04-19-2007 08:10 AM
HI,
We recently ran a scan of some of our core routers and found udp port 49 open on a cisco 6509. Cisco docs mention xtacacs uses this port. Why is this port open ? Which service is using it?
Solved! Go to Solution.
05-03-2007 06:43 AM
Good stuff!
I hope I helped in the right direction or
at least confirmed what you already knew.
04-19-2007 08:44 AM
to give an update,
I scanned more routers and all of them had udp port 49 open. Interestingly the first time I ran it on a certain router it wasnt open , but the second time I ran the same nmap, it was open!!!
Any ideas?
04-19-2007 09:56 AM
It's a UDP Broadcast Forwarding by Cisco's IP Helper.
If an IP helper address is specified and UDP forwarding is enabled, broadcast packets destined to the following port numbers are forwarded by default.
TACACS does use Port 49
HTH, Please rate
04-19-2007 10:50 AM
Well, I thought so too, in the beginning, But ive checked the configs of all routers for the helper address commands. I havent found any...
Now, May b I should disable directed broadcasts on that IP address & udp forwarding even though its not configured to begin with...
05-01-2007 05:56 AM
Did that resolve your issue?
If so, please rate.
05-01-2007 06:01 AM
no, it didnt...
still looking for an answer
05-03-2007 05:38 AM
ive finally come to the conclusion that its tacacs, or rather cisco's implementation of it==xtacacs that uses udp49.
i found that only on routers enabled for aaa is the port 49 open (all our aaa implementations use tacacs)
though not all questions have been answered bout this issue, im letting it rest for the moment.
05-03-2007 06:43 AM
Good stuff!
I hope I helped in the right direction or
at least confirmed what you already knew.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: