Re: Telnet port on Cisco router

From: Erick B. (erickbe@xxxxxxxxx)
Date: Sat Nov 03 2001 - 17:55:42 GMT-3

• Next message: Dennis Laganiere: "RE: redistribution consolidation"
• Previous message: Timothy Ouellette: "Re: Telnet port on Cisco router"
• Maybe in reply to: Timothy Ouellette: "Re: Telnet port on Cisco router"
• Next in thread: Ron Royston: "Re: Telnet port on Cisco router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
That works to, but using a port-map isn't needed to
telnet to port 3001 after doing rotary group. It's
easier to forget the port-map and just use ACLs to
deny traffic to port 23 and permit port 3001.

I didn't know about the port-map until Sean mentioned
it. I played around with it and found out what it's
used for. The port-map is used to define additional
ports for services (telnet, http, ftp, etc) so when
you use the telnet, ftp, etc keywords in ACLs IOS
watches the additional user-defined ports as well as
the system-defined ones.

Erick

--- Timothy Ouellette <timoue@home.com> wrote:
> Just a thought if you really wanted to be security
> minded. Define a
> port-map for telnet to let's say port 3001. Then
> use an access-list to
> deny all incoming traffic to the router's interfaces
> on port 23 but then
> allow incoming traffic on port 3001. That's how I
> did it anyways :)
>
> Tim
>
> "Erick B." wrote:
> >
> > Darek,
> >
> > The port-map command lets you define additional
> port
> > #s for the services the router knows about, etc so
> it
> > watches these other ports then the default ports
> > defined in IOS. It doesn't change the port # the
> > router listens for telnet traffic on.
> >
> > If you define a port-map for telnet, and do a
> 'show ip
> > port-map telnet' they'll be 2 entries. One for
> port 23
> > and one for the user-defined. You can't delete the
> > mapping for 23 either because it is
> system-defined.
> >
> > However, the below will let you telnet to port
> 3001 as
> > well. Use access-lists/classes to restrict access
> > further.
> >
> > line vty 0 4
> > rotary 1
> >
> > HTH, Erick
> >
> > --- Sean Reilly <seanreilly@nc.rr.com> wrote:
> > > Darek,
> > > Check out this document on port mapping, this
> should
> > > help.
> > >
> > >
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
> > > r_r/srprt3/srdpam.htm
> > >
> > > Sean
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com
> > > [mailto:nobody@groupstudy.com]On Behalf Of
> > > Darek Kuzma
> > > Sent: Thursday, October 25, 2001 8:45 AM
> > > To: ccielab@groupstudy.com
> > > Subject: Telnet port on Cisco router
> > >
> > >
> > > Hi,
> > > Is it possible to make Cisco Router to listen
> for
> > > telnet on port
> > > different then 23?
> > > Thanks,
> > > Darek
> > >
> >
>

• Next message: Dennis Laganiere: "RE: redistribution consolidation"
• Previous message: Timothy Ouellette: "Re: Telnet port on Cisco router"
• Maybe in reply to: Timothy Ouellette: "Re: Telnet port on Cisco router"
• Next in thread: Ron Royston: "Re: Telnet port on Cisco router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:03 GMT-3