Hi Toby!!

    Thanks for the information but I have a doubt, I made the configuration on my equipment but when I typed the next line after had configured the ssh key and vty port:

Router(config-line)#rotary 1

the equipment displayed me the next words: X121 address and queued type can not be configured on the same rotary group 1

can you help me with this issue??

Thanks in advance for your comments.

Regards

Francisco.

Hi Francisco,

I think it 's something with the IOS Image. Could you please post a #show version output ?

Similar to SSH , If you would like to change Telnet port

Rotary command allows to open connection .The router listens for telnet connections on an additional TCP port when the command is entered. Opens connections on 3000+Rotary number so if you enter the command rotary 1 , the router will be listening to 3001.

But still the router will be listening to port 23. You need to restrict access to port 23 on vty lines

Using extended access lists and using access class this can be done

So the configuration would be something like ,

R1(config)#access-list 101 permit tcp any any eq 3001

R1(config)#line vty 0 15

R1(config-line)#rotary 1

R1(config-line)#access-class 101 in

Regards,
Anup

Don't forget to rate if you found this helpful !

Hi Anup!!

     Thanks for your information, of course here is the IOS image:

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(4)T3, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Mon 22-May-06 20:10 by kellythw

ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE

I would like to ask you something, when I type the rotary on line vty the message follow appearing, I was searching information about this and I found that my equipment cisco 800 does not support the rotary on vty line for that appears the message "X121 address and queued type can not be configured on the same rotary group 1" it is correct?? for that reason display this?? so, how can I configure the change of ports without the rotary line?? is there a way to do this??

Thanks in advance for your comments.

Regards

Francisco.

Hi Francisco,

I did a brief search around about the issue of  "X121 address and queued type can not be configured on the same rotary group 1" error and as you pointed out , I too think the Advanced IP Services image of IOS Image you have does not support assigning Rotary commands on VTY lines. ( Do refer this discussion : https://supportforums.cisco.com/thread/169683  where they experience a similar issue with Cisco 851 ! ) I am really sorry that I 'm not technically competant enough to answer as to why we get the error but I will sure check and see if I can find the exact reason for it.

But as Tony said, any code above 12.2(2)T should be supporting it. I stumbled upon this discussion  ( https://supportforums.cisco.com/thread/234357) also where they didn't really use rotary on VTY line but still was successfully able to change default SSH port on a Cisco 800 Series router. Could you please try changing to new model of AAA as mentioned in the discussion and let know the results ?

Regards,
Anup

Don't forget to rate if you found this helpful !

Hi Anup and Toby!!

       I apologize for answer late.

Thanks for your help and information, I follow having the issue I tried to make the next configuration on my equipment cheking the link that Anup posted here but I dont know how the AAA works yet:

Router(config)# ip ssh port 3333 rotary 2

Router(config)# access-list 101 permit tcp any any eq 3333

Router(config)# line vty 0 4

Router(config-line)# access-class 101 in

Router(config)#aaa new-model

Router(config)#aaa authentication login default local

I followed the config like the link says (https://supportforums.cisco.com/thread/234357) just changed the port and the group rotary, but the solution also says after use AAA (follow with a command specifying where the password(s) will be checked) that part I didnt understand very well

is something wrong on my config?? or I have to type another command else??

can you give me your suggest please!!

Thanks in advance for your comments.

Best Regards

Francisco.

Hello,

I know this post is very old, but it looks like part of the issue is that Francisco is missing the 'rotary 2' command on the line configuration.

If somebody could please confirm, that would be much appreciated.

Kind regards,

Your Friendly Neighborhood Network Engineer