cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7416
Views
0
Helpful
22
Replies

SSH and telnet port open

pcfreak49
Level 1
Level 1

hello I have a question know there sometimes someone how you the port of SSH and telnet putting on Cisco 800 series

who can help me please

22 Replies 22

paolo bevilacqua
Hall of Fame
Hall of Fame

Postages ???


Use english, or you will not be understood.

postages > poort

That's not english either.

poort > port

And your question/problem is what exactly ?

The problem is how can you open the port for ssh and telnet resident ?

What are you trying to do? "open port" does not mean anything.

open port for ssh and telnet ?

I gave up, it is impossible to understand what you want.

sorry that you can understand me not well but I am simply of Belgium I want the port for telnet and open SSH on the router

sorry

If you are trying to CONNECT to a router using SSH or Telnet, you want to use the "transport input" command to indicate what protocols may be used to connect to the router.  Example:

line vty 0 5  !(or whatever range you like)

transport input telnet

transport input ssh

telnet uses TCP port 23, SSH uses TCP port 22, so if you use access-lists you need to open the ports.

You need to enable some form of login credential checking, or connections will not be allowed.

SSH config notes:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Tips on Telnet Configuration:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_example09186a0080202614.shtml

how can you set up access-list for telnet and SSH?

There are two options:

1) If you want to RESTRICT PACKETS at the router, you can use access-list + access-group on the interfaces.

2) If you want to RESTRICT CONNECTIONS you can use access-list and access-class on the vtys

If you are just trying to limit which IP addresses are allowed to connect, (2) is the best practice.  If you have greater paranoia and don't even want to see connection attempts reach the OS from disallowed IP addresses, (1) is the way to go, but is not the best practice.

You may want to read http://articles.techrepublic.com.com/5100-10878_11-1052538.html.

When you use the access-class command, it applies to all incoming transports, incluidng SSH and telnet.

that has already done but if I want remote I inlogen on Cisco get I the report time out

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: