Good ports to know for CCIE Storage Lab preparation! IP-ACL’s

Here is a compilation of ports that I run across continuously in my studies for CCIE Storage.

If you have any more ports that you think would be applicable in an MDS SAN environment and would likely be good to know please let me know and I will add them to the list!

Commonly Used Ports
Name Proto Port src or dst? Notes
FCIP TCP 3225 dst control is dynamic source TCP port
data is dynamic source TCP port+2
HTTP TCP 80 dst
SSH TCP 22 dst
RADIUS Auth UDP 1812 dst
RADIUS Acct UDP 1813 dst
TACACS TCP 49 dst
SNMP UDP 161 dst
NTP UDP 123 src and dst
DM traps UDP 1163 dst
FM traps UDP 2162 dst
CFS discovery UDP 7546 src and dst Destination is 239.255.70.83 by default
CFS distribution TCP 7546 dst
iSCSI TCP 3260 src and dst
FCAnalyzer TCP 2002 dst
SYSLOG UDP 514 dst
iSNS TCP 3205 dst

Important to note is that on Gigabit interfaces ACL’s will only work for TCP and ICMP traffic. ¬†Even though you can configure the ACL to permit or deny UDP it will not actually process that part of the ACL.

To capture messages generated from using the log-deny keyword on ACL’s, you must configure severity level 7 for the kernel¬†and ipacl facilities and ensure your logging destination is set to level 7.

The IP-ACL applied to the interface for the ingress traffic affects both local and remote traffic.

The IP-ACL applied to the interface for the egress traffic only affects local traffic.

This entry was posted in ACL, CCIE Storage and tagged , , , , . Bookmark the permalink.

2 Responses to Good ports to know for CCIE Storage Lab preparation! IP-ACL’s

Leave a Reply