Solved: Cisco 2948G

jeanaguemon · ‎01-28-2008

I have a catalyst switch 2948G with catIOS. I upgraded the software to a version with SSH support, and disabled the telnet. Now both SSH and Telnet are working. I cleared the ip permit list and reconfigured it, and still the Telnet is still working in addition to the SSH. Is anyone familiar with that switch, who can help me resolve this issue? Thanks so much.

towler · ‎01-29-2008

Jean-Baptiste,

Here is a snippet of the config from a Catalyst 2980G-A I have running CatOS v8.4(11):

#permit list

set ip permit enable telnet

set ip permit enable ssh

set ip permit enable snmp

set ip permit 10.25.0.0 255.255.0.0 ssh

set ip permit 10.25.50.127 snmp

And the output from a "show ip permit":

Telnet permit list enabled.

Ssh permit list enabled.

Snmp permit list enabled.

Permit List Mask Access-Type

------------ ----------- -----------

10.25.0.0 255.255.0.0 ssh

10.25.50.127 snmp

Only SSH is allowed with the above configuration (and obviously some limited SNMP).

Good luck,

Richard

View solution in original post

glen.grant · ‎01-30-2008

Towler is correct and that is what I was saying, "set ip permit enable telnet " but put no entries into the ip permit list for telnet.We have done this also and it works.

View solution in original post

glen.grant · ‎01-28-2008

Maybe you can clarify , are you trying to turn off telnet completely ? If so try this . "set ip permit enable telnet " I think that is the syntax). . Do not put anything in the list for telnet , just your SSH entries if you are restricting ssh access or none if you are not . I believe this will block telnet by doing this . By not putting anything in the list for telnet it is the same as a deny all for telnet . When you do a show ip permit you should only see entries for SSH and maybe snmp if you have that configured.

jeanaguemon · ‎01-29-2008

Glen,

It did not work. I follow your instructions and nothing. The telnet is still working in addition to the SSH. I need to turn off completely the Telnet. It is not secure.

glen.grant · ‎01-29-2008

Can you post the switch configs . It should work .

towler · ‎01-29-2008

Jean-Baptiste,

Here is a snippet of the config from a Catalyst 2980G-A I have running CatOS v8.4(11):

#permit list

set ip permit enable telnet

set ip permit enable ssh

set ip permit enable snmp

set ip permit 10.25.0.0 255.255.0.0 ssh

set ip permit 10.25.50.127 snmp

And the output from a "show ip permit":

Telnet permit list enabled.

Ssh permit list enabled.

Snmp permit list enabled.

Permit List Mask Access-Type

------------ ----------- -----------

10.25.0.0 255.255.0.0 ssh

10.25.50.127 snmp

Only SSH is allowed with the above configuration (and obviously some limited SNMP).

Good luck,

Richard

glen.grant · ‎01-30-2008

Towler is correct and that is what I was saying, "set ip permit enable telnet " but put no entries into the ip permit list for telnet.We have done this also and it works.

jeanaguemon · ‎01-30-2008

It is fixed now. After I enable telnet and snmp, I had to this:

clear ip permit telnet

clear ip permit snmp

save the config file...tried it and it works.

Thanks to Glen and Towler for your input.

jeanaguemon · ‎01-30-2008

It is fixed now. After I enable telnet and snmp, I had to this:

clear ip permit telnet

clear ip permit snmp

save the config file...tried it and it works.

Thanks so much to Glen and Towler for your input.