[c-nsp] Cisco disable ports 2001,4001,6001,9001
Marco Moock
mm at dorfdsl.de
Thu Dec 11 09:21:13 EST 2025
Am 11.12.2025 um 12:32:51 Uhr schrieb Nick Hilliard:
> Marco Moock via cisco-nsp wrote on 11/12/2025 11:48:
> > Certain Cisco models (in my case 800 series, e.g. C886vaw, 886w
> > etc.) have telnet services on port 2001,4001,6001 and 9001.
> >
> > What is the preferred way to disable them entirely (not firewalling
> > them), but keep telnet and ssh?
>
> This isn't telnet-to-the-device, it's remote access to physical
> ports. You can disable it easily using e.g. for serial console:
>
> line con 0
> transport preferred none
Thanks for the hint.
Which is the real console port here, is that con 0?
My device only has one that has the name console and AUX both on them.
cisco886va#sh line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
0 CTY - - - - 23 0 0 0/0 -
1 AUX 0/0 - - - - 23 0 0 0/0 -
* 10 VTY - - - - 23 6 0 0/0 -
* 11 VTY - - - - 23 2 0 0/0 -
12 VTY - - - - 23 0 0 0/0 -
13 VTY - - - - 23 0 0 0/0 -
14 VTY - - - - 23 0 0 0/0 -
Line(s) not in async mode -or- with no hardware support:
2-9
I want to allow local access via RS232, but disallow the "remote access
to physical ports".
I've now checked and line aux 0 is responsible for the open ports here.
transport input none disabled the remote access on port
2001,4001,6001,9001.
How does that affect the local console port for accessing the device
itself?
--
Gruß
Marco
Send unsolicited bulk mail to 1765452771muell at cartoonies.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: Digitale Signatur von OpenPGP
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20251211/89223ff7/attachment.sig>
More information about the cisco-nsp
mailing list