Disable telnet to ACS applliance 4.2 1113 SE

Unanswered Question
Aug 13th, 2010

Hi,

How do we disable the telnet to ACS appliance 4.2 1113 SE

Regards

Amar

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Fri, 08/13/2010 - 10:13
CSCsr56625            Bug Details

Telnet service is available once after getting a DHCP  address


Symptom:

When the 1113 appliance is running  4.2.0.124, configured for dhcp, and attached to network after  fully-started, the telnet port is open on appliance even with CSA  running.  The telnet port will remain open until someone exit a telnet  session from the appliance.

The telnet port will also open if the  ethernet port goes down/up.  It will also reopen it the appliance is  configured to use DHCP.


Conditions:


Workaround:
Apply   a ACL on the L3 interface to block port 23 to ACS



Re-image appliance with 4.2.0.124 and upgrade to 4.2.1 build 11.
Unplug the Ethernet cable from appliance.
Reboot the appliance via CLI.
Plug the Ethernet cable to appliance when appliance came up.
Do telnet into appliance.

Expected / Observed behavior:

You should not be able to telnet into the appliance after connecting the cable


[Wrap  text]  [Edit this enclosure]
V-comments: Added 09/08/2009 05:50:38  by sarmohan

[Unwrap  text]  [Edit this enclosure]
V-comments: Added 09/08/2009 05:50:38  by sarmohan

[Unwrap  text]  [Edit this enclosure]
Unit-test: Modified 11/09/2008  20:25:55 by rsivaji



[Wrap  text]  [Edit this enclosure]
Unit-test: Modified 11/09/2008  20:25:55 by rsivaji

[Unwrap  text]  [Edit this enclosure]
Unit-test: Modified 11/09/2008  20:25:55 by rsivaji

[Unwrap   text]  [Edit this enclosure]
Static-analysis: Added 11/09/2008  20:24:19 by rsivaji



[Wrap  text]  [Edit this enclosure]
Static-analysis: Added 11/09/2008  20:24:19 by rsivaji

[Unwrap  text]  [Edit this enclosure]
Static-analysis: Added 11/09/2008  20:24:19 by rsivaji

[Unwrap  text]  [Edit this enclosure]
Code-review: Added 11/09/2008  20:23:59 by rsivaji



[Wrap  text]  [Edit this enclosure]
Code-review: Added 11/09/2008  20:23:59 by rsivaji

[Unwrap  text]  [Edit this enclosure]
Code-review: Added 11/09/2008  20:23:59 by rsivaji

[Unwrap  text]  [Edit this enclosure]
R-comments: Added 11/09/2008 20:20:43  by rsivaji
The issue has been resolved by filtering the packet for right IP address.

[Wrap  text]  [Edit this enclosure]
R-comments: Added 11/09/2008 20:20:43  by rsivaji

[Unwrap  text]  [Edit this enclosure]
R-comments: Added 11/09/2008 20:20:43  by rsivaji

[Unwrap  text]  [Edit this enclosure]
SS-Review: Modified 10/31/2008  07:25:22 by jefkelle
$$NOOIB
 the 1113 appliance is running 4.2.0.124, configured for dhcp, and attached to network after fully-started, the telnet port is open on appliance even with CSA running.  The telnet port will remain open until someone exit a telnet session from the appliance.

The telnet port will also open if the ethernet port goes down/up.  It will also reopen it the appliance is configured to use DHCP.


[Wrap  text]  [Edit this enclosure]
SS-Review: Modified 10/31/2008  07:25:22 by jefkelle

[Unwrap  text]  [Edit this enclosure]
SS-Review: Modified 10/31/2008  07:25:22 by jefkelle

[Unwrap   text]  [Edit this enclosure]
Release-note: Modified 08/17/2008  14:03:31 by daladen






Symptom:
When the 1113 appliance is running 4.2.0.124, configured for dhcp, and attached to network after fully-started, the telnet port is open on appliance even with CSA running.  The telnet port will remain open until someone exit a telnet session from the appliance.

The telnet port will also open if the ethernet port goes down/up.  It will also reopen it the appliance is configured to use DHCP.







Conditions:





Workaround:
Apply a ACL on the L3 interface to block port 23 to ACS




Further Problem Description:














[Wrap  text]  [Edit this enclosure]
Release-note: Modified 08/17/2008  14:03:31 by daladen

[Unwrap  text]  [Edit this enclosure]
Release-note: Modified 08/17/2008  14:03:31 by daladen

[Unwrap   text]  [Edit this enclosure]
Steps to Recreate: Added 07/24/2008  12:48:05 by daladen



[Wrap  text]  [Edit this enclosure]
Steps to Recreate: Added 07/24/2008  12:48:05 by daladen

[Unwrap   text]  [Edit this enclosure]
Steps to Recreate: Added 07/24/2008  12:48:05 by daladen

[Uwrap  text]  [Edit this enclosure]
Diff_Report_Nov_06_2008_1205: Added  11/05/2008 22:36:08 by px-build

Diff_Report_Nov_06_2008_1205: Added  11/05/2008 22:36:08 by px-build
Can not view this .html file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCsr56625&title=Diff_Report_Nov_06_2008_1205&ext=html&type=FILE

Diff_Report_Nov_06_2008_1205: Added  11/05/2008 22:36:08 by px-build
Can not view this .html file attachment inline, please click on the following link to view the attachment.
http://

[UnWrap  text]  [Edit this enclosure]
Diff_Report_Nov_06_2008_1205: Added  11/05/2008 22:36:08 by px-build

[Wrap  Text]  [Edit this enclosure]
Diff_Report_Nov_06_2008_1205: Added  11/05/2008 22:36:08 by px-build

Regards,

~JG

amardram123 Fri, 08/13/2010 - 10:31

Hi,

thanks for the info..

Is there any way to kill the telnet session and disable the telnet service manually.

Regards

amar

amardram123 Tue, 08/17/2010 - 03:43

Hi,

ACS SE v4.2.1 build 11 is not available on Cisco Site, Can i upgrade the appliance to ACS SE v4.2.1 build 15.

Please some1 confirm is i can upgrade from 4.2.0 build to 124 to 4.2.1 build 15 using the below file.

http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=4.2.1.15&mdfid=281458154&sftType=Secure+Access+Control+Server+%28ACS%29+Solution+Engine&optPlat=&nodecount=7&edesignator=null&modelName=Cisco+Secure+Access+Control+Server+Solution+Engine+4.2&treeMdfId=268438162&modifmdfid=null&imname=&treeName=Security&hybrid=null&imst=null

ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip

Release Date: 26/Nov/2009

Upgrade Package for ACS SE v4.2.1.15 (ACS Software package)

Size: 48190.17 KB  (49346725 bytes)

Regards

Amar

Actions

This Discussion