cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
413
Views
0
Helpful
3
Replies

Enabling ssh on router and denying telnet

matt.kurtzhals
Level 1
Level 1

Here is my config:

line vty 0 4

privilege level 15

login local

rotary 2

transport input ssh

I thought since I specified ssh as the input transport that it would not allow telnet. What do I have to do to block telent. Also please explain the rotary group. Thanks,

1 Accepted Solution

Accepted Solutions

Richard Burts
Hall of Fame
Hall of Fame

Matt

Given the config that you posted I would believe that telnet is not allowed on vty 0 4. Your message is not explicit about it but it seems to suggest that telnet is still working. Is that the case?

If telnet is still working then I would guess that your router has more than 5 vty lines (vty 0 4 includes 0, 1, 2, 3, and 4). Many of the current platforms and feature sets support more vty lines. On many of the platforms I am supporting the vty lines are 0 15 (which is 16 vty lines). The easy way to check is to show run and look down near the bottom. For historical reasons it will still show vty 0 4 and if there are more vty lines it will then show line vty 5 x (where x is the last line). If there are additional vty lines then include the transport intput ssh on them as well.

HTH

Rick

HTH

Rick

View solution in original post

3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

Matt

Given the config that you posted I would believe that telnet is not allowed on vty 0 4. Your message is not explicit about it but it seems to suggest that telnet is still working. Is that the case?

If telnet is still working then I would guess that your router has more than 5 vty lines (vty 0 4 includes 0, 1, 2, 3, and 4). Many of the current platforms and feature sets support more vty lines. On many of the platforms I am supporting the vty lines are 0 15 (which is 16 vty lines). The easy way to check is to show run and look down near the bottom. For historical reasons it will still show vty 0 4 and if there are more vty lines it will then show line vty 5 x (where x is the last line). If there are additional vty lines then include the transport intput ssh on them as well.

HTH

Rick

HTH

Rick

Right on Rick.

5 15 were also configured. Changed those and now telnet is blocked.

Thanks,

Matt

Matt

Thank you for using the rating system to indicate that your problem was resolved. (and thanks for the rating) It makes the forum much more useful when people can read about a problem and can know that they will read a solution for their problem that worked. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco