Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Open TCP Ports on 9216i

We are auditing open TCP ports on our network equipment and discovered a number of open TCP ports on our 9216i. Is there any way to tell what the open ports are used for and shut them down if unnecessary? The show tcp command is not available. show tech did not reveal anything.

2 REPLIES
Cisco Employee

Re: Open TCP Ports on 9216i

There is the standard set of ports that are open for mgmt by ssh, telnet, and SNMP v2 or v3. Additionally, there is port 80 open so you can point web browser to it and get the FM code. The list is as follows.

Common to all applications

* SSH 22 (TCP)

* TELNET 23 (TCP)

* HTTP 80 (TCP)

* SYSLOG 514 (UDP)

Fabric Manager Server and Performance Manager

* SNMP_TRAP 2162 (UDP)

* SNMP picks a random free local port (UDP) - (can be changed in server.properties)

* Java RMI 9099, 9199 to 9299 (TCP)

Fabric Manager Client

* Java RMI 9099, 9199 to 9299 (TCP)

* SNMP picks a random free local port. (UDP) or 9189 (TCP) if SNMP proxy is enabled (can be changed in server.properties)

Device Manager

* SNMP_TRAP 1163 to 1170 (UDP) (picks one available in this range)

* SNMP picks a random free local port (UDP) or 9189 (TCP) if SNMP Proxy is enabled (can be changed in server.properties)

You can shut off telnet in lieu of ssh in the configuration. Also, it is possible to use access-lists on the mgmt ports to limit IP addresses/ports/etc. Also, don't forget that the IPS ports will be listening for FCIP and ISCSI if enabled.

New Member

Re: Open TCP Ports on 9216i

That is some great info, thanks alot. We ran a port sweep and found the following ports open that I could not find an explanation for;

705, 711, 728, 1013, 5000-5007

216
Views
0
Helpful
2
Replies
CreatePlease to create content