cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
856
Views
0
Helpful
3
Replies

Deny Telnet and Permit SSH on 3560

david-flores
Level 1
Level 1

I am trying to secure vty access to my 3560's. I enabled ssh, and added the following to my vty 0 4 line:

line vty 0 4

privilege level 15

password XXXXXXXXXXXX

length 0

transport preferred ssh

transport input ssh

I thought this would block telnet traffic, but I still can access it via telnet.

I am running 12.2(25)SEE4

Anybody know what else is needed?

Thanks.

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Hi

I'm not sure you do need access-list as well. The 3560 supports vty 0 - 15. Is there a chance that when you telnet you are using a vty above 4 to get in ?

Jon

View solution in original post

3 Replies 3

Jagdeep Gambhir
Level 10
Level 10

Hi,

You need ACL's

3560(config)# access-list 101 deny tcp any any eq telnet

3560(config)# access-list 101 permit ip any any

3560(config)# line vty 0 15

3560(config-line)# access-class 101 in

Please rate if helps

Regards,

~JG

Jon Marshall
Hall of Fame
Hall of Fame

Hi

I'm not sure you do need access-list as well. The 3560 supports vty 0 - 15. Is there a chance that when you telnet you are using a vty above 4 to get in ?

Jon

You were correct. It was not ACL, I must have been coming in on 5 15

when I put the command no exec under line vty 5 15 that made the difference. Thank you very much.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco