From: Ron Royston (ccie6824@xxxxxxxxxxx)
Date: Mon Nov 05 2001 - 12:13:12 GMT-3
That hyperlink says this feature was introduced in 12.0T, interim release 5.
It's not in 12.1, apparently.
Router#term length 3
Router#sho ver
Cisco Internetwork Operating System Software
IOS (tm) MSFC2 Software (C6MSFC2-JS-M), Version 12.1(4)E1, EARLY DEPLOYMENT
RELE
ASE SOFTWARE (fc1)
Router#sho ip p?
pgm pim policy prefix-list protocols
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip p?
pgm pim prefix-list
Router(config)#ip port-map ftp 3001
^
% Invalid input detected at '^' marker.
<><><><><><><><><><><><><>
Ron Royston
Avnet Enterprise Solutions
http://www.nsd.avnet.com/
>From: "Erick B." <erickbe@yahoo.com>
>Reply-To: "Erick B." <erickbe@yahoo.com>
>To: Timothy Ouellette <timoue@home.com>, ccielab@groupstudy.com
>Subject: Re: Telnet port on Cisco router
>Date: Sat, 3 Nov 2001 12:55:42 -0800 (PST)
>
>That works to, but using a port-map isn't needed to
>telnet to port 3001 after doing rotary group. It's
>easier to forget the port-map and just use ACLs to
>deny traffic to port 23 and permit port 3001.
>
>I didn't know about the port-map until Sean mentioned
>it. I played around with it and found out what it's
>used for. The port-map is used to define additional
>ports for services (telnet, http, ftp, etc) so when
>you use the telnet, ftp, etc keywords in ACLs IOS
>watches the additional user-defined ports as well as
>the system-defined ones.
>
>Erick
>
>--- Timothy Ouellette <timoue@home.com> wrote:
> > Just a thought if you really wanted to be security
> > minded. Define a
> > port-map for telnet to let's say port 3001. Then
> > use an access-list to
> > deny all incoming traffic to the router's interfaces
> > on port 23 but then
> > allow incoming traffic on port 3001. That's how I
> > did it anyways :)
> >
> > Tim
> >
> > "Erick B." wrote:
> > >
> > > Darek,
> > >
> > > The port-map command lets you define additional
> > port
> > > #s for the services the router knows about, etc so
> > it
> > > watches these other ports then the default ports
> > > defined in IOS. It doesn't change the port # the
> > > router listens for telnet traffic on.
> > >
> > > If you define a port-map for telnet, and do a
> > 'show ip
> > > port-map telnet' they'll be 2 entries. One for
> > port 23
> > > and one for the user-defined. You can't delete the
> > > mapping for 23 either because it is
> > system-defined.
> > >
> > > However, the below will let you telnet to port
> > 3001 as
> > > well. Use access-lists/classes to restrict access
> > > further.
> > >
> > > line vty 0 4
> > > rotary 1
> > >
> > > HTH, Erick
> > >
> > > --- Sean Reilly <seanreilly@nc.rr.com> wrote:
> > > > Darek,
> > > > Check out this document on port mapping, this
> > should
> > > > help.
> > > >
> > > >
> > >
> >
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
> > > > r_r/srprt3/srdpam.htm
> > > >
> > > > Sean
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com
> > > > [mailto:nobody@groupstudy.com]On Behalf Of
> > > > Darek Kuzma
> > > > Sent: Thursday, October 25, 2001 8:45 AM
> > > > To: ccielab@groupstudy.com
> > > > Subject: Telnet port on Cisco router
> > > >
> > > >
> > > > Hi,
> > > > Is it possible to make Cisco Router to listen
> > for
> > > > telnet on port
> > > > different then 23?
> > > > Thanks,
> > > > Darek
> > > >
> > >
> >
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:03 GMT-3