Enabling/Disabling Ip Services - OmniSwitch os6900 Network Configuration Manual

IP Configuration

Enabling/Disabling IP Services

When a switch initially boots up, all supported TCP/UDP well-known service ports are enabled (open).
Although these ports provide access for essential switch management services, such as telnet, ftp, snmp,
they also are vulnerable to DoS attacks. It is possible to scan open service ports and launch such attacks
based on well-known port information.
The ip service command allows you to disable (close) TCP/UDP well-known service ports selectively and
enable them when necessary. This command only operates on TCP/UDP ports that are opened by default.
It has no impact on ports that are opened by loading applications, such as RIP and BGP.
In addition, the ip service command allows you to designate which service to enable or disable by
specifying the name of a service as well as changing the well-known port number associated with that
service. For example, the following commands disable the telnet service, change the port and re-enable the
service:
-> ip service telnet admin-state disable
-> ip service telnet port 20999
-> ip service telnet admin-state enable
Use default parameter to revert the port number of a service to the default port number.
-> ip service telnet port default
The following table lists ip service command options for specifying TCP/UDP services and also includes
the well-known port number associated with each service:
service
ftp
ssh
telnet
http
https
network-time
snmp
page 15-28
port
21
22
23
80
443
123
161
OmniSwitch AOS Release 7 Network Configuration Guide
Configuring IP
June 2013