ExtremeCloud IQ Site Engine Ports List
ExtremeCloud IQ Site Engine Ports
Type | Port | Description | Purpose |
---|---|---|---|
TCP | 20 | FTP Data | Device software and configuration upload/download |
TCP | 21 | FTP Control | Device software and configuration upload/download |
TCP | 22 | SSH |
Shell access Device software and configuration upload/download |
TCP | 8080 | HTTP |
Web browser access to ExtremeCloud IQ Site Engine user interface (redirects to port 8443) Communication with ExtremeControl and ExtremeAnalytics |
TCP | 8443 | HTTPS |
Web browser access to ExtremeCloud IQ Site Engine user interface |
TCP | 8444 | HTTPS | ExtremeControl engine communication |
TCP | 8445 | HTTPS | ExtremeControl Assessment communication |
TCP | 20504 | ExtremeWireless Protocol | ExtremeWireless Controller communication |
TCP | 20505 | ExtremeWireless Protocol | ExtremeWireless Controller communication |
UDP | 69 | TFTP | Device software and configuration upload/download |
UDP | 123 | NTP | |
UDP | 161 | SNMP | SNMP agent (if enabled) |
UDP | 162 | SNMP Traps |
Reception of SNMP traps from all managed devices Reception of SNMP traps from ExtremeControl and ExtremeAnalytics engines, Guest & IoT Manager, Fabric Manager, ExtremeWireless Controller, and Virtual Sensors. |
UDP | 514 | Syslog | Reception of syslog messages from monitored devices |
UDP | 2055 | NetFlow | Default NetFlow collector |
Type | Port | Description | Purpose |
---|---|---|---|
TCP | 22 | SSH |
CLI access to managed devices Shell access to ExtremeControl and ExtremeAnalytics engines, Guest & IoT Manager, Fabric Manager, and ExtremeWireless controllers |
TCP | 23 | Telent | If used for CLI communication in lieu of SSH |
TCP | 25 | SMTP | Communication with SMTP server (port is configurable, most common values: 25, 465, and 587) |
TCP | 49 | TACACS+ | Required when using TACACS+ for user authentication |
TCP | 80 | HTTP |
Internet for ExtremeControl Assessment Agent updates (extremenetworks.com) Virtual sensor communication |
TCP | 389 | LDAP | Required when using LDAP for user authentication |
TCP | 443 | HTTPS |
Allows ExtremeCloud IQ Site Engine to connect to ExtremeCloud IQ ExtremeAnalytics Fingerprint updates (services.enterasys.com) Required when using Microsoft Entra ID (formerly Azure AD), Intune Compliance Module, or OpenID integration. |
TCP | 443 | Connect | Connect modules can be configured to communicate with third party solutions. The destination is defined in the Connect modules. |
TCP | 443 | OAUTH | Required when automatic access tokens update is enabled in Administration > Options > SMTP Email. |
TCP | 636 | LDAPs | Required when using LDAP for user authentication |
TCP | 8080 | HTTP | ExtremeControl and ExtremeAnalytics engine communication |
TCP | 8443 | HTTPS | ExtremeControl, ExtremeAnalytics, Guest & IoT Manager, Fabric Manager, and Virtual Sensor communication |
TCP | 8444 | HTTPS | ExtremeControl engine communication |
TCP | 20506 | ExtremeWireless Protocol | ExtremeWireless Controller communication |
UDP | 53 | DNS | Domain Name Server |
UDP | 123 | NTP | Network Time Protocol |
UDP | 161 | SNMP |
SNMP Management of all managed devices SNMP Management of ExtremeControl and ExtremeAnalytics engines, Guest & IoT Manager, Fabric Manager, ExtremeWireless Controller, and Virtual Sensors. |
UDP | 162 | SNMP Trap | Send SNMP traps to external trap receivers |
UDP | 514 | Syslog | Send syslog messages to external syslog receivers |
UDP | 1812 | RADIUS authentication | Required when using RADIUS for user authentication |
Type | Port | Description | Purpose |
---|---|---|---|
TCP | 443 | HTTPS |
Allows ExtremeCloud IQ Site Engine to connect to ExtremeCloud IQ (*.extremecloudiq.com - Check the specifics for your RDC. Login to ExtremeCloud IQ > About ExtremeCloud IQ > Firewall Configuration Guide) ExtremeAnalytics Fingerprint updates (services.enterasys.com) |
TCP | 80 | HTTP |
ExtremeControl Assessment Agent download (extremenetworks.com) |
ExtremeControl Ports
Type | Port | Description | Purpose |
---|---|---|---|
TCP | 22 | SSH |
Shell access Device software and configuration upload/download |
TCP | 80 | HTTP | Captive Portal listening |
TCP | 443 | HTTPS | Captive Portal listening |
TCP | 8080 | HTTP | ExtremeControl web browser access (redirects to port 8443) ExtremeCloud IQ Site Engine communication Communication between multiple ExtremeControl engines From every end-system subnet subject to ExtremeControl assessment agent in order to support agent mobility |
TCP | 8443 | HTTPS | ExtremeControl web browser access ExtremeCloud IQ Site Engine communication Communication between multiple ExtremeControl engines From every end-system subnet subject to ExtremeControl assessment agent in order to support agent mobility |
TCP | 8444 | HTTPS | ExtremeControl web browser access (redirects to port 8443) ExtremeCloud IQ Site Engine communication Communication between multiple ExtremeControl engines |
TCP | 8445 | HTTPS | ExtremeControl Assessment communication |
UDP | 123 | NTP | Network Time Protocol |
UDP | 161 | SNMP | SNMP agent managed by ExtremeCloud IQ Site Engine |
UDP | 1812 | RADIUS authentication | ExtremeControl RADIUS server |
UDP | 1813 | RADIUS accounting | ExtremeControl RADIUS server |
Connect | Distributed IPS module can be configured to receive information from third party solutions. Source (Protocol and Port and IP) is defined in the Distributed IPS module. |
Type | Port | Description | Purpose |
---|---|---|---|
TCP | 22 | SSH | Configuration of devices running VOSS/Fabric Engine (if ssh is configured in the CLI profile) |
TCP | 23 | Telnet | Configuration of devices running VOSS/Fabric Engine (if telnet is configured in the CLI profile) |
TCP | 135 | RPC | Remote Procedure Calls to Active Directory |
TCP | 389 | LDAP | User-based network authentication and directory services |
TCP | 80/443 | HTTPS | Certificate verification by CRL or OCSP |
TCP | 443 | HTTPS | Required when using Microsoft Entra ID (formerly Azure AD), or OpenID integration. |
TCP | 445 | DCERPC | Distributed Computing Environment/Remote Procedure Calls |
TCP | 636 | LDAP | User-based network authentication and directory services |
TCP | 8080 | HTTP | ExtremeCloud IQ Site Engine communication Communication between multiple ExtremeControl engines |
TCP | 8443 | HTTPS | ExtremeCloud IQ Site Engine communication Communication between multiple ExtremeControl engines |
TCP | 8444 | HTTPS | ExtremeCloud IQ Site Engine communication Communication between multiple ExtremeControl engines |
UDP/TCP | 88 | Kerberos | Kerberos Protocol |
UDP | 123 | NTP | Network Time Protocol |
UDP | 161 | SNMP | Communication to authenticators |
UDP | 162 | SNMP Trap | SNMP traps sent to ExtremeCloud IQ Site Engine |
UDP | 389 | CLDAP | Winbind discovery |
UDP | 1700 | RADIUS CoA | ExtremeControl RADIUS server to authenticators |
UDP | 1812 | RADIUS authentication | Proxy authorization to remote RADIUS Server |
UDP | 1813 | RADIUS accounting | Proxy accounting to remote RADIUS Server |
UDP | 3799 | RADIUS CoA | ExtremeControl RADIUS server to authenticators |
ExtremeAnalytics Ports
Type | Protocol | Description | Purpose |
---|---|---|---|
IP | 47 | GRE | Mirror Traffic for CoreFlow, Virtual Sensor, Wireless Controller, and App Telemetry application identification. |
Type | Port | Description | Purpose |
---|---|---|---|
TCP | 22 | SSH | Shell access |
TCP | 8080 | HTTP | ExtremeCloud IQ Site Engine communication |
TCP | 8443 | HTTPS | ExtremeCloud IQ Site Engine communication |
UDP | 123 | NTP | Network Time Protocol |
UDP | 161 | SNMP | SNMP agent managed by ExtremeCloud IQ Site Engine |
UDP | 2055 | NetFlow | NetFlow Collector |
UDP | 2058 | IPFIX | VMWare NSX IPFIX collector |
UDP | 2075 | IPFIX | IPFIX collector |
UDP | 2095 | NetFlow | ExtremeWireless NetFlow collector |
UDP | 4739 | IPFIX | ExtremeXOS/Switch Engine IPFIX collector, VTAP IPFIX collector from Virtual Sensor |
UDP | 6343 | SFlow | SFlow for ExtremeAnalytics Application Telemetry |
Type | Port | Description | Purpose |
---|---|---|---|
TCP | 80 | HTTP | Virtual Sensor configuration |
TCP | 443 | HTTPS | Virtual Sensor configuration |
TCP | 8080 | HTTP | ExtremeCloud IQ Site Engine communication |
TCP | 8443 | HTTPS |
ExtremeCloud IQ Site Engine communication |
UDP | 123 | NTP | |
UDP | 162 | SNMP Trap | SNMP traps sent to ExtremeCloud IQ Site Engine |
UDP | IPFIX | Flow export. Destination and port is defined in the configuration of the Analytics Engine |
FabricManager Ports
Type | Port | Description | Purpose |
---|---|---|---|
UDP | 161 | SNMP | Communicating with the devices |
TCP | 22 | SSH | Communication between ExtremeCloud IQ - Site Engine and FM for SSH |
TCP | 8443 | HTTP | Communication between ExtremeCloud IQ - Site Engine and FM for REST & ZTP+ |
Type | Port | Description | Purpose |
---|---|---|---|
TCP | 22 | SSH | Communication between ExtremeCloud IQ - Site Engine and FM for SSH |
Ephemeral Ports
The port range 32768 to 61000 is reserved for dynamically allocated port numbers used by most TCP and UDP based protocols, such as TFTP and FTP.