02-11-2008 12:41 PM - edited 03-05-2019 09:05 PM
ROUTER(SSH)-->SWITCH(TELNET)
My requirement is like this..
1)i will be able to ssh the router and restrcited to telnet.
2)once i'll get in to the router i can telnet to the switch from the same session.
I have applied the below given commands
ROUTER(SSH)Configuration...
Line VTY 0 4
TRANSPORT INPUT TELNET SSH
TRANSPORT OUTPUT TELNET SSH
but after this i can also telnet the router, but if i remove telnet i will not be able to telnet the switch.
any help will be appriciated.
Solved! Go to Solution.
02-12-2008 06:04 AM
Try this
line vty 0 4
transport input ssh ---- this will restrict telnet into this device
transport output telnet --- this will allow telnet to be initiated from this device
In addition you can restrict the machines that can gain access via the access-class command as suggested above
HTH
Narayan
02-11-2008 01:30 PM
Hello
On your vty line just use TRANSPORT INPUT SSH and TRANSPORT OUTPUT SSH instead of including telnet as well.
HTH
02-11-2008 09:03 PM
HI Bhupesh, [Pls Rate if HELPS]
You can block based on Port:
access-list 110 deny tcp any host $yourRouterIP eq 23
interface X0/0
access-group in 110
Allow access to authroised HOST:
access-list 50 permit 192.168.1.1
access-list 50 deny any log
line vty 0 4
access-class 50 in
exec-timeout 5 0
(or)
To Prevent Non-SSH Connections:
==================================
If you want to prevent non-SSH connections, add the transport input ssh command under the lines to limit the router to SSH connections only. Straight (non-SSH) Telnets are refused.
line vty 0 4
!--- Prevent non-SSH Telnets.
transport input ssh
Test to make sure that non-SSH users cannot Telnet to the router.
Hope i am Informative.
PLS RATE if HELPS
Best Regards,
Guru Prasad R
02-12-2008 06:04 AM
Try this
line vty 0 4
transport input ssh ---- this will restrict telnet into this device
transport output telnet --- this will allow telnet to be initiated from this device
In addition you can restrict the machines that can gain access via the access-class command as suggested above
HTH
Narayan
02-12-2008 06:42 AM
Hi Guru,
Thanks for your inputs, I think there is misunderstanding on the requirement.
First i am doing ssh to the router (i want to open only ssh and restrict the telnet), now to access the immidiate connected L2 switch i have to telnet (The L2 switch didn't support the SSH so there no other option for me apart from telnet) the switch from the ssh session of router.
If i'll put the "transport input ssh" on router, I am no longer able to telnet the immidiate connected L2 switch from the ssh session of router.
&
If i'll put the "transport input telnet ssh" on router, I am able to ssh to the router (which is my requirement) also i am able to telnet to the router (which is not my requirement) and I am able to telnet the immidiate connected L2 switch(which is my requirement) from the ssh session of router.
Hope we are on the same page now.
Thanks in advanced.
02-12-2008 06:53 AM
you should be able to initiate a telnet from the device to which you have SSHed into unless you have restricted via the transport output command
HTH
Narayan
02-12-2008 06:57 AM
Hi Narayan,
Appriciate your inputs, Yes i am able to initiate a telnet from the device to which you have SSHed.
But the problem is at the same time, I want to restrict the telnet access of the router.
regards
Bhupesh Gupta
9810231194
02-12-2008 07:00 AM
HI Bhupesh, [Rate all informative POST]
Nice to hear your problem is close to resolve.
'line vty 0 4'
'transport input ssh'
>> This will normally block the non-ssh connection to the Router.
Refer the previous POST.
PLS RATE ALL INFORMATIVE POSTS
Best Regards,
Guru Prasad R
02-12-2008 07:13 AM
Bhupesh,
Can you try the commands as per my earlier post and revert back?
Narayan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide