Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Why is port tcp/81 open and listening on my MX devices on the inside interface?

mvalpreda
Getting noticed
‎Dec 16 2020 2:26 PM
‎Dec 16 2020 2:26 PM

Why is port tcp/81 open and listening on my MX devices on the inside interface?

Been doing some vulnerability scanning and it came back that all of our 6 MX devices are listening and responding on tcp/81 on the inside interface. I go to the IP of the MX internally on port 81 in a browser and get a 404
 
Not Found
The requested URL / was not found on this server.
 
Does it on my MX64 at home at well, checked another MX100....tcp/81 all open and giving 404. Same error on all of them. None of these devices have port 81 open on the firewall to anything. Some don't have any incoming ports open.
 
Called into support and they said it will listen on all ports and reply. Not true since I can go to a browser and put in port anything and get nothing. It's just tcp/81.
 
Anyone have any idea what is going on?
0 Kudos
4 Replies 4
ww
Kind of a big deal
Kind of a big deal
‎Dec 16 2020 3:32 PM
‎Dec 16 2020 3:32 PM

Some ports are open on the lan side to provide web pages like blocked info for content filtering.  Splash page, local status page. 

Bruce
Kind of a big deal
‎Dec 16 2020 10:10 PM
‎Dec 16 2020 10:10 PM

Interesting one... I did some digging and looks like it might be where an icon was once stored. The root for my MX on port 81 seems to redirect to http://<MX IP Address>:81/favicon.ico - and throws the 404 error. Maybe someone at Meraki can explain this one, or close the port if its no longer used.

In response to Bruce
oldroo
Getting noticed
‎Dec 19 2020 10:51 AM
‎Dec 19 2020 10:51 AM

This is one of a few issues i found out with equipment.

 

Amongst things like hosts in vlan's being about to ping the gateways of other vlans ( which to me is a security issue in itself even though according to support is built to be like this - cannot think of a reason why, even when you have firewall rules saying not to allow it ), you can also get to port 80 of all these vlans which is also a non secure protocol that is automatically open.

 

At least they could do HTTPS ???

 

 

0 Kudos
KSal
New here
‎Dec 29 2022 8:51 AM
‎Dec 29 2022 8:51 AM

I did a little poking around and it turns out that it is only listening on port 81 to VLANS that have VPN Mode Enabled. Any MX IP addresses that are for VLANS with VPN Mode Disabled are not open on port 81.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.