10-06-2017 08:55 AM - edited 03-08-2019 12:17 PM
Hi,
i am trying to disable port tcp 830 ssh server on cisco Nexus 3172 currently My NXOS: version 7.0(3)I5(1) and i am trying with ACL it did't work and i think NETCONF on nexus3172 is enable by default ?
show sockets connection
Active connections (including servers) Protocol State/ Recv-Q/ Local Address(port)/
Context Send-Q Remote Address(port)
[host]: tcp(4/6) LISTEN 0 *(830)
Wildcard 0 *(*)
telnet x.x.x.x 830 will be return as below.
SSH-2.0-OpenSSH_6.2 PKIX FIPS
Protocol mismatch.
Can someone please help with this issue??? how to disable it ?
Thanks in advance.
MJ.
10-06-2017 10:41 AM
Hello,
As you are trying to block something on the Control Plane, simple ACL will be not efective.
Try to use this: Default CoPP Policy
Here you can find detailed information about the configuration:
-If I helped you somehow, please, rate it as useful.-
10-06-2017 11:33 AM
Hello,
on a side note, and in addition to Flavio's post, are you referring to the access list that is proposed as a workaround for bug CSCvc44478 ?
ip access-list MGMT
statistics per-entry
10 permit tcp any any eq 22
20 deny ip any any
interface mgmt0
ip access-group MGMT in
10-06-2017 07:19 PM
Hi Georg,
i have already do as below
but can't block tcp port 830
sh ip access-lists acl_internet_in
IP access list acl_internet_in
statistics per-entry
10 deny tcp any ip/32 eq 830 [match=12]
11 deny tcp ip/32 eq 830 any [match=0]
10000 permit ip any any [match=7327536]
10-06-2017 07:20 PM
Hi Georg,
i have already do as below
but can't block tcp port 830
sh ip access-lists acl_internet_in
IP access list acl_internet_in
statistics per-entry
10 deny tcp any ip/32 eq 830 [match=12]
11 deny tcp ip/32 eq 830 any [match=0]
10000 permit ip any any [match=7327536]
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide