05-03-2007 09:54 AM - edited 03-05-2019 03:51 PM
ok so I have a few internal cisco 1721 routers that were configured by a vendor. They are listening for ports 2005 and 6005. I cannot find anything in the config that specifically defines this and I don't need those ports anymore. Does anyone spot anything obvious in the acl's? I see that 6005 is in the range of one acl but I don't see anything about port 2005 anywhere. I can post the whole config if needed. Thanks.
access-list 150 remark QOS ACL
access-list 150 permit udp any range 6004 6248 any
access-list 150 permit udp any any range 6004 6248
access-list 150 permit udp any range 5000 5070 any
access-list 150 permit udp any any range 5000 5070
access-list 150 permit tcp any eq 5570 any
access-list 150 permit tcp any any eq 5570
access-list 150 permit tcp any any eq 5566
access-list 150 permit tcp any eq 5566 any
05-04-2007 03:17 AM
Hi,
Kindly let us know how you have identified that the router is listening on port 2005 and 6005. Are they TCP or UDP ports.
Can you issue the CLI command " show ip socket" in the routers and examine the output, whether the router is listening on those ports..?
-VJ
05-16-2007 08:20 AM
When I telnet to the router on either of those ports, it asks for a password.
telnet 192.168.1.1 2005
responds with a password prompt. Same thing happens for port 6005 but all other ports deny access.
05-16-2007 08:20 PM
Hi,
Kindly post the config of the router to check this further.
-VJ
05-16-2007 11:59 PM
The ports 2005 and 6005 are supposly used by async lines. Can you post a show ver and show diag and full config would be helpful anyway.
05-17-2007 08:36 AM
So here is the config with the show version below that. I did see in my searching that those ports had something to do with async lines. I should also say that there is an external modem setup on this router if that has any impact.
show conf
version 12.4
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname 1721
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
no ip dhcp use vrf connected
!
class-map match-all voice-priority
match access-group 150
!
policy-map POLICY1
class voice-priority
priority 512
set ip precedence 7
class class-default
fair-queue
set ip precedence 0
!
interface FastEthernet0
ip address 192.168.7.1 255.255.255.0
ip helper-address 192.168.7.125
speed auto
no keepalive
!
interface Serial0
ip address outside.ip subnet.mask
service-policy output POLICY1
!
ip classless
ip route 0.0.0.0 0.0.0.0 outside.ip
!
no ip http server
!
access-list 150 remark QOS ACL
access-list 150 permit udp any range 6004 6248 any
access-list 150 permit udp any any range 6004 6248
access-list 150 permit udp any range 5000 5070 any
access-list 150 permit udp any any range 5000 5070
access-list 150 permit tcp any eq 5570 any
access-list 150 permit tcp any any eq 5570
access-list 150 permit tcp any any eq 5566
access-list 150 permit tcp any eq 5566 any
snmp-server enable traps tty
!
control-plane
!
line con 0
password 7
login
line aux 0
password 7
login
modem InOut
transport input all
stopbits 1
flowcontrol hardware
line vty 0 4
password 7
login
!
end
show ver
Cisco IOS Software, C1700 Software (C1700-IPBASE-M), Version 12.4(1c), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 26-Oct-05 06:46 by evmiller
ROM: System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)
1721 uptime is 1 year, 11 weeks, 2 days, 20 hours, 6 minutes
System returned to ROM by power-on
System restarted at 13:27:59 UTC Sun Feb 26 2006
System image file is "flash:c1700-ipbase-mz.124-1c.bin"
Cisco 1721 (MPC860P) processor (revision 0x500) with 58417K/7119K bytes of memory.
Processor board ID FOC10012YNC (1613946723), with hardware revision 0000
MPC860P processor: part number 5, mask 2
1 FastEthernet interface
1 Serial interface
WIC T1-DSU
32K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
05-17-2007 10:45 AM
And what does the "show line" says?
05-17-2007 10:55 AM
I'm not familiar with that command but here is the output. Looks like the modem is attached to the AUX port right?
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
0 CTY - - - - - 0 0 0/0 -
5 AUX 9600/9600 - inout - - - 12 0 2861/0 -
* 6 VTY - - - - - 55 0 0/0 -
7 VTY - - - - - 1 0 0/0 -
8 VTY - - - - - 1 0 0/0 -
9 VTY - - - - - 1 0 0/0 -
10 VTY - - - - - 1 0 0/0 -
Line(s) not in async mode -or- with no hardware support:
1-4
05-17-2007 09:40 PM
Yes it probably means that some device connected to AUX port. The line numbering on Cisco the following:
0 is always for console
1 - x asynch lines
x+1 aux port
x+2 - x+n vty lines
x is platform dependent.
If your platform does support let's say a 32 port asynch module, then x=31 so your lines will looks like this:
0 console
1-31 TTY lines (TCP ports mapped from 2001 or 6001 depends binary or ascii mode to 2032 or 6032)
33 aux
33 - rest used for VTY access
It looks that your platform supports a 4 port asynch card anyway.
If that you telnet to 2005 or 6005 than this will be a reverse telnet connection to your aux port.
Strange but the show ip sockets does not show your router is listening on port 2005 or 6005.
Pls rate if helps.
Stra
05-21-2007 09:02 AM
Next time I have access to the affected routers, I will unplug the modem and see if that makes any difference.
Thanks.
05-21-2007 09:26 AM
Paul
I believe that it is not a question of whether the modem is plugged in or not but is a question of how the aux is configured. The config that you posted shows this:
line aux 0
password 7
login
modem InOut
transport input all
stopbits 1
flowcontrol hardware
I believe that you need to remove the reference to modem and stopbits and flowcontrol if you want to verify usage of these ports is due to modem.
HTH
Rick
05-22-2007 10:54 AM
I understand what you are saying. I will give this a try and see what happens.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: