Solved: Deny Telnet and Permit SSH on 3560

david-flores · ‎08-09-2007

I am trying to secure vty access to my 3560's. I enabled ssh, and added the following to my vty 0 4 line:

line vty 0 4

privilege level 15

password XXXXXXXXXXXX

length 0

transport preferred ssh

transport input ssh

I thought this would block telnet traffic, but I still can access it via telnet.

I am running 12.2(25)SEE4

Anybody know what else is needed?

Thanks.

Jon Marshall · ‎08-09-2007

Hi

I'm not sure you do need access-list as well. The 3560 supports vty 0 - 15. Is there a chance that when you telnet you are using a vty above 4 to get in ?

Jon

View solution in original post

Jagdeep Gambhir · ‎08-09-2007

Hi,

You need ACL's

3560(config)# access-list 101 deny tcp any any eq telnet

3560(config)# access-list 101 permit ip any any

3560(config)# line vty 0 15

3560(config-line)# access-class 101 in

Please rate if helps

Regards,

~JG

Jon Marshall · ‎08-09-2007

Hi

I'm not sure you do need access-list as well. The 3560 supports vty 0 - 15. Is there a chance that when you telnet you are using a vty above 4 to get in ?

Jon

david-flores · ‎08-09-2007

You were correct. It was not ACL, I must have been coming in on 5 15

when I put the command no exec under line vty 5 15 that made the difference. Thank you very much.