cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5091
Views
20
Helpful
7
Replies

line vty config

cisco
Level 1
Level 1

Hi All,

          Earlier i used to SSH on my router but now i only want to access via  console only.

Following is my present vty line config

line vty 0 4
no login
no exec
transport input none
transport output none

and when i do a telnet X.X.X.X  22 from a command prompt i get a blank screen. As per me, with this config on vty  i should ideally get error , if any one could help me.

regards

Neo

7 Replies 7

cisco
Level 1
Level 1

Please help on this

regards

Neo

Neo

With the configuration of no exec and of transport input none then vty 0 4 should not be responding at all.

Is it possible that your router has more than 5 vty lines? Many of the modern rourters have vty 0 4 and vty 5 15.

HTH

Rick

HTH

Rick

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi All,

          Earlier i used to SSH on my router but now i only want to access via  console only.

Following is my present vty line config

line vty 0 4
no login
no exec
transport input none
transport output none

and when i do a telnet X.X.X.X  22 from a command prompt i get a blank screen. As per me, with this config on vty  i should ideally get error , if any one could help me.

regards

Neo

Hi,

"transport input none" prevents any protocol selection on the line. This makes the port unusable by incoming connections.As suggested by Rick check it out for line vty 5 15 line configuration.

Hope to Help !!

Ganesh.H

Hi,

      In " sh run " there is as such no configuration for "line vty 5 15 " is it possible that this command is hidden ?

or

can i do this "i will log in device using console , then i attempt to telnet X.X.X.X 22 then can i check on which line it is trying to connect ?" is it possible , if yes then which command to execute to check ?

regards

Neo

try debug telnet or debug ssh

By setting the line vty transport to none, the Cisco device will no longer respond to telnet sessions. Because the device will not respond to these protocols, you will get a blank screen if you try to telnet to the device.

The only way that I am familiar with not allowing telnet access but giving some type of error message when it fails is to first enable telnet on the line vty transport. Then remove any enable and enable secret passwords on the device. Now when anyone attempts to telnet to the device, it will kick the person out with the error that no enable password has been set.

This will of course required that the device be in a locked environment so not just anyone can console into the device, hopefully you already have this setup.

Neo

The commnad is not hidden. If it does not show up in running config then the router does not have the extra vty lines.

It might be helpful if you would post the output of show line from the router. This would help to clarify what the router does have.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco