Cisco Cisco Prime Central 1.5.2 Installation Guide
The system administrator should...
Used by...
Protocol
Exposure
Port No.
Only allow access to this port from localhost.
Fault Management
TCP
Private
16318
Only allow access to this port from localhost.
Fault Management
TCP
Private
16320
Only allow access to this port from localhost.
Fault Management
TCP
Private
16321
Only allow access to this port from localhost.
Fault Management
TCP
Private
16322
Only allow access to this port from localhost.
Fault Management
TCP
Private
16323
Only allow access to this port from localhost.
Fault Management
TCP
Private
16324
Port Exposure Categories
The ports listed in
belong to the following exposure categories:
• Private—These ports should not be accessible from outside workstations. Administrators should restrict access to localhost
(127.0.0.1). Administrators can use firewall software such as Linux iptables to implement access restrictions.
• Public—These ports might need to be accessible from outside workstations. To protect against external security threats,
administrators should restrict access to these ports to only those workstations that need explicit access. As additional precaution
against denial of service (DoS) attacks, administrators should apply rate-limiting policies. Administrators can use firewall
software such as Linux iptables to implement access restrictions and rate-limiting policies. Whenever possible, if the set of
source addresses is known, restrict all other access.
against denial of service (DoS) attacks, administrators should apply rate-limiting policies. Administrators can use firewall
software such as Linux iptables to implement access restrictions and rate-limiting policies. Whenever possible, if the set of
source addresses is known, restrict all other access.
◦In some cases, the packet source is not known ahead of time; for example, the HTTPS port that clients use to communicate
with the Prime Central portal.
◦In some cases, the packet source is known ahead of time; for example, a distributed Prime Central installation, where the
Prime Central portal must communicate with the Prime Central integration layer.
• Ephemeral—These ports are similar to public ports, except that their port numbers are not fixed. Depending on the Prime Central
deployment scenario, ephemeral ports might require public exposure. If so, administrators should restrict access to these ports
to only those workstations that need explicit access. As additional precaution against denial of service (DoS) attacks, administrators
should apply rate-limiting policies. Administrators can use firewall software such as Linux iptables to implement access
restrictions and rate-limiting policies.
to only those workstations that need explicit access. As additional precaution against denial of service (DoS) attacks, administrators
should apply rate-limiting policies. Administrators can use firewall software such as Linux iptables to implement access
restrictions and rate-limiting policies.
◦In some cases, the packet source is not known ahead of time; for example, the HTTPS port that clients use to communicate
with the Prime Central portal.
◦In some cases, the packet source is known ahead of time; for example, a distributed Prime Central installation, where the
Prime Central portal must communicate with the Prime Central integration layer.
• Restricted—We recommend that administrators restrict access to all other ports. Administrators can use firewall software such
as Linux iptables to implement access restrictions.
11