From: Timothy Ouellette (timoue@xxxxxxxx)
Date: Sat Nov 03 2001 - 17:25:07 GMT-3
Just a thought if you really wanted to be security minded. Define a
port-map for telnet to let's say port 3001. Then use an access-list to
deny all incoming traffic to the router's interfaces on port 23 but then
allow incoming traffic on port 3001. That's how I did it anyways :)
Tim
"Erick B." wrote:
>
> Darek,
>
> The port-map command lets you define additional port
> #s for the services the router knows about, etc so it
> watches these other ports then the default ports
> defined in IOS. It doesn't change the port # the
> router listens for telnet traffic on.
>
> If you define a port-map for telnet, and do a 'show ip
> port-map telnet' they'll be 2 entries. One for port 23
> and one for the user-defined. You can't delete the
> mapping for 23 either because it is system-defined.
>
> However, the below will let you telnet to port 3001 as
> well. Use access-lists/classes to restrict access
> further.
>
> line vty 0 4
> rotary 1
>
> HTH, Erick
>
> --- Sean Reilly <seanreilly@nc.rr.com> wrote:
> > Darek,
> > Check out this document on port mapping, this should
> > help.
> >
> >
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
> > r_r/srprt3/srdpam.htm
> >
> > Sean
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com]On Behalf Of
> > Darek Kuzma
> > Sent: Thursday, October 25, 2001 8:45 AM
> > To: ccielab@groupstudy.com
> > Subject: Telnet port on Cisco router
> >
> >
> > Hi,
> > Is it possible to make Cisco Router to listen for
> > telnet on port
> > different then 23?
> > Thanks,
> > Darek
> >
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:03 GMT-3