03-05-2021 03:19 PM
Hi all,
how can i block snmp and ntp ports on my Public L3 switch Cat 4506e?
I have multiple interfaces as router interfaces and on all of them are these ports open.
How can i block them from the piblic internet and allow only from my local netwoks IP range?
Thank you
dave
03-05-2021 03:50 PM
Hello
Applying management plane policing(MPP) can do it -
example:
control-plane host
management-interface x/x allow ssh snmp
or
access-list 10 permit 172.16.1.0 0.0.0.255
access-list 20 permit 192.168.100.1
snmp-server community snmp-ro RO 10
snmp-server community snmp-rw RW 20
crypto key generate rsa label local general-keys modulus 2048
ip ssh time-out 60
ip ssh authentication-retries 2
line vty 0 4
transport input ssh
access-group x in
03-05-2021 11:33 PM
Hello, i used access list to permit my local network like
acces-list 98 permit 10.20.30.0 0.0.0.255
snmp-server community public ro 98
but the ports are still open.
From the moment i put my L3swit to public IPs the cli is bit laggy.
I want to close this ports from outside of my nework.
About NTP, i dont want to run NTP servr on hw. Just ntp client. I used a commat "no ntp master"
But port 123 is also open
The CLI is protected like this:
access-list 99 permit 10.20.30.0 0.0.0.255
line vty 0 4
access-class 99 in
password xxxxxxxx
login
Tis looks ok becouse o dont have anymore open telnet ports from internet.
BR
Dave
03-06-2021 04:44 AM
how are you scanning and confirming that ports are open ? from outside network ?
can you post an example output for us to understand.
03-06-2021 07:48 AM
Hi, i tryed it with nmap from mobile internet connection... from different IP source and it shows open ports.
03-05-2021 05:13 PM
Hi,
To disable NTP on Interfaces use the interface command "ntp disable". You would use this command on all your Internet facing interfaces and leave ntp enabled on your lan facing interfaces.
Thanks
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide