Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1829
Views
1
Helpful
3
Replies

Change Admin service ports on SG300-10?

lamont
Level 1
Level 1

‎10-30-2011 05:45 PM

Hi,

I recently purchased an SG300-10 switch. Is it possible to change the TCP port numbers for the administrative services on this device? For example, if I wanted to change the web admin port from being availble on port 80 to port 8080, or move the SSH port from 22 to 2022,  how would I do this?

I've looked over the web admin interface, and the Security > TCP/UDP services option looks like what I want, but I see no way to change a service's listening port. Is this possible?

Thanks.

Labels:
0 Helpful
3 Replies 3

rocater
Level 3
Level 3

‎11-01-2011 07:37 AM

Hello Lamont,

Currently there is not an option to change the listening port for each of the services. Under the security settings you can specify which type of connections are allowed for management. If you are looking for more security then there are rules to specify a physical port or IP address for access.

0 Helpful

lamont
Level 1
Level 1
In response to rocater

‎11-01-2011 01:19 PM

Hi Robert,

Hmm. It's a little disappoining that this feature does not exist -- it seems to be standard on equipment costing much less, and I had assumed it would be there on this model, certainly given the rich set of features it has otherwise.

This device sits between a DSL modem with a built-in firewall and a web server. I want to basically stop using the modem's firewall, and switch to using ACL's in the SG300 instead.

Disabling the modem's firewall has the unfortunate side-effect of exposing all the modem's service ports to the public internet -- so I'd need to keep that in place. I had thought the easiest apprach would be to put the SG300 into the modem's "DMZ" but if I do that, then the SG300 immediately starts answering port 80 traffic. Which is honsetly a little scary, complex passwords or not.

I'm still reading about writing ACLs and working up my courage to dive into that... I suppose it is possible to write a rule to route (TCP) port-specific traffic from the public internet to an internal IP? Bascially NAT port forwarding?

Thanks.

0 Helpful

rocater
Level 3
Level 3
In response to lamont

‎11-01-2011 01:51 PM

I certainly understand your concerns with security on the switch, even more so when opening up your net work to the internet.

Under 'Security > Mgmt Access Method > Access Profiles/Profile Rules' you will be able to modify the method of accessing the switch's management interface. You can make it so that a user must be connected to a specific port on the switch, come only from a specified IP address or certain vlan.

You can also create a rule under your access list that does the same thing. Great part is that all of these options are available in layer 2 and layer 3 modes.

The ACLs will let you control traffic flow over the switch, but only as allow or deny. For NAT you would still need a router. In layer 3 mode you would be able to control traffic by IP address which would give you added security.

Hope this information better assist with your goals.

Customers Also Viewed These Support Documents