Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

could we cahnge the port of telnet on cisco router form 23 to 9000 ??

hi ,

im just asking for  umore secrity,

can i change the default port for telnet from being 23 to another port so as to prevent cracking tools and guessing  programs ???

regards

3 REPLIES

could we cahnge the port of telnet on cisco router form 23 to 90

There are 2 ways that you can do it. You can set up a rotary on the line, but this restricts you to 30xx or 70xx and doesn't allow 9000 as far as I know. The other way is to set up nat for destinations to tcp/23

ip nat inside source static tcp  23 interface 9000

The above would work whenever it sees port 9000 inbound to the public side interface (you'd want to obviously fix the direction that you'd need)

The other way is the rotary method. Say that you're okay with 7034 as a port. You'd create an acl and then apply it to the line:

access-list 123 permit tcp any any 7034

line vty 0 4

access-class 123 in

rotary 34

I would recommend disabling telnet if you can though. If not, use non-dictionary passwords, set login retries, set account lockouts, etc.

Also, moving a port from telnet won't hide from an attacker. Port scanners will still find it...

HTH,

John

** Please rate all useful posts **

HTH, John *** Please rate all useful posts ***
New Member

could we cahnge the port of telnet on cisco router form 23 to 90

hi ,

i thibk usign Acl will hurt my cpu ,

so wt about

set up a rotary ?????

im using cisco 7600 and 7200 .

regards

could we cahnge the port of telnet on cisco router form 23 to 90

You can set up a rotary. Whatever number you choose for your rotary will be appended to ports 3000 and 7000. So, you can use 34 for 3034 and 7034, 56 for 3056 and 7056, etc. Then you would create and acl that permits only the port that you want to use. Creating an acl for this will not affect the cpu at all.

HTH,

John

** Please rate useful posts **

HTH, John *** Please rate all useful posts ***
2683
Views
5
Helpful
3
Replies
CreatePlease to create content