ExtremeCloud IQ Site Engine Ports List

ExtremeCloud IQ Site Engine Ports


ExtremeCloud IQ Site Engine Inbound Communication (Local Ports)
Type Port Description Purpose
TCP 20 FTP Data Device software and configuration upload/download
TCP 21 FTP Control Device software and configuration upload/download
TCP 22 SSH Shell access
Device software and configuration upload/download
TCP 8080 HTTP Web browser access to ExtremeCloud IQ Site Engine user interface (redirects to port 8443)
Communication with ExtremeControl and ExtremeAnalytics
TCP 8443 HTTPS

Web browser access to ExtremeCloud IQ Site Engine user interface
Northbound Interface (NBI)
ExtremeControl, ExtremeAnalytics, and Fabric Manager communication
ZTP+ (cloud connector) communication

TCP 8444 HTTPS ExtremeControl engine communication
TCP 8445 HTTPS ExtremeControl Assessment communication
TCP 20504 ExtremeWireless Protocol ExtremeWireless Controller communication
TCP 20505 ExtremeWireless Protocol ExtremeWireless Controller communication
UDP 69 TFTP Device software and configuration upload/download
UDP 123 NTP  
UDP 161 SNMP SNMP agent (if enabled)
UDP 162 SNMP Traps Reception of SNMP traps from all managed devices
Reception of SNMP traps from ExtremeControl and ExtremeAnalytics engines, Guest & IoT Manager, Fabric Manager, ExtremeWireless Controller, and Virtual Sensors.
UDP 514 Syslog Reception of syslog messages from monitored devices
UDP 2055 NetFlow Default NetFlow collector

ExtremeCloud IQ Site Engine Outbound Communication (Remote Ports)
Type Port Description Purpose
TCP 22 SSH CLI access to managed devices
Shell access to ExtremeControl and ExtremeAnalytics engines, Guest & IoT Manager, Fabric Manager, and ExtremeWireless controllers
TCP 23 Telent If used for CLI communication in lieu of SSH
TCP 25 SMTP Communication with SMTP server (port is configurable, most common values: 25, 465, and 587)
TCP 49 TACACS+ Required when using TACACS+ for user authentication
TCP 80 HTTP

Internet for ExtremeControl Assessment Agent updates (extremenetworks.com)

Virtual sensor communication

TCP 389 LDAP Required when using LDAP for user authentication
TCP 443 HTTPS

Allows ExtremeCloud IQ Site Engine to connect to ExtremeCloud IQ

ExtremeAnalytics Fingerprint updates (services.enterasys.com)

Required when using Microsoft Entra ID (formerly Azure AD), Intune Compliance Module, or OpenID integration.
TCP 443 Connect Connect modules can be configured to communicate with third party solutions. The destination is defined in the Connect modules.
TCP 443 OAUTH Required when automatic access tokens update is enabled in Administration > Options > SMTP Email.
TCP 636 LDAPs Required when using LDAP for user authentication
TCP 8080 HTTP ExtremeControl and ExtremeAnalytics engine communication
TCP 8443 HTTPS ExtremeControl, ExtremeAnalytics, Guest & IoT Manager, Fabric Manager, and Virtual Sensor communication
TCP 8444 HTTPS ExtremeControl engine communication
TCP 20506 ExtremeWireless Protocol ExtremeWireless Controller communication
UDP 53 DNS Domain Name Server
UDP 123 NTP Network Time Protocol
UDP 161 SNMP SNMP Management of all managed devices
SNMP Management of ExtremeControl and ExtremeAnalytics engines, Guest & IoT Manager, Fabric Manager, ExtremeWireless Controller, and Virtual Sensors.
UDP 162 SNMP Trap Send SNMP traps to external trap receivers
UDP 514 Syslog Send syslog messages to external syslog receivers
UDP 1812 RADIUS authentication Required when using RADIUS for user authentication

ExtremeCloud IQ Site Engine Outbound Internet Connections (not mandatory in air gap deployment)
Type Port Description Purpose
TCP 443 HTTPS

Allows ExtremeCloud IQ Site Engine to connect to ExtremeCloud IQ (*.extremecloudiq.com - Check the specifics for your RDC. Login to ExtremeCloud IQ > About ExtremeCloud IQ > Firewall Configuration Guide)

ExtremeAnalytics Fingerprint updates (services.enterasys.com)

TCP 80 HTTP

ExtremeControl Assessment Agent download (extremenetworks.com)

ExtremeControl Ports

ExtremeControl Inbound Communication (Local Ports)

Type Port Description Purpose
TCP 22 SSH Shell access
Device software and configuration upload/download
TCP 80 HTTP Captive Portal listening
TCP 443 HTTPS Captive Portal listening
TCP 8080 HTTP ExtremeControl web browser access (redirects to port 8443)
ExtremeCloud IQ Site Engine communication
Communication between multiple ExtremeControl engines
From every end-system subnet subject to ExtremeControl assessment agent in order to support agent mobility
TCP 8443 HTTPS ExtremeControl web browser access
ExtremeCloud IQ Site Engine communication
Communication between multiple ExtremeControl engines
From every end-system subnet subject to ExtremeControl assessment agent in order to support agent mobility
TCP 8444 HTTPS ExtremeControl web browser access (redirects to port 8443)
ExtremeCloud IQ Site Engine communication
Communication between multiple ExtremeControl engines
TCP 8445 HTTPS ExtremeControl Assessment communication
UDP 123 NTP Network Time Protocol
UDP 161 SNMP SNMP agent managed by ExtremeCloud IQ Site Engine
UDP 1812 RADIUS authentication ExtremeControl RADIUS server
UDP 1813 RADIUS accounting ExtremeControl RADIUS server
    Connect Distributed IPS module can be configured to receive information from third party solutions. Source (Protocol and Port and IP) is defined in the Distributed IPS module.
 
ExtremeControl Outbound Communication (Remote Ports)
Type Port Description Purpose
TCP 22 SSH Configuration of devices running VOSS/Fabric Engine (if ssh is configured in the CLI profile)
TCP 23 Telnet Configuration of devices running VOSS/Fabric Engine (if telnet is configured in the CLI profile)
TCP 135 RPC Remote Procedure Calls to Active Directory
TCP 389 LDAP User-based network authentication and directory services
TCP 80/443 HTTPS Certificate verification by CRL or OCSP
TCP 443 HTTPS Required when using Microsoft Entra ID (formerly Azure AD), or OpenID integration.
TCP 445 DCERPC Distributed Computing Environment/Remote Procedure Calls
TCP 636 LDAP User-based network authentication and directory services
TCP 8080 HTTP ExtremeCloud IQ Site Engine communication
Communication between multiple ExtremeControl engines
TCP 8443 HTTPS ExtremeCloud IQ Site Engine communication
Communication between multiple ExtremeControl engines
TCP 8444 HTTPS ExtremeCloud IQ Site Engine communication
Communication between multiple ExtremeControl engines
UDP/TCP 88 Kerberos Kerberos Protocol
UDP 123 NTP Network Time Protocol
UDP 161 SNMP Communication to authenticators
UDP 162 SNMP Trap SNMP traps sent to ExtremeCloud IQ Site Engine
UDP 389 CLDAP Winbind discovery
UDP 1700 RADIUS CoA ExtremeControl RADIUS server to authenticators
UDP 1812 RADIUS authentication Proxy authorization to remote RADIUS Server
UDP 1813 RADIUS accounting Proxy accounting to remote RADIUS Server
UDP 3799 RADIUS CoA ExtremeControl RADIUS server to authenticators

ExtremeAnalytics Ports


ExtremeAnalytics Inbound IP Protocols
Type Protocol Description Purpose
IP 47 GRE Mirror Traffic for CoreFlow, Virtual Sensor, Wireless Controller, and App Telemetry application identification.

ExtremeAnalytics Inbound Communication (Local Ports)
Type Port Description Purpose
TCP 22 SSH Shell access
TCP 8080 HTTP ExtremeCloud IQ Site Engine communication
TCP 8443 HTTPS ExtremeCloud IQ Site Engine communication
UDP 123 NTP Network Time Protocol
UDP 161 SNMP SNMP agent managed by ExtremeCloud IQ Site Engine
UDP 2055 NetFlow NetFlow Collector
UDP 2058 IPFIX VMWare NSX IPFIX collector
UDP 2075 IPFIX IPFIX collector
UDP 2095 NetFlow ExtremeWireless NetFlow collector
UDP 4739 IPFIX ExtremeXOS/Switch Engine IPFIX collector, VTAP IPFIX collector from Virtual Sensor
UDP 6343 SFlow SFlow for ExtremeAnalytics Application Telemetry

ExtremeAnalytics Outbound Communication (Remote Ports)
Type Port Description Purpose
TCP 80 HTTP Virtual Sensor configuration
TCP 443 HTTPS Virtual Sensor configuration
TCP 8080 HTTP ExtremeCloud IQ Site Engine communication
TCP 8443 HTTPS

ExtremeCloud IQ Site Engine communication
UDP 123 NTP  
UDP 162 SNMP Trap SNMP traps sent to ExtremeCloud IQ Site Engine
UDP   IPFIX Flow export. Destination and port is defined in the configuration of the Analytics Engine

FabricManager Ports

Fabric Manager Outbound Communication (Remote Ports)
Type Port Description Purpose
UDP 161 SNMP Communicating with the devices
TCP 22 SSH Communication between ExtremeCloud IQ - Site Engine and FM for SSH
TCP 8443 HTTP Communication between ExtremeCloud IQ - Site Engine and FM for REST & ZTP+

Fabric Manager Inbound Communication (Local Ports)
Type Port Description Purpose
TCP 22 SSH Communication between ExtremeCloud IQ - Site Engine and FM for SSH

Ephemeral Ports

The port range 32768 to 61000 is reserved for dynamically allocated port numbers used by most TCP and UDP based protocols, such as TFTP and FTP.