Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 2: Additional information
Device authentication port reference
H.350 directory service
The following table lists the ports used for device authentication between VCS and the H.350 server. They
are configurable via
are configurable via
Configuration > Authentication > Devices > H.350 directory service
.
Purpose
VCS port
Destination port
H.350 LDAP server
TCP ephemeral port
TCP/389 or TCP/636
Active Directory (direct)
The following table lists the ports used for device authentication between VCS and the AD system. They are
configurable via
configurable via
Configuration > Authentication > Devices > Active Directory Service
.
Purpose
VCS port
Destination port
Kerberos Key Distribution Center
UDP ephemeral port
88 UDP
Kerberos
TCP ephemeral port
88 TCP
VCS with Domain Controller (CLDAP)
UDP ephemeral port
389 UDP
VCS with Domain Controller (LDAP)
TCP ephemeral port
389 / 636 TCP
Client credential authentication with the Domain
Controller (Microsoft-DS). VCS initially tries port 445,
but if that cannot be reached it tries port 139.
Controller (Microsoft-DS). VCS initially tries port 445,
but if that cannot be reached it tries port 139.
TCP ephemeral port
445 / 139 TCP
Certificates for TLS
For the VCS to connect to a server over TLS, the trusted CA certificate installed on the VCS must be able to
authorize that server’s server certificate.
authorize that server’s server certificate.
.
Use with VCS clusters
Active Directory (direct)
All authentication configuration is replicated across cluster peers, however the DNS server is configurable
independently on each VCS peer. Make sure that each peer references a DNS server that can look up the AD
server, Kerberos KDC and other required DNS and DNS SRV addresses.
independently on each VCS peer. Make sure that each peer references a DNS server that can look up the AD
server, Kerberos KDC and other required DNS and DNS SRV addresses.
Joining or leaving a domain must be carried out for every peer of the cluster, as each peer independently
connects to the AD server.
connects to the AD server.
Device Authentication on Cisco VCS Deployment Guide (VCS X8.1)
Page 36 of 55
Appendix 2: Additional information