Have you ever searched through Cisco Documentation looking for port numbers so that you could write an access-list?  Well if you are studying for the CCIE you probably have, especially since our good friend Google is not allowed within the confines of the lab exam.  In the past I have followed the advice of Brian McGahan at Internetwork Expert and used the “Reference” Section of the Cisco ASA User Guide.  It has always proven to be useful but sometimes lacking.

Well here is another tip to add to your arsenal, brought to you by “deadhead blues” on the CCIE TO BE blog:

Finding out port numbers with NBAR show commands

I had a filtering task that said to allow H323 Traffic to a specific vlan. Well…what ports does H323 use? I could not find it on the DocCD but I remembered a show command that will let us know:

R1#sho ip nbar port-map h323 
port-map h323       udp 1300 1718 1719 1720 11720 
port-map h323       tcp 1300 1718 1719 1720 11000 - 11999 

Sweet!

If you haven’t had a chance to check out the blog I would recommend it.  It’s one of my regular reads!   I hope you find this useful as I did.  Now I have to get back to the IPexpert CCIE Security Section 19 lab that I have been working on in bits-and-peices over the week.  Happy Studies!