Table 1 and Table 2 describe the various IP protocols and how they relate to the Metasys system.
|
Port |
Protocol |
Uses |
Metasys Device |
Description |
|---|---|---|---|---|
|
22 |
SSH |
TCP |
Network Engine (Linux OS only) |
Used to remotely access a network engine from a laptop. This function is only available for use by authorized personnel on Johnson Controls laptops. |
|
23 |
Telnet |
TCP |
Network Engine |
Telnet is no longer available for network engines at Release 10.0 or later. |
|
25 |
SMTP |
TCP |
NAE35/NAE35/NCE25 |
Provides remote access to device using the internet or local area network. |
|
25 |
SMTP |
TCP |
ADS/ADX/OAS/ODS |
Used for alarms and events. |
| Network Engine | ||||
|
53 |
DNS |
UDP |
Active Directory Client |
Translates domain names into numerical IP addresses. This port allows the server to receive responses to DNS queries. |
| ADS/ADX/OAS/ODS | ||||
| Computer (Web Browser) | ||||
| Network Engine | ||||
|
67 68 |
DHCP |
UDP |
Active Directory Client |
Assigns and keeps track of dynamic IP addresses and other network configuration parameters. Alternate Method: Use static IP addresses. |
| ADS/ADX/OAS/ODS | ||||
| Computer (Web Browser) | ||||
| Network Engine | ||||
|
69 |
TFTP2 |
UDP |
Metasys SCT |
Downloads new images to NAEs. Note: This port is used only when the
NAE is provisioned and is not used during system runtime.
|
|
Network Engine |
||||
|
80 |
HTTP2 |
TCP |
ADS/ADX/OAS/ODS |
Provides communication between peer controllers, computers, and other Internet systems using SOAP over HTTP. The ADS/ADX/ODS requires that only Port 80 be open to receive communication from client devices. Port 80 is the primary port used by the World Wide Web. Note: For a higher level of security, at Metasys system Release 8.1 or later,
you can close Port 80 (incoming and outgoing). See Closing ports.
|
|
Computer (Web Browser) |
||||
|
Network Engine |
||||
|
SCT |
||||
|
80 |
HTTP |
TCP |
NAE Update Tool |
Used for file transfers between the client computer and the network engine. |
|
88 |
Kerberos |
TCP UDP |
ADS/ADX/OAS/ODS (Member of Domain X) |
Used by the Metasys system for Active Directory service authentication at the Metasys system login screen, and Service Account authentication prior to LDAP queries. Kerberos is a standard network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. Kerberos is the primary security protocol for authentication within an Active Directory service Domain. Kerberos authentication relies on client functionality built into the Windows operating systems supported by Metasys software. |
|
ADX Split Web/Application Server (Member of Domain X) |
||||
|
Metasys System Client (Member of any Domain) |
||||
| SCT (Member of Domain X) | ||||
|
110 |
POP3 |
TCP |
Computer (Web Browser) |
Receives and holds email for downloading from your Internet server. POP3 is allowed in the Metasys system only for authentication from a SMTP server. Note: Firewall rules are not necessary to allow
access in most cases because this server should be behind
the firewall.
|
|
123 |
NTP |
UDP |
ADS/ADX/OAS/ODS (Member of Domain X) |
Used for time synchronization across a network between client computers and server-class operating system host computers. |
|
ADX Split Web/Application Server (Member of Domain X) |
||||
|
Metasys System Client (Member of any Domain) |
||||
| SCT (Member of Domain X) | ||||
|
123 |
SNTP2 |
UDP |
ADS/ADX/OAS/ODS |
Used to synchronize computer clocks over a network between a server and its clients. SNTP is not required for all systems. |
|
Network Engine |
||||
|
135 |
Remote Procedure Call (RPC) |
TCP |
ADS/ADX/OAS/ODS (Member of Domain X) |
Used by IIS on the ADS/ADX, OAS/ODS, and SCT during the process of authentication during SSO (Windows Integrated Authentication). If SSO is disabled in the Metasys system, this port and protocol are not used by the Metasys system; however, if the ADS/ADX, OAS/ODS, SCT, or Metasys client, or any combination are members of an Active Directory service domain, this port and protocol are used for Active Directory service functionality. |
|
ADX Split Web/Application Server (Member of Domain X) |
||||
|
Metasys System Client (Member of any Domain) |
||||
| SCT (Member of Domain X) | ||||
|
161 |
SNMP2 |
UDP |
ADS/ADX/OAS/ODS |
Provides network monitoring and maintenance. Typically notifies IT department personnel of alarms that are of interest to them, such as data center environmental conditions. The site must use a network management system capable of receiving SNMP Traps. Alternate Method: If the system allows, use email destinations for remote alarm notification instead of SNMP. |
|
Metasys UI |
||||
|
Network Engine |
||||
|
SCT |
||||
|
389 |
LDAP |
TCP |
ADS/ADX/OAS/ODS (Member of Domain X) |
Used by the Metasys system to access user objects and attributes within Active Directory service. LDAP is a standard communication protocol for directories located on TCP/IP networks. LDAP defines how a directory client can access a directory server and how the client can perform directory operations and share directory data. |
|
ADX Split Web/Application Server (Member of Domain X) |
||||
|
Metasys System Client (Member of any Domain) |
||||
|
SCT (Member of Domain X) |
||||
|
443 |
Secure Sockets Layer (SSL) Transport Layer Security (TLS) HTTPS |
TCP |
ADS/ADX/OAS/ODS (Member of Domain X) |
Required if you use SSL with your reporting ADX. |
|
Metasys Advanced Reporting ADX |
||||
| Network Engine |
Required if you use TLS with the Metasys UI and the Metasys UI Offline for site security. Port 443 is used for secure web browser communication. Data transferred across such connections is highly resistant to eavesdropping and interception. Moreover, the identity of the remotely connected server can be verified with significant confidence. Web servers offering to accept and establish secure connections listen on this port for connections from web browsers desiring strong communication security. |
|||
|
SCT (Member of Domain X) |
||||
|
Metasys UI and Metasys UI Offline |
||||
| Computer (web browser) | ||||
|
445 |
NT LAN Manager Version 2 (NTLMv2) |
TCP |
ADS/ADX/OAS/ODS (Member of Domain X) |
Used during Metasys system SSO authentication. NTLMv2 is a network authentication protocol developed by Microsoft and the secondary security protocol for authentication within an Active Directory service domain. If a domain client or domain server cannot use Kerberos authentication, then NTLM authentication is used. |
|
ADX Split Web/Application Server (Member of Domain X) |
||||
|
Metasys System Client (Member of any Domain) |
||||
| SCT (Member of Domain X) | ||||
|
465 |
SMTP |
TCP |
ADS/ADX/OAS/ODS | Used for alarms and events. |
| Network Engine | ||||
|
514 |
Syslog |
UDP |
ADS/ADX/OAS/ODS |
Provides capability of sending its configured audit log entries and alarm notifications to the central repository of an external, industry-standard, Syslog server, conforming to Internet published RFC 3164. |
|
Network Engine |
||||
|
SCT |
||||
|
587 |
SMTP |
TCP |
ADS/ADX/OAS/ODS | Used for alarms and events. |
| Network Engine | ||||
|
995 |
POP3 |
TCP |
Computer (Web Browser) |
Receives and holds email for downloading from your Internet server. POP3 is allowed in the Metasys system only for authentication from a SMTP server. The mail server uses port 995 for SSL connections for POP3 access. Note: Firewall rules are not necessary to allow
access in most cases because this server should be behind
the firewall.
|
|
1025 |
Remote Procedure Call (RPC) |
TCP |
ADS/ADX/OAS/ODS (Member of Domain X) |
Used by IIS on the ADS/ADX/OAS/ODS/SCT during the process of authentication during SSO (Windows Integrated Authentication). If SSO is disabled in the Metasys system, this port and protocol are not used by the Metasys system; however, if the ADS/ADX/OAS/ODS/SCT, or Metasys client, or any combination, is a member of an Active Directory service domain, this port and protocol are used for Active Directory service functionality. |
|
ADX Split Web/Application Server (Member of Domain X) |
||||
|
Metasys System Client (Member of any Domain) |
||||
| SCT (Member of Domain X) | ||||
|
1433 |
Microsoft SQL Server Database |
TCP |
ADX |
Used between the web/application server and database server computers when the ADX is split across two devices. |
|
Metasys ADX Split Database Server (Member of Domain X) |
||||
|
1812 |
RADIUS |
UDP |
Network Engine |
Provides a secured server and network engines to authenticate non-local user access through a Remote Authentication Dial-In User Service (RADIUS) server. RADIUS is used by the server and network engines to authenticate the identity of authorized non-local users of the system. |
|
ADS/ADX/OAS/ODS |
||||
|
SCT |
||||
|
3389 |
Remote Desktop Protocol (RDP) |
TCP |
NAE55/NIE (Windows Embedded OS only) |
Used to log in to the operating system of a device from a remote computer. The Remote Desktop Protocol (RDP) Service is usually disabled unless enabled by the NxE Information and Configuration Tool (NCT) operation. |
|
4096 4097 |
N2 Protocol |
UDP |
NAE55 (Windows Embedded OS only) |
Used for N2 tunneling over Ethernet on trunk 1. The N2 technology option provides a serial data port, allowing variable speed drives (VSDs) to link and form a network. |
|
NAE55 (Windows Embedded OS only) |
Used for N2 tunneling over Ethernet on trunk 2. The N2 technology option provides a serial data port, allowing variable speed drives (VSDs) to link and form a network on the SA Bus. |
|||
|
9910 |
Microsoft Discovery Protocol2 |
TCP and UDP |
Network Engine |
Used by NCT to get diagnostic information from devices on the same network. |
|
SCT |
||||
|
NCT and NAE Update Tool |
||||
|
9911 |
Metasys Private Message2 |
UDP |
SCT |
Used by SCT to broadcast a message to the local network segment when a user selects the device discovery menu item. Any Metasys node that receives this broadcast message will respond on UDP port 9911 with device configuration information to be displayed in the device discovery window. |
| 10050 |
TCP |
NAE Update Tool |
Used during NAE Update Tool operations such as updating an image to a network engine. Not used with SNC and SNE engines. |
|
|
11001 |
N1 Protocol |
UDP |
NCM |
Provides N1 message transmission (proprietary packet encoded in UDP) for devices at Release 9.0 or earlier. If you are connecting to multiple N1 networks, the port is unique for each N1 network. Network Control Modules automatically configure themselves to use Port 11001. Start numbering other networks in the Multi-network configuration with 11003 and continue sequentially. Do not use a UDP Port Address (UDPPA) of 11002. The value 11002 is used by the Metasys Ethernet Router and should be avoided even if Metasys Ethernet Routers are not in the system. The recommended addressing for five N1s is 11001, 11003, 11004, 11005, 11006. |
|
NIE5x |
||||
|
12000 |
UberDebug Service |
TCP |
Metasys System |
Used by Metasys software for debugging and logging. |
|
47808 |
BACnet/IP Protocol |
UDP |
NAE/NCE |
Refer to the BACnet Controller Integration with NAE/NCE Technical Bulletin (LIT-1201531). If you are connecting to multiple BACnet networks, the port is unique for each BACnet network. The default port number is 47808. Choose additional UDP ports that do not conflict with a port that is in use. |
|
Port Number |
Protocol |
Uses |
Wireless Protocol |
Metasys Device |
Description |
|---|---|---|---|---|---|
|
80 |
HTTP |
TCP |
802.11b/802.11g |
Computer (Web Browser) |
Used to synchronize computer clocks over a network between a server and its clients. SNTP is not required for all systems. |
|
4050 5 |
Wireless Many-to-One Sensing |
UDP |
802.15.4 |
WRS-RTN |
Used for wireless supervisor integration; recommended UDP port number. |
|
47808 |
Wireless ZigBee |
UDP |
802.15.4 |
Wireless Network Coordinator (WNC) |
Used for wireless supervisor integration; recommended UDP port number. |