Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Change Admin service ports on SG300-10?

Hi,

I recently purchased an SG300-10 switch. Is it possible to change the TCP port numbers for the administrative services on this device? For example, if I wanted to change the web admin port from being availble on port 80 to port 8080, or move the SSH port from 22 to 2022,  how would I do this?

I've looked over the web admin interface, and the Security > TCP/UDP services option looks like what I want, but I see no way to change a service's listening port. Is this possible?

Thanks.

3 REPLIES
Bronze

Change Admin service ports on SG300-10?

Hello Lamont,

Currently there is not an option to change the listening port for each of the services. Under the security settings you can specify which type of connections are allowed for management. If you are looking for more security then there are rules to specify a physical port or IP address for access.

New Member

Change Admin service ports on SG300-10?

Hi Robert,

Hmm. It's a little disappoining that this feature does not exist -- it seems to be standard on equipment costing much less, and I had assumed it would be there on this model, certainly given the rich set of features it has otherwise.

This device sits between a DSL modem with a built-in firewall and a web server. I want to basically stop using the modem's firewall, and switch to using ACL's in the SG300 instead.

Disabling the modem's firewall has the unfortunate side-effect of exposing all the modem's service ports to the public internet -- so I'd need to keep that in place. I had thought the easiest apprach would be to put the SG300 into the modem's "DMZ" but if I do that, then the SG300 immediately starts answering port 80 traffic. Which is honsetly a little scary, complex passwords or not.

I'm still reading about writing ACLs and working up my courage to dive into that... I suppose it is possible to write a rule to route (TCP) port-specific traffic from the public internet to an internal IP? Bascially NAT port forwarding?

Thanks.

Bronze

Change Admin service ports on SG300-10?

I certainly understand your concerns with security on the switch, even more so when opening up your net work to the internet.

Under 'Security > Mgmt Access Method > Access Profiles/Profile Rules' you will be able to modify the method of accessing the switch's management interface. You can make it so that a user must be connected to a specific port on the switch, come only from a specified IP address or certain vlan.

You can also create a rule under your access list that does the same thing. Great part is that all of these options are available in layer 2 and layer 3 modes.

The ACLs will let you control traffic flow over the switch, but only as allow or deny. For NAT you would still need a router. In layer 3 mode you would be able to control traffic by IP address which would give you added security.

Hope this information better assist with your goals.

773
Views
0
Helpful
3
Replies
CreatePlease login to create content