how can i block snmp and ntp ports on my Public L3 switch Cat 4506e?
I have multiple interfaces as router interfaces and on all of them are these ports open.
How can i block them from the piblic internet and allow only from my local netwoks IP range?
Applying management plane policing(MPP) can do it -
management-interface x/x allow ssh snmp
access-list 10 permit 172.16.1.0 0.0.0.255
access-list 20 permit 192.168.100.1
snmp-server community snmp-ro RO 10
snmp-server community snmp-rw RW 20
crypto key generate rsa label local general-keys modulus 2048
ip ssh time-out 60
ip ssh authentication-retries 2
line vty 0 4
transport input ssh
access-group x in
Hello, i used access list to permit my local network like
acces-list 98 permit 10.20.30.0 0.0.0.255
snmp-server community public ro 98
but the ports are still open.
From the moment i put my L3swit to public IPs the cli is bit laggy.
I want to close this ports from outside of my nework.
About NTP, i dont want to run NTP servr on hw. Just ntp client. I used a commat "no ntp master"
But port 123 is also open
The CLI is protected like this:
access-list 99 permit 10.20.30.0 0.0.0.255
line vty 0 4
access-class 99 in
Tis looks ok becouse o dont have anymore open telnet ports from internet.
how are you scanning and confirming that ports are open ? from outside network ?
can you post an example output for us to understand.
*** Rate All Helpful Responses ***
To disable NTP on Interfaces use the interface command "ntp disable". You would use this command on all your Internet facing interfaces and leave ntp enabled on your lan facing interfaces.