line vty config

Unanswered Question

Hi All,

          Earlier i used to SSH on my router but now i only want to access via  console only.


Following is my present vty line config


line vty 0 4
no login
no exec
transport input none
transport output none


and when i do a telnet X.X.X.X  22 from a command prompt i get a blank screen. As per me, with this config on vty  i should ideally get error , if any one could help me.


regards

Neo

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Richard Burts Tue, 05/11/2010 - 15:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Neo


With the configuration of no exec and of transport input none then vty 0 4 should not be responding at all.

Is it possible that your router has more than 5 vty lines? Many of the modern rourters have vty 0 4 and vty 5 15.


HTH


Rick

Ganesh Hariharan Tue, 05/11/2010 - 23:25
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi All,

          Earlier i used to SSH on my router but now i only want to access via  console only.


Following is my present vty line config


line vty 0 4
no login
no exec
transport input none
transport output none


and when i do a telnet X.X.X.X  22 from a command prompt i get a blank screen. As per me, with this config on vty  i should ideally get error , if any one could help me.


regards

Neo

Hi,


"transport input none" prevents any protocol selection on the line. This makes the port unusable by incoming connections.As suggested by Rick check it out for line vty 5 15 line configuration.


Hope to Help !!


Ganesh.H

Hi,

      In " sh run " there is as such no configuration for "line vty 5 15 " is it possible that this command is hidden ?


or


can i do this "i will log in device using console , then i attempt to telnet X.X.X.X 22 then can i check on which line it is trying to connect ?" is it possible , if yes then which command to execute to check ?


regards

Neo

ohassairi Wed, 05/12/2010 - 00:54
User Badges:
  • Silver, 250 points or more

try debug telnet or debug ssh

ericn8484_2 Wed, 05/12/2010 - 06:41
User Badges:

By setting the line vty transport to none, the Cisco device will no longer respond to telnet sessions. Because the device will not respond to these protocols, you will get a blank screen if you try to telnet to the device.


The only way that I am familiar with not allowing telnet access but giving some type of error message when it fails is to first enable telnet on the line vty transport. Then remove any enable and enable secret passwords on the device. Now when anyone attempts to telnet to the device, it will kick the person out with the error that no enable password has been set.


This will of course required that the device be in a locked environment so not just anyone can console into the device, hopefully you already have this setup.

Richard Burts Wed, 05/12/2010 - 12:47
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Neo


The commnad is not hidden. If it does not show up in running config then the router does not have the extra vty lines.

It might be helpful if you would post the output of show line from the router. This would help to clarify what the router does have.


HTH


Rick

Actions

This Discussion