Open Port

Unanswered Question
Oct 1st, 2008
User Badges:


I have a Cisco 878 Router and have been asked to open ports 8585 and 8119. I have a web interface that does not show this option and I am new to telnet. Can anybody please give me some information on how to do this.

Many thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rush2amol Wed, 10/01/2008 - 04:30
User Badges:

Do you have acl configured on the interfaces of the router ?

adamrdigital Wed, 10/01/2008 - 06:05
User Badges:

acl - I have looked at the documentation that the Cisco Engineer left with me 2 years ago and it does say that acl is configured. How to get it or view it I am unsure.

julio.fojon Wed, 10/01/2008 - 06:19
User Badges:


Just do show access-list from the priviliged mode (#) and you willl be able to see all the configured access lists in your router.

I hope it helps, thanks.

adamrdigital Wed, 10/01/2008 - 06:40
User Badges:


I have done that and also used some code I have found from to open ports 8119 and 8585.

I have attached a screengrab of what I see at the bottom of my list when I type in "show access-list" in telnet. Howeever when I go to http://localhost:8585 I get page not found. I should be able to see a TomCat Page.

julio.fojon Wed, 10/01/2008 - 06:46
User Badges:


I can't see very welll your output but I believe that at the begining of the access list you have a deny any any statement. If so, that is why you might still have issues seeing the page.

FYI, when you are going to modify an access list you have to remove it from the interface, then remove it from the configuration and re-enter it making sure that the statements are in the correct order. The deny statement has to go (always) at the end of the list; otherwise, all the traffic will be blocked.

Even if you don't enter the deny statement, there is an implicit statement in there.

Make the proper changes and let me know if it helps. Thanks.

John Blakley Wed, 10/01/2008 - 09:04
User Badges:
  • Purple, 4500 points or more

Yes, you have a deny above your permit statements, and that will block everything. Since you're not using extended access lists, you'll have to remove the acl from the interface, copy and paste the acl into notepad, make your changes, and then paste back into your router. Then you'll reapply, but one thing to note, if you have an acl, and you're not using static nat translations to the device that you're wanting to open access to, then you won't really be doing much. You need to have statics in your nat translations.

To remove acl from interface:

router(config)# int fa4 (or whatever interface your public address is on)

router(config-if)# no ip access-group in

It would be best if you posted your sanitized config.



This Discussion