzbootps
alzbootpc
RTP/RTCP

Port

Standard

23400/udp
23401/udp
3200032255/udp

RFC 2131
RFC 3550

Condition of
version?

UA

Dyn_Voice/udp
32128/udp

<R5.1

>=R5.1

prop. ALA

32640/udp
UA lite

32641/udp

<R5.1
>=R5.1

prop. ALA

Synthesis of IP flows in OmniPCX Enterprise solution

Description
Non standard ports used by OmniPCX Office (OXO) to implement the DHCP service

Dyn_Voice/udp
3251232767/udp

Sheet:Services

>=R6.2

Standard RTP protocol used to carry voice over IP. Ports from this range are used
by installations made while releases prior to R5.1 where current or by installations
having migrated from those older releases .
The range width is not configurable. The range base port number is configurable
through MAO.
Standard RTP protocol used to carry voice over IP. Ports from this range are used
by every new installations since R5.1.
The range width is not configurable. The range base port number is configurable
through MAO.
Alcatel proprietary signalling protocol, used on this port by installations having
migrated from releases older than R5.1
Alcatel proprietary signalling protocol, used on this port by every new installation
since R5.1
Only the START_RTP and START_FAX messages from the Alcatel proprietary
signalling protocol are sent in this protocol: i.e. no Dlink is maintained.

11/38

Planes
IP flows can be grouped by the broad purpose they fullfil. One possible grouping is into groups called 'planes'. One
group -or plane- is used to identify flows carrying data directly useful to the user (e.g. voice), another group carries for
example information required to establish the flows seen by the user (e.g. signalling).
The following 4 planes are identified in the OmniPCX for Enterprise solution:
Plane name
user

Plane description
This plane contains all the flows directly useful to the end user, other flows that may look like user
flaows whose content is like email exchanges or file transfert belong to the user plane only if
resulting directly from a user request.
Example of a flow belonging to this plane is: voice (RTP) flows for the OXE.
Example of a flow that do not belong to this plane but to the control plane is: email exchanges
between two voice mail systems to synchronize the states of the various user voice mailboxes.

control

management

support

all IP flows used to enable transport of information in the user plane belong to this plane. This is
phone signalling, but also the FTP data transfer when used to synchronize for instance the
configuration between 2 cooperating systems.
Flows in this plane are mandatory to go through a firewall unless condition of activation proves
that they are not used in a given deployment.
In this plane we find all flows used to manage the system, for example to configure, establish
statistics, perform user billing.
Flows between the Call Server and the 4760 server fall mostly into this plane.
All IP flows occuring in this plane are not needed for the day to day operation of the system (all
the 3 planes above are mandatory). Flows in this plane appear on a network for example during
maintenance operation (e.g. system software upgrade) or support operation (e.g. when
debugging voice quality problems).

Synthesis of IP flows in OmniPCX Enterprise solution

Sheet:Planes

12/38

Sheet:Port ranges

Dynamic Port Ranges


Whenever an client application opens a TCP connection to a server (or a pseudo connection over UDP) and doesn't explicitely binds it to a specific port number, the
Operating System dynamically allocates one TCP (or UDP) port within a certain range of numbers: this is the dynamic port range.
On a system more than one dynamic port ranges may coexist. The ports within those ranges are used differently: the dynamic port range is used for the client side of TCP and
UDP connection, another port range may be defined to group together ports used by RTP connections, and a third one may be used for H.245 connections.
Port range
usage

Port range
name
Dyn_CS

Dyn_MG

Network element Operating System


and
Release
OXE R5.OUx and
CS
before
(Chorus-based
operating system)
OXE R5.0Lx, R5.1,
R5.1.x
(old Linux based
operating system)
OXE >= R6.0
(Linux based
operating system)

Range lower Range upper


bound
bound
1024
ou
40000

4999
ou
44999

10000

20000

10000

10499

GD
GA
INT_IP boards

Linux

1024

4999

32512

32767

IPphone
IPtouch
SSM, MSM

?
VxWorks
?

2048
1024
?

65535
65535
?

VoWLAN solution

1024

65535

Dyn_Win

4760 server and


clients,
Contact center
servers

Microsoft Windows

1024

4999

Dyn_Lnx

Linux (OTUC
servers)
?
GD
INT_IP A

Linux RH 7.3

32768

60999

?
21000/tcp

?
21999/tcp

Client side of Dyn_INT_IP


TCP and UDP
connections
Dyn_IPP
Dyn_NOE
Dyn_xSM
Dyn_WLAN

Dyn_?
Dyn_H225_CLT

Synthesis of IP flows in OmniPCX Enterprise solution

Notes

Range depends on TFTP answering server: Chorus (1st range


or TEL (2nd range).
Not configurable.
See doc [3] for exact information. The range lower bound is
configurable above 3000. The range width is configurable not
smaller than 128. Any port value within the range shall be lower
than 32767.
Dyn_IPP/udp
Dyn_NOE/udp
Dyn_Win/udp

Used by INT_IP boards to download their binaries using TFTP.


Note: the values listed here are not related to the actual value of
BASE_PORT.

Used by the Security Modules used to encrypt/decrypt the


signaling, voice and fax flows in transit over the LAN.

Configurable through creation in the registry of the key


MaxUserPort (REG_DWORD) with a minimum value of 0x1388
(default = 5000) under the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\Tcpip\Parameters
Configurable through /proc/sys/net/ipv4/ip_local_port_range
Nothing is known about that range besides its existence.
H323 Outgoing call establishment signalisation H225 (Q931)

13/38
Port range
usage

H.323
connections

Port range
name

Network element Operating System


and
Release
Dyn_H245_CLT
GD
INT_IP A
Dyn_H245_SRV
GD
INT_IP A
Dyn_H245_GA
GA
Dyn_Voice

GD
GA
INT-IP A
INT-IP B
46x5

OXE <= R5.0Lx


OXE >= R5.1

Range lower Range upper


bound
bound
25000/tcp

25999/tcp

31000/tcp

31059/tcp

7918/tcp

7953/tcp

32000/udp
32512/udp

32255/udp
32767/udp

Sheet:Port ranges
Notes

H323 Media Channel establishment


signalization H245 (outgoing call)
H323 Media Channel establishment
signalization H245 (incoming call)
H323 GW: H323 signalling with H323
Gateways/Terminals or ABC-F links
This port range is only used over UDP/IP to transport voice
using RTP protocol (RFC 3550) and fax using the T.38 protocol.
Ports are grouped by 4 with a specific use for each port:
- port #0 is used for voice transport (RTP)
- port #1 is used for RTCP
- port #2 is not used
- port #3 is used for Fax.
The range lower bound is called BASE_PORT in the
documentation. Its value can be configured through MAO on the
CS at once for all the related network elements (Media
Gateways, IP phones, ...).
The range width is constant and contains 256 ports.

Voice
connections
Dyn_MS

Dyn_Audiocode

OTUC Media
Server

Audiocode

12000/udp

4000/udp

12079/udp

4072/udp

This range consists of 40 groups of sets of 2 consecutive ports.


This conforms to the RFC 3550 for RTP: ports are 2 used this
way:
- port #0 is used for voice (RTP)
- port #1 is used for voice quality control (RTCP)
System ports use a bundle of 10 UDP port allocated this way:
ch 0 : 4000 (RTP), 4001 (RTCP), 4002 (fax)
ch 1 : 4010 (RTP), 4011 (RTCP), 4012 (fax)
...
ch i : 4000+(i*10), 4000+(i*10)+1, 4000+(i*10)+2
i <= i < n where n = number of physical ports offered by the box.
Can be 2, 4 or 8.

Synthesis of IP flows in OmniPCX Enterprise solution

14/38

Sheet:CS

OXE CS, 4760, eConfig, ACAPI 2.x


Plane

Protocol

Client
Initiator

Source port

Server
Responder

Service Port

Router redirection command

control

ICMP

router

N/A

CS

N/A

Software downloading (rload)

support

FTP

CS

Dyn_CS/tcp

CS

21/tcp

Remote command execution

control

SHELL

CS

Dyn_CS/tcp

CS

514/tcp

Remote command execution

control

SSH

CS

Dyn_CS/tcp

CS

22/tcp

Dynamic IP configuration

control

DHCP

68/udp

CS

67/udp

Firmware and configuration download

control

TFTP

GD, GA
INT_IP B
IPP, NOE
VoWLAN
GD, GA
INT_IP A, B
IPP
NOE

Configure in
netadmin since
R5.1
If CS not in
securized
mode.
If CS not in
securized
mode.
If CS in
securized
mode.
Always on

Dyn_MG/udp
Dyn_INT_IP/udp
69/udp
Dyn_NOE/udp

CS

69/udp

Always on

TCP
wrappers

Web server

control

HTTP

4645

Dyn_?/tcp

CS

80/tcp

If CS not in
securized
mode.

none

control

HTTPS

4645

Dyn_?/tcp

CS

443/tcp

If CS in
securized
mode.

none

control

NTP

123/udp

2048

CS
NTP server
CCD
Trap supervisor

123/udp

SNMP

CS
NTP server
CCD
MIB browser

161/udp

SNMP

CS

1024

Trap supervisor

162/udp

?/udp

CS

12300/udp

>=R5.1.1

?/udp

CS

13200/udp

<=R5.1

SYSLOG

CS

Dyn_CS/udp

Syslog server

514/udp

RIP

CS
trusted router
CS

Dyn_CS/udp
Dyn_?/udp
Dyn_CS/udp

CS

520/udp

RADIUS server

1812/udp

Purpose

Time Synchronisation with ACDv2


clients
Network supervision console

managem
ent
managem
SNMP traps
ent
TEL incidents translated managem
into SNMP traps
ent
managem
ent
Syslog journaling system control

Routing Information Protocol

control

RADIUS (Remote Authentication Dial- managem


In User Service)
ent

RADIUS

Synthesis of IP flows in OmniPCX Enterprise solution

Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality

Configure in
netadmin

Notes
ICMP redirect

TCP
wrappers

password for
mtcl

Active FTP mode

TCP
wrappers
TCP
wrappers

>=R6.0

none

DHCP reply sent in unicast (not RFC


compliant)

Redirected to HTTPS port if CS is


secured.

>=R6.1

yes

Peer to peer relationship (nonpredictable transit direction of first


packet).
GET only is implemented. No SET
action possible.

community
string

Configure in
netadmin

>=R6.2
none

By
configuration

>=R7.0

no

System login authorization submitted


to remote authentication server.

15/38
Purpose

Plane

Protocol

Client
Initiator

Sheet:CS

Source port

Server
Responder

Service Port

managem
Network access server for
ent
applications (CMIS, accounting tickets
on the fly)
PBX configuration
control

AOML

Remote application
(ABC-A,TSE,OTS)

Dyn_?/tcp

CS

2533/tcp

CMIP

OTS

Dyn_?/tcp

CS

2535/tcp

Remote test

support

Rtest

Remote application

Dyn_?/tcp

CS

2554/tcp

Audit of CS configuration

control

Builddistant

CCD

Dyn_Win/tcp

CS

2539/tcp

control

Loaddistant

CCD

Dyn_Win/tcp

CS

2540/tcp

control

RSL

another CS

Dyn_CS/udp

CS

2559/udp

managem
ent
control

RLIS

Remote application

Dyn_?/tcp

CS

2560/tcp

prop. ALA

Remote application

Dyn_?/tcp

CS

2561/tcp

Routing over Sporadic links


SOSM
Hotel IP Link
Remote observer

Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality
none

in a network of PBXs

By
configuration
By
configuration
AHL link over IP for Hotel/Hospital with
external management

Remote application

2566/tcp

CS

2565/tcp

prop. ALA

Remote application

Dyn_?/udp

CS

9743/udp

control
control
control
control

NUT
NUT
NUT
NUT

UPS device
UPS device
UPS device
UPS device

Dyn_?/tcp
Dyn_?/udp
Dyn_?/tcp
Dyn_?/udp

CS
CS
CS
CS

3305/tcp
3305/udp
3493/tcp
3493/udp

Inter-node (inter CS) exchanges


Hybrid VPN

control

Dyn_CS/udp
Dyn_?/udp
Dyn_CS/tcp

2556/udp

control

CS
Softphone
CS

CS

Redundancy

STAP
hybrid-vpn
prop. ALA

CS

2558/tcp

dhcdupli

control

prop. ALA

CS

Dyn_CS/udp

CS

2562/udp

DHCP dupli master

control

prop. ALA

CS

Dyn_CS/udp

CS

2563/udp

DHCP dupli slave

control

prop. ALA

CS

Dyn_CS/udp

CS

2564/udp

DHCP dupli command

control

prop. ALA

CS

Dyn_CS/udp

CS

2567/udp

Proprietary signaling from CS


Remote dialin access (integrated
gateway modem)

control

UA

CS

BP+128/udp

GD

BP+130/udp

survivability
mode only

support

ASCII

CS

Dyn_CS/udp

GD

BP+130/udp

Activation in
MAO

control

UA

CS, INT_IP A

BP+128/udp

BP+128/udp

control

UA

CS, INT_IP A

BP+128/udp

GD
INT_IP B
IPP, NOE

Signaling link

Synthesis of IP flows in OmniPCX Enterprise solution

BP/udp

no

By
configuration

prop. ALA

Network Uninterruptible Power Supply

Configuration applications based on


ACAPI V1.x and tax tickets send over
IP use this port.
yes

managem
ent
support

DECT observation

Notes

<R6.2
<R6.2
>=R6.2
>=R6.2
no

no

This service is also used by


softphones and 4760 web clients

Only when CS
is duplicated.
Only when CS
is duplicated.
Only when CS
is duplicated.
Only when CS
is duplicated.
Only when CS
is duplicated.
A remote GD lost its signaling link to
CS and opened a PSTN connection to
its rescuing GD.
Remote maintenance access through
PSTN

16/38

Sheet:CS

Plane

Protocol

Client
Initiator

PAD X25 (packet


assembly/disassembly)

control

X.29

CS

Dyn_CS/tcp

CS

2534/tcp

X.25 route supervision

control

Suprout

CCD

Dyn_Win/tcp

CS

2545/tcp

Discovery

control

H225 RAS

GD, GA
INT_IP A
H323 end_point

CS

1718/udp

none

Registration, Admission and status

control

H225 RAS

GD, GA
INT_IP A
H323 end_point

CS

1719/udp

none

Call setup

control

H225 Q.931

GD, GA
INT_IP A
H323 end_point

CS

1720/udp

none

Registration, Admission and status

control

RAS

GD, GA
INT_IP A

Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
Dyn_MG/tcp
Dyn_MG/tcp
Dyn_MG/tcp

CS

9090/tcp

none

Domain Name Server

control

DNS

SIP end-point

Dyn_?

CS

53/udp

SIP proxy

control

SIP

SIP end-point

Dyn_?/tcp

CS

5060 (*)/tcp

Sip gateway

control
control

SIP
SIP

SIP end-point
SIP proxy

Dyn_?/udp
Dyn_?/tcp

CS
CS

5060 (*)/udp
6060 (*)/tcp

control

SIP

SIP proxy

Dyn_?/udp

CS

6060 (*)/udp

Purpose

Source port

Server
Responder

Service Port

Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality

Notes

X.25
If PBX belongs
to a X.25
network of
PBXs
Always on

CS could be the client here. To be


confirmed.

H.323 Internal Gatekeeper

SIP

Synthesis of IP flows in OmniPCX Enterprise solution

Configured in
MAO

When SIP
proxy is
activated

none

>=R6.1

<R7.0

<R6.0

Only used by SIP devices in case of


spatial redundancy
External SIP service port. Used since
R7.0 by SIP proxy when active.
External SIP service port
Internal SIP gateway service port used
by the SIP proxy.

17/38
Purpose

Sheet:CS

Plane

Protocol

Client
Initiator

Source port

Server
Responder

Service Port

control

SMTP

OTUC server

Dyn_?/tcp

4645

25/tcp

eVA configured

control

SMTP

?/tcp

4645

587/tcp

eVA configured

control

IMAP

143/tcp

eVA configured

IMAPS

Dyn_?/tcp
Dyn_CS/tcp
Dyn_?/tcp

4645

control

OTUC server
4645
OTUC server

4645

993/tcp

eVA configured
+ unknown
configuration

control

VIMAP

OTUC server

Dyn_?/tcp

4645

4033/tcp

eVA configured

control

HTTP

OTUC server

Dyn_?/tcp

4645

80/tcp

control

HTTPS

OTUC server

Dyn_?/tcp

4645

443/tcp

control

UA

CS

BP+128/udp

4645

BP+128/udp

If CS not in
securized mode
+ eVA
configured
If CS in
securized
mode + eVA
configured
eVA configured

control

UA

CS

BP+128/udp

4645

BP+132/udp

eVA configured

user

RTP/RTCP

4645

Dyn_Voice/udp

IPP, NOE
GD, GA
INT_IP A+B

BP+2,3/udp
eVA configured
Dyn_Voice/udp
Dyn_Voice/udp

user

RTP/RTCP

IPP, NOE
GD, GA
INT_IP A+B
4645

BP+2,3/udp
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_?/tcp

4645

Dyn_Voice/udp eVA configured

Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality

Notes

4645 (eVA)
Mail Transfer

IMAP server

Retrieve voice messages in mail


account and commands for UC
Web server

Signalling (abca)

Voice channel

VPIM

control

Synthesis of IP flows in OmniPCX Enterprise solution

4645

4020 (*)/tcp
4021 (*)/tcp

eVA configured

OTUC myMessaging
?

idem

OTUC myMessaging

>=R6.1

yes

OTUC myMessaging

When the 4645 function reside on a


separate CPU than the
Communication Server
When the 4645 function reside on the
same CPU as the Communication
Server
Source and destination addresses are
never modified whether encrypted or
not.
This flow is always cleartext out of the
4645, possibly encrypted through SSM
(if 4645 is on CS or with CS) or MSM
(if protected by a separate security
module) and continues encrypted to
destination.
Direction of first packet cannot be
predetermined: both directions shall
be enabled
Between 4645 members of same
group of Voice mail systems.

18/38
Purpose

Plane

Protocol

Client
Initiator

Sheet:CS

Source port

Server
Responder

Service Port

Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality

Notes

Contact Center solutions


ACDv2 for Contact Center
applications: CCM, CCS, ASM
ACDCCS (supervisor)

control

ACD

CCD

Dyn_Win/tcp

CS

2538/tcp

Always on

control

ACDCCS

CCD

Dyn_Win/tcp

CS

2543/tcp

Always on

ACD PC agent
ACD Agent List Builder
Remote CSTA

control
control
control

ACDpcag
Alb
Rcsta

CCD
CCD
CCD
OTS

Dyn_Win/tcp
Dyn_Win/tcp
Dyn_?

CS
CS
CS

2544/tcp
2546/tcp
2555/tcp

Always on

Voice
encryption
Voice
encryption

Needed only with Contact Center


applications

password

IP Touch Security box (SSM/MSM) for signaling and voice encryption


Firmware and configuration download

control

TFTP

SSM, MSM

Dyn_xSM/udp

CS

69/udp

Signaling link to SSM (Server voice


encryption box)

control

BTlink

CS

Dyn_CS/tcp

SSM

11000 (*)/tcp

Key exchange

control

CS

2048 (*)/udp

SSM

2049 (*)/udp

Alarms sent from SSM and MSM to


CS
Start/stop Voice for SSM

control

SSM, MSM

2048 (*)/udp

CS

2048 (*)/udp

control

UA lite

CS

Dyn_CS/udp

SSM

2049 (*)/udp

Start/stop Fax for SSM

control

UA lite

CS

Dyn_CS/udp

SSM

2050 (*)/udp

Remote connection

support

TELNET

CS

Dyn_CS/tcp

SSM

23/tcp

control

Saverest

PC admin

Dyn_Win/tcp

CS

2536/tcp

Voice
encryption
Voice
encryption
Voice
encryption
Voice
encryption
Voice
encryption

TCP
wrappers

>=R6.2
>=R6.2

Most of the time the dynamic port


allocated on CS has value 10000 (first
port in dynamic range).

>=R6.2

>=R6.2

First packet is MSM or SSM telling it is


up and running.
Reception of START_SRTP messages

>=R6.2

Reception of START_FAX messages

>=R6.2

SSM accepts a single console


connection with priority of V.24 over
telnet connection.

>=R6.2

Only from CS

4740 Management Application


Save and Restore

Synthesis of IP flows in OmniPCX Enterprise solution

4740 only

Was used with 4740 management


application. Not used otherwise.

19/38
Source port

Service Port

4760 server

N/A

CS

N/A

FTP

4760 server

Dyn_Win/tcp

CS

21/tcp

If CS not in
securized
mode.

TCP
wrappers

TELNET

4760 server

Dyn_Win/tcp

CS

23/tcp

TCP
wrappers

SSH

4760 server

Dyn_Win/tcp

CS

22/tcp

If CS not in
securized
mode.
If CS in
securized
mode.

Alarm mails managem


ent
Web directory managem
ent

SMTP

4760 server

Dyn_Win/tcp

Mail server

25/tcp

no

HTTP

Web browser

Dyn_?/tcp

4760 server

80 (*)/tcp

no

Network supervision console managem


ent
SNMP traps managem
ent
LDAP server replication managem
ent

SNMP

MIB browser

Dyn_?/udp

4760 server

161/udp

SNMP

4760 server

162/udp

Trap supervisor

162/udp

LDAP

LDAP replication

Dyn_Win/tcp

4760 server

389/tcp

if IPSEC not
configured

LDAP

CS

Dyn_CS/tcp

4760 server

389/tcp

Configure
LDAP overflow
server in MAO

anonymous
access

CMIP

4760 server

Dyn_Win/tcp

CS

2535/tcp

yes

STAP

4760 server

Dyn_Win/udp

CS

2556/udp

if IPSEC not
configured
if IPSEC not
configured

Plane

Protocol

ICMP

Sheet:CS

Server
Responder

Purpose

Client
Initiator

Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality

Notes

4760 Network Management server


Test of CS presence (ping) managem
ent

File transfert : MIB, accounting managem


ent
information, past time performance,
QoS tickets, software.mao, software
downloading, backup
Remote connection managem
ent
Remote maintenance + managem
File transfert : MIB, accounting
ent
information, past time performance,
QoS tickets, software.mao, software
downloading, backup

PBX phonebook overflow

control

PBX configuration managem


ent
Directory call by name managem
ent

Synthesis of IP flows in OmniPCX Enterprise solution

no

Echo request/reply done when 4760


initializes the connection to CS.
Critical to correct working of 4760.
Since 4760 >= R3.1 presence test is
done differently by attempting a TCP
connect either on FTP port (21/tcp) or
SSH port (22/tcp) if CS is securized.

login/pwd

no

passive FTP mode

login/pwd

no

password for
mtcl

yes

4760 <=
R3.1

TCP
wrappers

OXE>=6.0
4760>=4.0

Access to the phone directory from


any Web browser on any PC if
otherwise allowed.

no
IPsec shall be enabled only if LDAP
replication server do support IPsec.
Port can be configured in 4760 server

no
no

Issued upon request by a 4760 client


as if a callback was in progress

20/38
Protocol

Client
Initiator

CMISD server managem


ent

CMIP

LDAP administration server managem


ent
CMISD server managem
ent
Loader server managem
ent
LDAP PBX synchronization server managem
ent

Sheet:CS

Source port

Server
Responder

Service Port

4760 server

Dyn_Win/tcp

4760 server

30001/tcp

HTTP

4760 server

Dyn_Win/tcp

4760 server

30010 (*)/tcp

GIOP

4760 server

Dyn_Win/tcp

4760 server

30013 (*)/tcp

GIOP

4760 server

Dyn_Win/tcp

4760 server

30020 (*)/tcp

GIOP

4760 server

Dyn_Win/tcp

4760 server

30026 (*)/tcp

HTTP

4760 client

Dyn_Win/tcp

4760 server

80 (*)/tcp

Kerberos

4760 client

88/udp

4760 server

88/udp

if IPSEC
configured

LDAP

4760 client

Dyn_Win/tcp

4760 server

389/tcp

if IPSEC not
configured

IPsec key exchange managem


ent

IKE

4760 client

Dyn_Win/tcp

4760 server

500/udp

if IPSEC
configured

IPsec encrypted flows managem


ent
Sybase Anywhere database managem
ent
Access to various services: Alarms, managem
Extractor, License, Notification,
ent
SaveRestore, Scheduler, Security,
etc...

ESP

4760 client

N/A

4760 server

N/A

TDS

4760 client

Dyn_Win/tcp

4760 server

30011 (*)/tcp

GIOP

4760 client

Dyn_Win/tcp

4760 server

SSH

4760 client

Dyn_Win/tcp

4760 server

30012 (*)/tcp,
30014 (*)/tcp
30019 (*)/tcp,
30022 (*)/tcp
30025 (*)/tcp
30028 (*)/tcp

if IPSEC
configured
if IPSEC not
configured
if IPSEC not
configured

TELNET

4760 client

Dyn_Win/tcp

4760 server

GIOP

4760 server

Dyn_Win/tcp

4760 client

Purpose

Plane

Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality
IPsec

login/pwd

if IPSEC not
configured
if IPSEC not
configured
if IPSEC not
configured
if IPSEC not
configured

Notes
Not configurable (difference with other
4760 server service ports in the 300xx
range).

IPsec
IPsec
IPsec
IPsec

4760 Network Management Client


Web access managem
ent
Kerberos managem
ent

Replication avec server LDAP externe managem


ent

MindTerm (SSH client) on 4760 client

support

Telnet proxy managem


ent
Notification of CORBA events managem
ent

Synthesis of IP flows in OmniPCX Enterprise solution

30100 (*)/tcp
30149 (*)/tcp
30500 (*)/tcp
30509 (*)/tcp

if IPSEC not
configured
if IPSEC not
configured
if IPSEC not
configured

yes

yes

4760 >=
R3.0

anonymous
+
login/pwd

IPsec

4760 >=
R3.0

yes

yes

4760 >=
R3.0

yes

yes

login/pwd

IPsec

no

IPsec

IPsec and
SSH
IPsec
IPsec

IPsec uses Kerberos as its default


authentication mechanism. Another
mechanism can be defined by the
customer.
Note: Microsoft may use TCP as
transport even though not standard.
IPsec shall be enabled only if potential
clients do support IPsec.

IPsec is not configured by default.

21/38
Purpose

Plane

Protocol

Client
Initiator

FTP

Sheet:CS

Source port

Server
Responder

Service Port

4760i

Dyn_?

CS

21/tcp

TELNET

4760i

Dyn_?

CS

23/tcp

SSH

4760i

Dyn_?

CS

22/tcp

HTTP

4760i

Dyn_?/tcp

CS

80/tcp

HTTPS

4760i

Dyn_?/tcp

CS

443/tcp

GIOP

4760i

Dyn_?/tcp

CS

5540/tcp

Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality

Notes

4760i (eConfig)
File transfer: MAO data during managem
save/restore operations
ent
Remote connection managem
ent
Remote connection and file transfert managem
(MAO data during save/restore
ent
operations)
Applet download managem
ent

Applet download managem


ent
PBX configuration (NMCCS) managem
ent

If CS not in
securized
mode.
If CS not in
securized
mode.
If CS in
securized
mode.
If CS not in
securized
mode.

TCP
wrappers

password for
mtcl

TCP
wrappers

password for
mtcl

If CS in
securized
mode.

none

TCP
wrappers

>=R6.0

none

passive FTP mode

password for
mtcl
none

>=R6.1

Needed only the first time to download


the applet.
Redirected to HTTPS port if CS is
secured.
Needed only the first time to download
the applet.

none

yes

yes

no

CORBA access

password for
mtcl

no

passive FTP mode

login/pwd

yes

yes

no

ACAPI 2.x
File transfer: MIB

managem
ent

FTP

ACAPI 2.x

Dyn_Win/tcp

CS

21/tcp

File transferts : MIB

managem
ent

SSH

ACAPI 2.x

Dyn_Win/tcp

CS

22/tcp

PBX configuration

managem
ent

CMIP

ACAPI 2.x

Dyn_Win/tcp

CS

2535/tcp

Remote maintenance

support

TELNET

PC support

Dyn_?/tcp

CS

23/tcp

Maintenance access

support

SSH

PC support

Dyn_?/tcp

CS

22/tcp

Webtools

support

HTTP

PC support

Dyn_?/tcp

CS

80/tcp

Webtools

support

HTTPS

PC support

Dyn_?/tcp

CS

443/tcp

If CS not in
securized
mode.
If CS in
securized
mode.

TCP
wrappers
TCP
wrappers

>=R6.0

Support PC

(*)

Port number is configurable

Synthesis of IP flows in OmniPCX Enterprise solution

If CS not in
securized
mode.
If CS in
securized
mode.
If CS not in
securized
mode.
If CS in
securized
mode.

TCP
wrappers
TCP
wrappers

>=R6.0

none

none

Redirected to HTTPS port if CS is


secured.
>=R6.1

yes

yes

22/38

Sheet:MG

GD, GA, INT_IP A & B


Plane

Protocol

Client
Initiator

Source port

Router redirection command

control

ICMP

router

N/A

Autodiagnostic

support

ICMP

INT_IP A+B

N/A

Diagnosis of white
communications

support

ICMP

GD, GA

Network supervision console

manage
ment
control

SNMP
DHCP

control

TFTP

control

TFTP

Purpose

Dynamic IP configuration
GD configuration and software
upgrade (file download: binaries
(binmg)+config (lanpbx.cfg,
startmgd)+voice guides
UA phone sets initialization
downloads lanpbx.cfg, starttscip,
startnoe,

Synthesis of IP flows in OmniPCX Enterprise solution

Server
Responder

Service port

Condition
of
Activation

Admission
control?

Notes

GD, GA
INT_IP B
router
CS

N/A

ICMP redirect

N/A

ICMP echo request sent to


router and then CS when
signaling link to CS is lost to
determine where the link is
broken and issue incident to
help auto-diagnostic.

N/A

CS
GD,GA
INT_IP A+B

N/A

ICMP destination unreachable


emitted when packet received
on closed fastsocket. Emitting
GD/CS then logs an incident
helping diagnose broken
communications (white or
half).

MIB browser

Dyn_?/udp

GD, GA

161/udp

GD
INT_IP B
GD, GA
INT_IP A+B

68/udp

DHCP server

67/udp

Dyn_MG/udp
Dyn_INT_IP/udp

CS

69/udp

69/udp
Dyn_NOE/udp

GD

69/udp

Dyn_IPP/udp
Dyn_NOE/udp
Dyn_Win/udp

community
string
Request sent in broadcast (as
per RFC)

Survivability
mode only

GD while in survivability mode


will serve configuration files to
the UA phone sets.

23/38

Sheet:MG

Protocol

Client
Initiator

Source port

Server
Responder

Service port

CS controlling the MG control


MG controlling the GA control

UA
UA

CS, INT_IP A
GD

BP+128/udp
BP+128/udp

GD, INT_IP B
GA

BP+128/udp
BP+128/udp

Survivability against CS
connectivity loss
Rescuing side control

UA

CS

BP+128/udp

GD

BP+130/udp

Survivability
mode only

Trafic goes over the PSTN.


This port is only used on
rescuing GD (close to the CS)
= the one called through
PSTN by the GD to be
rescued.

Rescued side control

UA

GD
INT_IP A+B

BP+128/udp

IPP, NOE
Softphone

BP/udp

Survivability
mode only

Rescued side

Encryption support
Voice commands control

UA lite

BP+130/udp

MSM

2049 (*)/udp

Fax commands control

UA lite

GD, GA
INT_IP A+B
GD, GA
INT_IP A+B

BP+131/udp

MSM

2050 (*)/udp

Voice
encryption
Voice
encryption

Purpose

Plane

Condition
of
Activation

Admission
control?

Notes

Proprietary signaling

Synthesis of IP flows in OmniPCX Enterprise solution

24/38
Purpose

Plane

Client
Initiator

Protocol

Source port

Sheet:MG
Server
Responder

Service port

Condition
of
Activation
Iff a H.323
trunk is
declared
Iff a H.323
trunk is
declared
Iff a H.323
trunk is
declared

Admission
control?

Notes

H.323 Gateway (GW)


H.323 gatekeeper discovery (bcast control
or multicast to IP@ 224.0.1.41))

H.323 GK discovery (unicast) and control


GW RAS signaling

H323 RAS signaling control

H.323 RAS

Dyn_?/udp

GD, GA
INT_IP A

1718/udp

Dyn_?/udp

GD, GA
INT_IP A

1719/udp

Dyn_?/udp

INT_IP A

1720/udp

GD, GA
INT_IP A
H.323 extern gw
H.323 end_point
GD, GA
INT_IP A
H.323 extern gw
H.323 end_point
GD, GA
INT_IP A

Dyn_H225_CLT/tcp

GD, GA
INT_IP A
H.323 extern gw

1720/tcp

?/tcp

GD

Dyn_H225_CLT/tcp

Dyn_?/tcp

GD, GA
INT_IP A

1961/tcp

Dyn_H245_CLT/tcp
Dyn_?/tcp
Dyn_?/tcp
?/tcp

GD, INT_IP A

Dyn_H245_SRV/tcp

GA

Dyn_H245_GA/tcp

Dyn_?/tcp

GD

4560/tcp

GD, GA
INT_IP A
H.323 end_point
GD, GA
INT_IP A
H.323 end_point
H.323 end_point

H.323 Call establishment signaling control


(H.225) with H.323 terminals, other
gateways or ABC-F links

H.323 Call establishment control


signalisation H.225
(Q.931)

H.245 signaling control

H.245 media channel establishment control


signalization

H.323 signalling with H.323 control


Gateways/Terminals or ABC-F links

GD, INT_IP A
H.323 extern gw
H.323 end_point
?

H.323 monitor manage


ment

Synthesis of IP flows in OmniPCX Enterprise solution

No more needed?

Iff a H.323
trunk is
declared
Iff a H.323
trunk is
declared

25/38
Purpose

Client
Initiator

Plane

Protocol

Source port

user

RTP/RTCP

GD, GA
INT_IP A+B

Dyn_Voice/udp

user

RTP/RTCP

IPP, NOE
Softphone

user

T.38

user

T.38

Sheet:MG
Server
Responder

Admission
control?

Notes

Service port

Condition
of
Activation

IPP, NOE
Softphone

BP+2,3/udp

START_RTP
in signaling

Whether encrypted of not, the


source and destination
addresses are not changed:
this flow is cleartext out of the
MG. When voice is encrypted,
cleartext flows through MSM
where it is encrypted and
continues encrypted to
destination.

BP+2,3/udp

GD, GA
INT_IP A+B

Dyn_Voice/udp

START_RTP
in signaling

Direction of first packet cannot


be predetermined: both
directions shall be enabled

GD, GA
INT_IP A+B

Dyn_Voice/udp

Fax

?/udp

START_FAX
in signaling

Whether encrypted of not, the


source and destination
addresses are not changed:
this flow is cleartext out of the
MG. When voice is encrypted,
cleartext flows through MSM
where it is encrypted and
continues encrypted to
destination.

Fax

?/udp

GD, GA
INT_IP A+B

Dyn_Voice/udp

START_FAX
in signaling

Direction of first packet cannot


be predetermined: both
directions shall be enabled

Media: voice, fax...


Voice channel, voice quality control

Fax over IP

Synthesis of IP flows in OmniPCX Enterprise solution

26/38
Protocol

Client
Initiator

Source port

Maintenance access support

TELNET

CS

Dyn_CS/tcp

support
Maintenance file transfer support
support

TELNET
TFTP
FTP

GD, GA
PC support
GD, GA

ASCII

CS

Purpose

Plane

Sheet:MG
Server
Responder

Service port

Condition
of
Activation

Admission
control?

GD, GA
INT_IP A+B

23/tcp

always on

Incoming
connection
request
allowed only
from Call
Server

Dyn_MG/tcp
Dyn_?/udp
Dyn_MG/tcp

PC support
INT_IP A+B
PC support

23/tcp
69/udp
21/tcp

always on

Dyn_CS/udp

GD

BP+130/udp

Notes

Maintenance and Support

External access for remote support


maintenance (eRMA)

Synthesis of IP flows in OmniPCX Enterprise solution

Activation in
MAO

Used for support only.


FTP transfer in active mode
unless client invoked
differently
The CS sends through this
port ASCII to the modem
embedded on the GD.

27/38

Sheet:Auxiliaries

Various network elements


Purpose

Source port

Server
Responder

?
?
?
GD, GA
INT_IP A+B

?/tcp
?/udp
Dyn_?/tcp
Dyn_Voice/udp

Audiocode
Audiocode
Audiocode
Audiocode

1720/tcp
1719/udp
Dyn_?/tcp
Dyn_Audiocode/u
dp

RTP/RTCP

Audiocode
PC admin

GD, GA
INT_IP A+B
Audiocode

Dyn_Voice/udp

HTTP

Dyn_Audiocode/u
dp
Dyn_?/tcp

80/tcp

Optional

Syslog

2048

Audiocode

514/udp

Optional

SNMP

1024

Audiocode

160,161/udp

Optional

TELNET

PC support

Dyn_?/tcp

MOXA

23/tcp

CS

Dyn_CS/tcp

MOXA

4000/tcp

CS

Dyn_CS/tcp

MOXA

[950,965]/tcp

Upper bound depends on


number of ports supported
by the box. Example a 4-port
box range will end at 953.

control

CS

Dyn_CS/tcp

MOXA

[966, 981]/tcp

Likewise upper bound for a 4port box will be 969.

manageme
nt

Dyn_?/udp

MOXA

1028/udp

Plane

Protocol

control
control
control
user

H.225
H.323
H.245
RTP/RTCP

user
manageme
nt
manageme
nt
manageme
nt

Client
Initiator

Service port

Condition Admission
control?
of
Activation

OXE
version

Notes

Audiocode (Z behind IP)


H.225 listen & dial port
RAS
H.245
RTP, RTCP, T.38

Web
Syslog
SNMP

Mandatory
Optional
Mandatory
Direction of first packet
cannot be predetermined:
both directions shall be
enabled

Moxa (V.24 port extender over IP)


Telnet
Configurator / FW settings
Data port

Command port
Broacast monitor real com installer

manageme
nt
manageme
nt
user

Synthesis of IP flows in OmniPCX Enterprise solution

28/38

Sheet:Auxiliaries

Plane

Protocol

Client
Initiator

Signaling link
Client API on WIndows system

control
control

UA
HTTP

CS
PC appli

BP+128/udp
Dyn_Win/tcp

PRS
PRS

2570/udp
8080/tcp

Client API on Linux system

control

HTTP

PC appli

Dyn_Lnx/tcp

PRS

manageme
nt
support
user

HTTP

PC admin

Dyn_?/tcp

PRS

8080/tcp
8083/tcp
2010/tcp

?
HTTP

PC admin
NOE

Dyn_?/tcp
Dyn_NOE

PRS
PRS or
API servers

2009/tcp
80/tcp

support

FTP

PC support

Dyn_Win/tcp

CS

21/tcp

support

SSH

PC support

Dyn_Win/tcp

CS

22/tcp

File Transfer for software update

support

FTP

CS

Dyn_CS/tcp

PC Installer

21/tcp

DHCP client

support

DHCP

CS

68/udp

PC Installer

67/udp

TFTP client

support

TFTP

CS

Dyn_CS/udp

PC Installer

69/udp

Purpose

Source port

Server
Responder

Service port

Condition Admission
control?
of
Activation

OXE
version

Notes

Presentation Server (PRS)

Web-based management
PRS monitoring
NOE applications

OXE >= R6.0


Windows server supported
only in small configuration
Linux server(s) in large
configurations

NOE >= v3

The HTTP server is any of


the API servers. Actual
request port may be any of
80, 8080, 8081, 8083, etc...

Alcatel Audio Station (AAS)


Vocal guide file transfert

If CS not in
securized
mode.
If CS in
securized
mode

mtcl pwd

mtcl pwd

Active FTP mode

>=R6.0

PC Installer

Synthesis of IP flows in OmniPCX Enterprise solution

Active FTP mode, CS is


client.
Only for complete
reinstallation of system and
call handling software on CS.
CS is the client.
Only for complete
reinstallation of system and
call handling software on CS.
CS is the client.

29/38

Sheet:UA terminals

IP phone (IPP), IP touch (NOE), MIPT, Softphone


Purpose

Plane

Protocol

Client
Initiator

Source port

Server
Responder

Service port

Router presence check

control

ICMP

IPP

N/A

router

N/A

control

ICMP

NOE

N/A

router

N/A

Router redirection command

control

ICMP

router

N/A

N/A

Network supervision console

manage
ment
control

SNMP

MIB browser

Dyn_?/udp

IPP, NOE,
MIPT
IPP

161/udp

DHCP

68/udp

DHCP server

67/udp

control

TFTP

IPP, NOE,
MIPT
IPP
NOE, MIPT
Softphone

Dyn_IPP/udp
Dyn_NOE/udp
Dyn_Win/udp

TFTP server

69/udp

control

LDAP

Softphone

Dyn_Win/tcp

LDAP server

389/tcp

UA

CS, INT_IP A

BP+128/udp

BP/udp

control
control

STAP
UA

CS, INT_IP A
GD
INT_IP A+B

2556/udp
BP+128/udp

IPP, NOE,
MIPT
Softphone
IPP, NOE,
MIPT

control
Encryption of voice and signaling control

ATAPI
IKE

Softphone
SSM

Dyn_Win/tcp
Dyn_?/udp

OTS
NOE

3595/tcp
500/udp

ESP

SSM

N/A

NOE

N/A

Dynamic IP configuration
Phone configuration and software
upgrade (file download:
binaries+config information
Download lanpbx.cfg, starttscip,
startnoe)
Phone directory

Condition of
Activation

Admission
control?

Version?

Notes

ICMP echo request/reply


Was critical for correct
operation
ICMP echo request/reply
NOT critical for correct
operation
ICMP redirect
community
string

IP phone only, not NOE.

If dynamic
configuration

Proprietary signaling
Signaling link control

control

Synthesis of IP flows in OmniPCX Enterprise solution

BP/udp
BP/udp

When not in encrypted


mode

The phone needs to be


statically configured for the
survivability mode to be
effective.

When in survivability
mode

When in encrypted
mode
When in encrypted
mode

OXE >=
R6.2
OXE >=
R6.2

30/38
Purpose

Client
Initiator

Source port

Server
Responder

Sheet:UA terminals

Plane

Protocol

Service port

user

RTP/RTCP
or
SRTP/SRTCP

GD, GA
INT_ IP A+B

Dyn_Voice/udp

IPP, NOE,
MIPT,
Softphone

BP+2,3/udp

user

RTP/RTCP
or
SRTP/SRTCP

IPP, NOE,
MIPT

BP+2,3/udp

GD, GA
INT_ IP A+B

Dyn_Voice/udp

user

RTP/RTCP

Softphone

Dyn_Win/udp

GD, GA
INT_ IP A+B

Dyn_Voice/udp

user

RTP/RTCP
or
SRTP/SRTCP

IPP, NOE,
MIPT

BP+2,3/udp

IPP, NOE,
MIPT,
Softphone

BP+2,3/udp

user

RTP/RTCP
or
SRTP/SRTCP

IPP, NOE,
MIPT

BP+2,3/udp

IPP, NOE,
MIPT

BP+2,3/udp

user

RTP/RTCP

Softphone

Dyn_Win/udp

IPP, NOE,
MIPT

BP+2,3/udp

user

HTTP

NOE

Dyn_NOE

PRS
API servers

80/tcp

Condition of
Activation

Admission
control?

Version?

Notes

Media: voice, fax...


Voice channel
Voice quality control

Whether encrypted of not,


the source and destination
addresses are not
changed.
Direction of first packet
cannot be predetermined:
both directions shall be
enabled
Voice packets emitted by
the softphone are sent
from a dynamic UDP port.
Whether encrypted of not,
the source and destination
addresses are not
changed.
Direction of first packet
cannot be predetermined:
both directions shall be
enabled
Voice packets emitted by
the softphone are sent
from a dynamic UDP port.

with gateways

Voice channel
Voice quality control
between UA phones

Applications
NOE applications

NOE >= v3 The HTTP server is anyone

amongst the API servers.


Actual request port may be
any from 80, 8080, 8081,
8083, etc...

(See tab 'Auxiliaries' for


more information on PRS)

Maintenance and Support


Maintenance access

support

TELNET

PC support

Dyn_?/tcp

IPP

23/tcp

always on

support

TELNET

PC support

Dyn_?/tcp

NOE

23/tcp

SET_PARAM UA
message with telnetd
timeout

Synthesis of IP flows in OmniPCX Enterprise solution

Incoming
connection
request
allowed only
from Call
Server
none

31/38

Sheet:OTUC

OmniTouch Unified Communications


Purpose

Plane

Protocol

control
control
control
control
user

ATAPI
LDAP
TFTP
STAP
RTP/RTCP

Client
Initiator

Source port

Server
Responder

Service Port

OTS
LDAP server
TFTP server
Client
Softphone

3595/tcp (*)
389/tcp
69/udp
BP/udp
BP+2,3/udp

OTUC
Authentication Confidentiality Integrity
version?

Notes

myPhone
Proprietary signaling

Voice

Client
Dyn_Win/tcp
Client
Dyn_Win/tcp
Client
Dyn_Win/udp
CS
2556/udp
GD, GA, 46x5 Dyn_Voice/udp
INT_IP A+B Dyn_Voice/udp
Dyn_MS/udp
Media Server
BP+2,3/udp
IPP, NOE

YES
NO
NO
?
NO

NO
NO
NO
NO
NO

user

RTP/RTCP

Softphone

Dyn_Win/udp

GD, GA, 46x5


INT_IP A+B
Media Server
IPP, NOE

Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2,3/udp

NO

control
control

CSTA
CMISD

Service Infra
Service Infra

Dyn_?/tcp
Dyn_?/tcp

CS
CS

2555/tcp
2535/tcp

YES
YES

control

HTTP

Client

Dyn_Win/tcp

Service Infra

8080/tcp

YES

YES (HTTPS)

control
control
control
control
control

SOAP/HTTP
IMAP4
FlexLM
MAPI
IMAP4

Client
Client
Client
Client
Client

Dyn_Win/tcp
Dyn_Win/tcp
Dyn_Win
Dyn_Win/tcp
Dyn_Win/tcp

8083/tcp
143/tcp (993/tcp)
27000
?/tcp
143/tcp (993/tcp)

?
YES

?
YES if IMAP4s

YES
YES

YES if IMAP4s

control
control
control
control

HTTP
SOAP/HTTP
NAPI
IMAP4

Client
Client
Client
Client

Dyn_Win/tcp
Dyn_Win/tcp
Dyn_Win/tcp
Dyn_Win/tcp

control
control

HTTP
SOAP/HTTP

Client
Client

Dyn_Win/tcp
Dyn_Win/tcp

Service Infra
46x5
Service Infra
Exchange
46x5
IMAP4 Server
Service Infra
Service Infra
Domino
46x5
IMAP4 Server
Service Infra
Service Infra

Email server
Store Voice Message
IMAP4 server access

control
control

SMTP
IMAP4

Service Infra
Service Infra

Dyn_?/tcp
Dyn_?/tcp

Email server
Email server

25/tcp
143/tcp

Mail box access


PIM mngt
Filter mngt
Notif request

control
control
control
control

HTTP
HTTP
HTTP
HTTP

Service Infra
Service Infra
Service Infra
Email server

Dyn_?/tcp
Dyn_?/tcp
Dyn_?/tcp
Dyn_?/tcp

Email server
Email server
Email server
Service Infra

8000/tcp
8001/tcp
8002/tcp
8082/tcp

Service Infrastructure
CS interfacing
Mngt Interfacing

NO

Not for Websoftphone

Direction of first packet cannot


be predetermined: both
directions shall be enabled
Voice packets emitted by the
softphone are sent from a
dynamic UDP port.

OTS server
OTS server

myMessaging
Web client

Outlook Client

Lotus Client

Synthesis of IP flows in OmniPCX Enterprise solution

8080/tcp
8083/tcp
?/tcp
143/tcp (993/tcp)
8080/tcp
8083/tcp

>=R3.x

>=R3.x

>=R3.x

YES
?
YES
YES

YES (HTTPS)
?
YES if IMAP4s

YES
?

YES (HTTPS)
?

Only if LARGE or
Websoftphone
Not for Websoftphone
Only if integrated voice mail
Not for Websoftphone
Only if integrated voice mail or
external IMAP server
Only if LARGE

Only if external IMAP server


Only if LARGE

Not if Exchange or Domino is


used as eMail server

32/38
Purpose

Voice mail server


Voice Mail access
Voice Mail Control
Media Server (MS)
Voice Signaling
Voice Flow

Voice Application

Source port

Server
Responder

Service Port

Sheet:OTUC

Plane

Protocol

Client
Initiator

control
control

IMAP4
VMMC2/HTTP

Service Infra
Service Infra

Dyn_?/tcp
Dyn_?/tcp

46x5
46x5

143/tcp (993/tcp)
80/tcp

YES
YES

YES if IMAP4s
NO

control

SIP

CS

5060 (*)/udp

MS

5060 (*)/udp

YES but Not used

NO

user

RTP/RTCP

MS

Dyn_MS/udp

NO

NO

GD, GA, 46x5 Dyn_Voice/udp


INT_IP A+B Dyn_Voice/udp
BP+2,3/udp
IPP, NOE,
Softphone

user

RTP/RTCP

MS

Dyn_MS/udp

control
control

HTTP/VXML
HTTP/PPR

MS
Service Infra

Dyn_?/tcp
Dyn_?/tcp

OTUC
Authentication Confidentiality Integrity
version?

Notes

Only if integrated voice mail


Only if integrated voice mail

Direction of first packet cannot


be predetermined: both
directions shall be enabled
GD, GA, 46x5
INT_IP A+B
IPP, NOE,
Softphone
Service Infra
MS

Dyn_Voice/udp
Dyn_Voice/udp
BP+2,3/udp

NO

NO

8080/tcp
8015/tcp

NO
NO

NO
NO

1099/tcp
27000

YES

389

YES

YES

YES

YES (HTTPS)

myAssistant
no specific flow

Common Service Infrastructure

Notes

OTUC application
Licences access

control
control

Java RMI
FlexLM

another CS
Service Infra

Dyn_CS/tcp
Dyn_?

Directories

control

LDAP

Service Infra

Dyn_?

Service Infra
Licences
Server
Directory

SQL Database

control

Service Infra

Dyn_?

Database

API openness

control

Third party

Dyn_?/tcp

Service Infra

8080/tcp

(*)

SOAP/HTTP

configurable through command line upon server startup

Synthesis of IP flows in OmniPCX Enterprise solution

LDAP directory internal to


OTUC (not the company's
directory)
Internal to OTUC (only if
LARGE)
Home page access. Only in
LARGE.

33/38

Sheet:OTCC

OmniTouch Contact Center


Plane

Protocol

Client
Initiator

FTP

PC admin

Dyn_?

Afe

21/tcp

Mngt interfacing <==>


CCD Supervision <==>
TSS tool for Afe <==>

manage
ment
control
control
support

CMIS
?
Text

Dyn_CS
Dyn_Win
Dyn_?

Cmisd
Afe
Afe

2535/tcp
2538/tcp
2538/tcp

OXE
OXE
OXE

YES
YES
NO

Debug only

CCS emulator <==>

support

TELNET

Dyn_?

Afe

2538/tcp

OXE

NO

Debug only

CCS Server <==>


TSS tool for CCS Server
<==>

control
support

?
Text

Dyn_Win
Dyn_?

Afe
CCS Server

2538/tcp
2543/tcp

OXE
OXE or
Windows

NO
NO

Debug only

CCD Supervision <==>

control

Afe
CCS
PC support
(adm_acd)
PC support
(terminal)
CCS Server
PC support
(adm_acd servccs)
CCS

Dyn_Win

CCS Server

2543/tcp

YES

pilot_test

support

UA

Purpose

Source
port

Server
Responder

Service
Port

Port
Location

Condition of Authentication
activation

Notes

CCD
Stats transfer <==>

YES

rtest

2554/tcp

PABX interfacing <==>


CSTA Tools <==>

PC support
(pilot_test)
control
CSTA / C
Afe
support CSTA / ASN1 Pilot/Pilot2a

OXE or
Windows
OXE

?
?

CSTA server
CSTA Server

2555/tcp
2555/tcp

CSTA web access


CSTA Telnet
lis

support
control
support
support

CSTA / C
HTML
TELNET
LIS

Pilot2
Browser
telnet
lis

?
?
?
?

CSTA Server
CSTA Server
CSTA Server
rlis

manage
ment

LIS

lisEA

rlisEA

lisEA

Synthesis of IP flows in OmniPCX Enterprise solution

Manual
configuration

NO

Test only

OXE
OXE

NO
NO

Test only

2555/tcp
2555/tcp
2555/tcp
2560/tcp

OXE
OXE
OXE
OXE

NO
NO
NO
YES

2561/tcp

OXE

Manual
configuration
EAU
configuration

YES

Test only
Debug only
Test SOSM

34/38
Purpose

Protocol

Client
Initiator

control

Alb

Plane

Source
port

Server
Responder

Sheet:OTCC

Service
Port

Port
Location

Condition of Authentication
activation

Afe

2538/tcp

OXE

NO

Notes

Agent Call Routing (ACR)


internal agent selector
<==>
external agent selector
<==>
TSS tool for asm/alb <==>

control

Asm

Afe

2538/tcp

OXE

NO

support

Text

Alb/Asm

2546/tcp

control

ASM Manager

2546/tcp

Scripting <==>

control

Alb/Asm

ASM SE

2546/tcp

Script debugger <==>

control

debugger

Alb/Asm

2546/tcp

OXE or
Windows
OXE or
Windows
OXE or
Windows
OXE or
Windows

NO

ASM Manager <==>

adm_acd salb
Alb/Asm

SQL Interface <==>

control

ODBC

Customer
Database

Asm

?/tcp

Scripting

support

Debug only

NO
YES
YES
YES

1969/tcp

Windows
OXE

Not used

WFP
Statistics importing <==>
Statistics exporting =>

Wfp

Afe

2538/tcp

NO

FTP

customer
host

WFP

?/tcp

?
?

Afe
CCA Server

2538/tcp
2544/tcp

OXE
Windows

NO
NO

?
?
?
?

Manager
CCA Server
OTS
CSTA Server

2544/tcp
2544/tcp
3595/tcp
2555/tcp

Windows
Windows
Windows
OXE

YES
YES
YES
YES

YES

Contact Center Agent (CCA)


CCA Server <==>
TSS tool for CCA Server
<==>
Manager <==>
Agent desktop <==>
Agent desktop <==>
voice signaling <==>

control
support
control
control
control
control

?
Text

CCA Server
adm_acd spcag
?
CCA Server
?
CCA
ATAPI
CCA
CSTA / ASN1
OTS

Synthesis of IP flows in OmniPCX Enterprise solution

Debug only

35/38
Purpose

Plane

Protocol

Client
Initiator

Source
port

Server
Responder

Sheet:OTCC

Service
Port

Port
Location

Condition of Authentication
activation

Notes

Contact Center Outbound (CCO)


CTI application <==>

control CSTA / ASN1 CSTA Server

?
?
?
?

WEB Server
FTP Server
Synchro
Server
Config Server

Genesys
T-Server
CCA
CCOSE
Afe

agent scripting <==>


CCO Script Editor <==>
Data synchronization =>

control
control
control

HTTP
FTP
?

CCO Script Editor <=

control

CCO Script Editor

support

2555/tcp

OXE

NO

80/tcp
2121/tcp
2538/tcp

Windows
Windows
OXE

NO
YES
NO

CCOSE

2020/tcp

Windows

YES

CCOSE

1970/tcp

Windows

?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?

CSTA server
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM

900/tcp
10000/tcp
11000/tcp
901/tcp
902/tcp
903/tcp
904/tcp
906/tcp
907/tcp
908/tcp
909/tcp
910/tcp
911/tcp
913/tcp
914/tcp
950/tcp
951/tcp
952/tcp
953/tcp
954/tcp

Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows

Not used

Contact Center Interactive Voice Response (CCIVR)


ADM <==>
EST <==>
APPLICATION <==>
ADS
ALARM
DBS
RPM
SMS
STS
VPRM
AMBX
EAS
SAS
SASDISP
ACRS
extra1
extra2
extra3
extra4
extra5

control
control
control
control
control
control
control
control
control
control
control
control
control
control
control
?
?
?
?
?

?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?

ADM
EST
appli
ADS
ALARM
DBS
RPM
SMS
STS
VPRM
AMBX
EAS
SAS
SASDISP
ACRS
extra1
extra2
extra3
extra4
extra5

Synthesis of IP flows in OmniPCX Enterprise solution

YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES

36/38
Purpose

Plane

Protocol

myserver
performTest
SIM_dataServer

support
support
support

?
?
?

SIM_DBS
SIM_VPRM
TBBS
TSA

support
support
?
?
?

Client
Initiator

Source
port

Server
Responder

Sheet:OTCC

Service
Port

Port
Location

Condition of Authentication
activation

Notes

?
?
?

ADM
ADM
ADM

850/tcp
851/tcp
852/tcp

Windows
Windows
Windows

YES
YES
YES

Test only
Test only
Test only

?
?
?
?
?

myserver
performTest
SIM_dataSer
ver
SIM_DBS
SIM_VPRM
TBBS
TSA
TSA

?
?
?
?
?

ADM
ADM

Windows
Windows
Windows
Windows
Windows

YES
YES
YES
YES
YES

Test only
Test only

ADM
ADM

853/tcp
854/tcp
855/tcp
111/tcp
708/tcp

? control

T-server

?/tcp

CS

0/tcp

N/A

Value is configurable with a default


of 0. Change takes effect after Tserver has reconnected to the link.

? control

T-server

?/tcp

client

0/tcp

N/A

Value is configurable with a default


of 0. Change takes effect after Tserver is restarted.

Genesys

Synthesis of IP flows in OmniPCX Enterprise solution

37/38

Sheet:VoWLAN

Voice over Wireless LAN: Airespace or Aruba infrastructure


Purpose

Plane

Protocol

Client
Initiator

Source port

Server
Responder

Service Port

Condition VoWLAN
of
version?
activation

Notes

Mobile IP Telephony handset (MIPT)


Dynamic IP configuration

control

DHCP

MIPT

68/udp

SVP

67/udp

Download configuration
files, binary, menu files
Spectralink voice protocol

control

TFTP

MIPT

Dyn_WLAN/udp

TFTP server

69/udp

control

SRP (119)

MIPT

N/A

SVP

N/A

H.323 incoming call

control

H.323/H.225

GD

Dyn_H225_CLT/tcp

MIPT (NATed)

1720/tcp

H.323 outgoing call

control

H.323/H.225 MIPT (NATed)

Dyn_WLAN/tcp

GD

1720/tcp

H.245 to GD

control

H.323/H.245 MIPT (NATed)

Dyn_WLAN/tcp

GD

Dyn_H245_SRV/tcp

H.245 to MIPT

control

H.323/H.245

GD

Dyn_H245_CLT/tcp

MIPT (NATed)

41788/tcp

user

RTP/RTCP

19282/udp

RTCP may be blocked bu firewall since


all RTCP traffic to MIPT is ignored and
MIPT doesn't emit any RTCP packet.

RTP/RTCP

Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2/udp
Dyn_?/udp
19282/udp

MIPT (NATed)

user

GD, GA, 46x5


INT_IP A+B
Media Server
IPP, NOE
Softphone
MIPT (NATed)

GD, GA, 46x5


INT_IP A+B
Media Server
IPP, NOE
Softphone

Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2/udp
Dyn_?/udp

Direction of first packet cannot be


predetermined: both directions shall be
enabled

Voice channel, Voice


quality control

Synthesis of IP flows in OmniPCX Enterprise solution

This is an IP protocol at same level as


UDP or TCP (no notion or source or
destination port)
Traffic to MIPT translated is actually
intercepted by SVP which performs a
pseudo NAT function, redirecting the
traffic through SRP protocol

38/38

Sheet:VoWLAN

Plane

Protocol

Client
Initiator

Source port

Server
Responder

Service Port

Dynamic IP configuration

control

DHCP

SVP

68/udp

DHCP server

67/udp

H.225 RAS to H.323


Gatekeeper
Maintenance download of
configuration files, binary

control

H.323/H.225

GD

1719/udp

SVP

1719/udp

support

TFTP

SVP

Dyn_WLAN/udp

TFTP server

69/udp

manage
ment

TELNET

PC support

Dyn_?/tcp

SVP

21/tcp

Maintenance download of
configuration files, binary

support

TFTP

OAW

Dyn_WLAN/udp

TFTP server

69/udp

Management console
access

manage
ment
manage
ment
manage
ment
manage
ment
manage
ment
manage
ment
manage
ment

TELNET

PC support

Dyn_?/tcp

OAW

21/tcp

SSH

PC support

Dyn_?/tcp

OAW

22/tcp

HTTP

PC admin

Dyn_?/tcp

OAW

80/tcp

HTTPS

PC admin

Dyn_?/tcp

OAW

443/tcp

SYSLOG

OAW

Dyn_WLAN/udp

syslog server

514/udp

SNMP

Supervision
console
OAW

Dyn_?/udp

OAW

161/udp

Dyn_WLAN/udp

Supervision
console

162/udp

Purpose

Condition VoWLAN
of
version?
activation

Notes

SVP management

Management console
access

OAW management

Web-based management

Journaling output
SNMP requests
SNMP traps

SNMP

Synthesis of IP flows in OmniPCX Enterprise solution

SVP acts as a DHCP proxy relaying


the DHCP request in unicast to the
actual DHCP server.
DHCP can be made mandatory for
every terminal
registration or RAS admission
message