02-07-2018 03:59 AM - edited 03-08-2019 01:44 PM
Hello everybody,
I'm trying to disable at all vstack on a C3560 and the command "no vstack" doesn't work.
Does anybody know how to disable it? and close the port 4786?
PORT STATE SERVICE 4786/tcp open unknown
Switch(config)#no vstack % Incomplete command. Switch(config)#no vstack ? basic Enable vstack director config Configure default configuration file dhcp-localserver Configure vstack dhcp parameters director Configure director's IP address group Configure a group for vstack hostname-prefix Specify hostname prefix for Client image Configure default image file join-window Configure time interval to enable director vlan Configure vstack management vlan
Thank you!!!
Solved! Go to Solution.
02-07-2018 11:55 AM - edited 04-10-2018 03:25 PM
@CartoGraph wrote:
SW version: 12.2(53)SE2
VStack is supported from 12.2(55)SE.
02-07-2018 05:06 AM
02-07-2018 05:34 AM - edited 02-07-2018 05:35 AM
Hello,
SW version: 12.2(53)SE2
I have no output, but even so... I would like to know if there is a way to close the TCP port.
Switch#show running-config all | i vstack Switch#
Thank You!
02-07-2018 06:16 AM
02-07-2018 11:55 AM - edited 04-10-2018 03:25 PM
@CartoGraph wrote:
SW version: 12.2(53)SE2
VStack is supported from 12.2(55)SE.
04-10-2018 09:49 AM
I have the same problem with this model - WS-C3560CG-8PC-S - running version 122-55.EX2.
04-10-2018 03:25 PM
04-12-2018 09:10 AM
Here's a document I wrote for the other engineers on my team.
Note: addresses whether or not you have an OLDER or NEWER IOS/IOSXE.
To disable VSTACK, in config mode:
no vstack
-or-
no vstack config
! NOTE: This second variation was required on an older 2801. “no vstack” by itself responded with “incomplete command”.
Read a BLOG when this first came out and it said that unless the director had been set up, the 4786 port should not be open.
You determine that by entering the following command:
sh vstack config
If a newer IOS/IOSXE, it should show feature is “disabled”, and you're done. Otherwise, it won’t and will show you the configuration of vstack with the Director IP.
If the DIRECTOR SHOWS:
DIRECTOR = 0.0.0.0 Never configured
...TCP/4786 should NOT be open. You confirm if the port is open or not by entering the following command:
show tcp brief all | i 4786
If not in the list of active ports, no need for ACL’s either. STOP HERE
OTHERWISE: If ACL is needed, on every interface that is UP and assigned an IP (includes VLAN SVI’s), you would:
ip access-list extended no-vstack
deny tcp any any eq 4786
permit ip any any
exit
THEN, on EACH interface with an IP (including SVI's)
ip access-group no-vstack in
Hope this helps.
04-18-2018 05:55 AM
Hello,
I have done
no vstack config
but still when i issue the below command i can still see the port is in listening state
SWITCH#show tcp brief all | i 4786
04AEABCC *.4786 *.* LISTEN <---------------*****
its a 3560 switch with 122-55.SE1 IOS..
any pointers?
04-18-2018 08:09 AM
04-18-2018 05:57 AM
Hello,
I have done
no vstack config
but still when i issue the below command i can still see the port is in listening state
SWITCH#show tcp brief all | i 4786
04AEABCC *.4786 *.* LISTEN
its a 3560 switch with 122-55.SE1 IOS..
any pointers?
04-18-2018 02:05 PM
04-18-2018 02:39 PM
04-18-2018 09:18 PM
Hello,
Below are the details
switch#show vstack config
Role: Client
Vstack Director IP address: 0.0.0.0
*** Following configurations will be effective only on director ***
Vstack default management vlan: 1
Vstack management Vlans: none
Join Window Details:
Window: Open (default)
Operation Mode: auto (default)
Vstack Backup Details:
Mode: On (default)
Repository:
switch#show tcp brief all | i 4786
04AEABCC *.4786 *.* LISTEN
04-19-2018 12:02 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide