Alcatel-Lucent 6850-48 ネットワークガイド

IP Configuration

Configuring IP

page 24-28

OmniSwitch AOS Release 6 Network Configuration Guide

To verify the number of attacks detected for configured ARP poison restricted addresses, use the 

 command. For more information about this command, see the OmniSwitch CLI Reference 

Guide.

When a switch initially boots up, all supported TCP/UDP well-known service ports are enabled (open). 
Although these ports provide access for essential switch management services, such as telnet, ftp, snmp, 
etc., they also are vulnerable to DoS attacks. It is possible to scan open service ports and launch such 
attacks based on well-known port information.

 command allows you to selectively disable (close) TCP/UDP well-known service ports and 

enable them when necessary. This command only operates on TCP/UDP ports that are opened by default. 
It has no effect on ports that are opened by loading applications, such as RIP and BGP.

In addition, the ip service command allows you to designate which port to enable or disable by specifying 
the name of a service or the well-known port number associated with that service. For example, both of the 
following commands disable the telnet service:

-> no ip service telnet 

-> no ip service port 23

Note that specifying a port number requires the use of the optional port keyword.

To enable or disable more than one service in a single command line, enter each service name separated by 
a space. For example, the following command enables the telnet, ftp, and snmp service ports:

-> ip service telnet ftp snmp 

The following table lists ip service command options for specifying TCP/UDP services and also includes 
the well-known port number associated with each service:

21

22

23

80

443

260

261

259

67

123

161

1024

1025