01-28-2008 01:48 PM - edited 03-05-2019 08:46 PM
I have a catalyst switch 2948G with catIOS. I upgraded the software to a version with SSH support, and disabled the telnet. Now both SSH and Telnet are working. I cleared the ip permit list and reconfigured it, and still the Telnet is still working in addition to the SSH. Is anyone familiar with that switch, who can help me resolve this issue? Thanks so much.
Solved! Go to Solution.
01-29-2008 10:40 PM
Jean-Baptiste,
Here is a snippet of the config from a Catalyst 2980G-A I have running CatOS v8.4(11):
#permit list
set ip permit enable telnet
set ip permit enable ssh
set ip permit enable snmp
set ip permit 10.25.0.0 255.255.0.0 ssh
set ip permit 10.25.50.127 snmp
And the output from a "show ip permit":
Telnet permit list enabled.
Ssh permit list enabled.
Snmp permit list enabled.
Permit List Mask Access-Type
------------ ----------- -----------
10.25.0.0 255.255.0.0 ssh
10.25.50.127 snmp
Only SSH is allowed with the above configuration (and obviously some limited SNMP).
Good luck,
Richard
01-30-2008 05:16 AM
Towler is correct and that is what I was saying, "set ip permit enable telnet " but put no entries into the ip permit list for telnet.We have done this also and it works.
01-28-2008 03:49 PM
Maybe you can clarify , are you trying to turn off telnet completely ? If so try this . "set ip permit enable telnet " I think that is the syntax). . Do not put anything in the list for telnet , just your SSH entries if you are restricting ssh access or none if you are not . I believe this will block telnet by doing this . By not putting anything in the list for telnet it is the same as a deny all for telnet . When you do a show ip permit you should only see entries for SSH and maybe snmp if you have that configured.
01-29-2008 11:21 AM
Glen,
It did not work. I follow your instructions and nothing. The telnet is still working in addition to the SSH. I need to turn off completely the Telnet. It is not secure.
01-29-2008 01:08 PM
Can you post the switch configs . It should work .
01-29-2008 10:40 PM
Jean-Baptiste,
Here is a snippet of the config from a Catalyst 2980G-A I have running CatOS v8.4(11):
#permit list
set ip permit enable telnet
set ip permit enable ssh
set ip permit enable snmp
set ip permit 10.25.0.0 255.255.0.0 ssh
set ip permit 10.25.50.127 snmp
And the output from a "show ip permit":
Telnet permit list enabled.
Ssh permit list enabled.
Snmp permit list enabled.
Permit List Mask Access-Type
------------ ----------- -----------
10.25.0.0 255.255.0.0 ssh
10.25.50.127 snmp
Only SSH is allowed with the above configuration (and obviously some limited SNMP).
Good luck,
Richard
01-30-2008 05:16 AM
Towler is correct and that is what I was saying, "set ip permit enable telnet " but put no entries into the ip permit list for telnet.We have done this also and it works.
01-30-2008 07:00 AM
It is fixed now. After I enable telnet and snmp, I had to this:
clear ip permit
clear ip permit
save the config file...tried it and it works.
Thanks to Glen and Towler for your input.
01-30-2008 06:59 AM
It is fixed now. After I enable telnet and snmp, I had to this:
clear ip permit
clear ip permit
save the config file...tried it and it works.
Thanks so much to Glen and Towler for your input.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide