Communication Matrix
Data transfer ports used by various components are critical for storage system communication. If you have demanding requirements for network configuration security, you must know network port types required by various components. In this way, you can enable relevant ports for proper link connection when constructing a network.
Rules for using ports are as follows:
- Components must be equipped with firewalls that allow a port connection between the source device and target device.
- Firewalls must allow ports to transfer data to the source device for establishing a connection (default configuration).
Table 3-8 describes the transfer ports provided by the storage system.
Source Device |
Source Port |
Target Device |
Target Port |
Protocol |
Port Description |
Plane |
|---|---|---|---|---|---|---|
Any |
1024 to 65535 |
Controller |
22 |
TCP |
Port for SSH services, which is used to remotely log in to a storage system for management on the CLI. |
Management |
Controller |
1024 to 65535 |
Controller |
123 |
UDP |
Port for NTP services, which is used to synchronize the time of a storage system. |
Management |
Any |
1024 to 65535 |
Controller |
161 |
UDP |
Listening port, which is used by SNMP to interwork with the upper-layer NMS. It is accessible only to the management and maintenance network ports. |
Management |
DeviceManager Web client |
1024-65535 |
Controller |
8088 |
TCP |
Port for providing web services, which is used for system management and maintenance, and is accessible to the management and maintenance ports. |
Management |
Any |
1024 to 65535 |
Controller |
3260 |
TCP |
iSCSI listening port of a storage system, which is used to connect a host to the storage system for running services. It is accessible only to service network ports. |
Service |
Controller |
32768 to 61000 |
Controller |
TCP |
iSCSI listening port of a storage system, which is used to connect two storage systems for running services. It is accessible only to service network ports. |
Service |
|
Any |
1024 to 65535 |
Controller |
24924 |
TCP |
When the iSNS service is enabled on a storage system, this port listens to the connections with the iSNS server and is accessible only to service network ports. |
Service |
Controller |
32768 to 61000 |
Quorum Server |
30002 |
TCP |
Default listening port of the quorum server service |
Service |
Controller |
1024-65535 |
Controller |
12100 |
TCP |
Used to establish replication links between storage systems (TCP proprietary protocol). |
Service |
Any |
1024-65535 |
Controller |
22 |
TCP |
Used to remotely power on a storage system after the storage system has been gracefully powered off. |
Management |
Controller |
1024-65535 |
Controller |
12001 |
TCP |
Used to establish replication links between storage systems (based on Xnet links). |
Service |
Any |
1024-65535 |
Disk enclosure |
22 |
TCP |
Port for SSH services, which is used to log in to the disk enclosure of a storage system for management on the CLI. |
Management |
NFS client |
1 to 65535 |
Controller |
2049 |
TCP/UDP |
Port for reads and writes of the NFS service. |
Service plane |
NFS client |
1 to 65535 |
Controller |
2051 |
TCP/UDP |
User-mode NFS listening port, used for file lock services. |
Service plane |
NFS client |
1 to 65535 |
Controller |
2052 |
TCP/UDP |
Kernel-mode NFS listening port, used for file lock services. |
Service plane |
NFS client |
1 to 65535 |
Controller |
2050 |
TCP/UDP |
Port for controlling NFS directory mounting. |
Service plane |
CIFS client |
1 to 65535 |
Controller |
445 |
TCP |
CIFS service port. |
Service plane |
CIFS client |
1024 to 65535 |
Controller |
135 |
TCP |
Port for Microsoft Remote Procedure Call (MSRPC) services, used to manage CIFS shares and users. |
Service plane |
NFS client |
1 to 65535 |
Controller |
111 |
TCP/UDP |
Port used by external clients to obtain the remote procedure call (RPC) service. |
Service plane |
Any |
1 to 65535 |
Controller |
53 |
UDP |
Listening port used by the DNS server to provide DNS load balancing for the storage system |
Service plane |
Table 3-9 describes the external device transfer ports that accessed by the storage system.
Source Device |
Source Port |
Target Device |
Target Port |
Protocol |
Port Description |
Plane |
|---|---|---|---|---|---|---|
Controller |
1024-65535 |
DNS server (external) |
53 |
TCP/UDP |
Domain name and host name resolution |
Management |
Controller |
1024-65535 |
AD domain server/LDAP domain server (external) |
389 |
TCP/UDP |
Domain authentication |
Management |
Controller |
1024-65535 |
AD domain server/LDAP domain server (external) |
636 |
TCP/UDP |
Domain authentication |
Management |
Controller |
1024-65535 |
Email server (external) |
25 |
TCP/UDP |
Sending alarm notification through email |
Management |
Controller |
1024-65535 |
Email server (external) |
465 |
TCP/UDP |
Sending alarm notification through email |
Management |
Controller |
1024-65535 |
Email server (external) |
587 |
TCP/UDP |
Sending alarm notification through email |
Management |
Controller |
1024-65535 |
NTP server (external) |
123 |
TCP/UDP |
Time synchronization |
Management |
Controller |
1024-65535 |
Network management server (external) |
162 |
UDP |
Sending alarms using SNMP Trap |
Management |
Controller |
1024-65535 |
Syslog server (external) |
514 |
UDP |
Sending alarms and logs through Syslog |
Management |
Controller |
1024-65535 |
Syslog server (external) |
514 |
TCP |
Sending alarms and logs through Syslog |
Management |
Controller |
1024-65535 |
FTP server (external) |
21 |
TCP/UDP |
Dumping alarms, performance statistics, and keys |
Management |
Controller |
1024-65535 |
SFTP server (external) |
22 |
TCP/UDP |
Dumping alarms, performance statistics, and keys |
Management |
Controller |
1024-65535 |
eService server (external) |
7448 |
TCP |
Authentication listening port of the eService server (external) |
Management |
Controller |
1024-65535 |
eService server (external) |
8448 |
TCP |
Message listening port of the eService server (external) |
Management |
Controller |
1024-65535 |
eService server (external) |
9448 |
TCP |
File upload listening port of the eService server (external) |
Management |
Controller |
1024-65535 |
HTTP proxy server (external) |
80 |
TCP |
Default listening port of the HTTP proxy server (external) |
Management |
Controller |
1024-65535 |
HTTP proxy server (external) |
80 |
TCP |
Default listening port of the HTTP proxy server (external) |
Management |
Controller |
1024-65535 |
iSNS server |
3205 |
TCP |
When the iSNS service is enabled on a storage system, this port is used by the storage system to establish connections to the iSNS server. This port is accessible only to service network ports. |
Service |
Controller |
1024-65535 |
DNS server (external) |
53 |
TCP/UDP |
Domain name and host name resolution |
Service plane |
Controller |
1024-65535 |
AD domain server (external) |
88 |
TCP |
Kerberos authentication |
Service plane |
Controller |
1024-65535 |
AD domain server (external) |
464 |
TCP/UDP |
AD domain authentication |
Service plane |
Controller |
1024-65535 |
AD domain server (external) |
445 |
TCP |
AD domain authentication |
Service plane |
Controller |
1024-65535 |
LDAP domain server (external) |
389 |
TCP/UDP |
LDAP communication |
Service plane |
Controller |
1024-65535 |
LDAP domain server (external) |
636 |
TCP |
LDAPS authentication |
Service plane |
Controller |
1024-65535 |
NIS server (external) |
111 |
TCP/UDP |
NIS authentication |
Service plane |
