Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Switch UDP 123 Port OPEN

Our Switch (3750 & nexus 5000 & nexus 7000) be scan with udp 123 and 161 port open on management interface.

 

I know it's open for NTP and SNMP. But for our Security policy it's not allowed.

 

Any body know how to close it ??

 

Not only acl block but also port close(can not be find out with port scan tool).

 

 

thanks.

Everyone's tags (1)
1 REPLY
Hall of Fame Super Silver

Your policy is to turn off

Your policy is to turn off ntp and snmp to make the switches more secure? That's a bit unusual since both, when configured properly, are considered best practices with respect to security.

Depending on the switch (IOS or NX-OS) you can generally use the "ntp disable" (on the L3 interface) or "no ntp enable" command.

If there's no snmp community set, the switch should not be snmp-enabled. Once one is set, the best you can do is to protect it with an access-list.

 

816
Views
0
Helpful
1
Replies
CreatePlease to create content