From: Erick B. (erickbe@xxxxxxxxx)
Date: Wed Nov 28 2001 - 07:45:10 GMT-3
Hi,
Port-map doesn't change the port telnet runs on, or
other services.
You can't really change the port telnet runs on, but
if you add 'rotary 1' under the line vty secton then
you can also telnet to port 3001. Apply access-lists
and access-classes to restrict access.
What port-map does is let you add other ports to the
pre-defined telnet, ftp, http, etc keywords so when
these keywords are used in access-lists, etc they can
match on multiple ports besides the one defined in
IOS. You also can't remove or change the
system-defined port # for the service name.
Example: The 'telnet' keyword looks for traffic on
port 23 only by default, by doing a 'ip port-map
telnet port 90' it adds port 90 to be watched when
'telnet' keyword is used.
router#show ip port-map telnet
Default mapping: telnet port 23 system defined
Default mapping: telnet port 90 user defined
--- tom cheung <tkc9789@hotmail.com> wrote:
> Can someone explain how port map is used? I tried
> to change my telnet port
> from 23 to 3333 and have the following configured:
>
>
> ip port-map telnet port 3333 list 90
>
> access-list 90 permit 172.16.0.0 0.0.255.255
>
> But why can't I telnet to this router using port
> 3333?
>
> telnet 172.16.1.1 3333
> Trying 172.16.1.1, 3333 ...
> % Connection refused by remote host
>
>
> TIA
>
>
>
>
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:24 GMT-3