Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Disable/change port 9080 on Cisco 2811

Hi all

Currently we've got a console router 2811 that is providing console access to other cisco elements. Our security team has run a scan on the 2811 and found that the TCP port 9080 is currently listening

Is there a way where i can change it to a secure port or disable it without impacting the functionality of the console router?

line con 0
exec-timeout 0 0
login local
autocommand  menu solution
transport preferred none
transport output telnet
flowcontrol hardware


line aux 0
exec-timeout 0 0
script dialer dialnum
script reset reset
modem InOut
modem autoconfigure discovery
transport input all
speed 19200
flowcontrol hardware


line 1/0 1/15
no flush-at-activation
script connection ret
modem DTR-active
no exec
transport preferred none
transport input telnet
transport output none
autohangup
stopbits 1

I have tried taking out the "transport input telnet" from line 1/0 1/15 and the port got disabled, but all my console access were no longer running.

Help is much appreciated. Thank you.

Regards,

Andrew

2 REPLIES
Cisco Employee

Re: Disable/change port 9080 on Cisco 2811

Hi,

This port 9080 should not be something IOS listens on by default. Could you check to see if you may have either ip alias or static NAT port translation configured that maps to this port? Could you post the complete configuration?

Thanks,

Wen

New Member

Re: Disable/change port 9080 on Cisco 2811

Hi

Thank you for the reply, please find below for the complete configuration

.

Current configuration : 3400 bytes
!
!
!
version xxx
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname console1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings

!
no aaa new-model
clock timezone GMT+8 8
no ip source-route
!
!
no ip cef
!
!
no ip bootp server
ip domain name yourdomain.com
ip host host1_ILO 2074 192.X.X.X
ip host host2_ILO 2075 192.X.X.X
ip host host3 2080 192.X.X.X
ip host host3_ILO 2076 192.X.X.X
multilink bundle-name authenticated
!
!
!
archive
log config
  hidekeys
!
!
!
!
!
interface Loopback0
ip address 192.X.X.X 255.255.255.255
!
interface FastEthernet0/0
description test1
ip address 10.X.X.X 255.255.255.128
duplex full
speed 100
!
interface FastEthernet0/1
description test2
ip address 10.X.X.X 255.255.255.128
duplex full
speed 100
!
ip route 0.0.0.0 0.0.0.0 10.X.X.X
ip route 0.0.0.0 0.0.0.0 10.X.X.X 100
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
menu solution title ^CC
Test
menu solution prompt ^CC
Please enter your selection:^C
menu solution text 1 host1_ILO
menu solution command 1 resume host1_ILO /connect telnet host1_ILO
menu solution text 2 host2_ILO
menu solution command 2 resume host2_ILO /connect telnet host2_ILO
menu solution text 3 host3_ILO
menu solution command 3 resume host3_ILO /connect telnet host3_ILO
menu solution text 4 host4
menu solution command 4 resume host3 /connect telnet host3
menu solution text x Exit
menu solution command x menu-exit
!
!
control-plane
!
banner motd ^CC
Test
^C
!
line con 0
exec-timeout 0 0
login local
autocommand  menu solution
transport preferred none
transport output telnet
flowcontrol hardware
line aux 0
exec-timeout 0 0
script dialer dialnum
script reset reset
modem InOut
modem autoconfigure discovery
transport input all
speed 300
flowcontrol hardware
line 1/0 1/15
no flush-at-activation
script connection ret
modem DTR-active
no exec
transport preferred none
transport input telnet
transport output none
autohangup
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 480 0
privilege level 15
password 7 047826214B17787E
login local
autocommand  menu solution
transport input telnet
line vty 5 15
exec-timeout 480 0
privilege level 15
password 7 047826214B17787E
login local
autocommand  menu solution
transport input telnet
!        
no scheduler allocate
ntp clock-period 17180246
ntp master 3
ntp server 10.X.X.X prefer
!
end

856
Views
0
Helpful
2
Replies
CreatePlease to create content