Deny Telnet and Permit SSH on 3560

Answered Question
Aug 9th, 2007

I am trying to secure vty access to my 3560's. I enabled ssh, and added the following to my vty 0 4 line:

line vty 0 4

privilege level 15

password XXXXXXXXXXXX

length 0

transport preferred ssh

transport input ssh

I thought this would block telnet traffic, but I still can access it via telnet.

I am running 12.2(25)SEE4

Anybody know what else is needed?

Thanks.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 9 years 5 months ago

Hi

I'm not sure you do need access-list as well. The 3560 supports vty 0 - 15. Is there a chance that when you telnet you are using a vty above 4 to get in ?

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jagdeep Gambhir Thu, 08/09/2007 - 09:52

Hi,

You need ACL's

3560(config)# access-list 101 deny tcp any any eq telnet

3560(config)# access-list 101 permit ip any any

3560(config)# line vty 0 15

3560(config-line)# access-class 101 in

Please rate if helps

Regards,

~JG

Correct Answer
Jon Marshall Thu, 08/09/2007 - 09:58

Hi

I'm not sure you do need access-list as well. The 3560 supports vty 0 - 15. Is there a chance that when you telnet you are using a vty above 4 to get in ?

Jon

david-flores Thu, 08/09/2007 - 10:05

You were correct. It was not ACL, I must have been coming in on 5 15

when I put the command no exec under line vty 5 15 that made the difference. Thank you very much.

Actions

This Discussion