Disable Telnet on a Catalyst 3750 stack?

Answered Question
Aug 17th, 2010
User Badges:

Hi all,


I have just configured a new Catalyst 3750 switch stack.  I am trying to disable Telnet access to the CLI while leaving SSH open.  The "transport input ssh" command is not available for vty line 0 through 3, and even if I disable Telnet in the Web UI I can still Telnet to the switch.  Is what I am trying to do possible with this model?


Thanks,
- Steve

Correct Answer by Leo Laohoo about 6 years 11 months ago


"transport input ssh" command is not available for vty line 0 through 3

Try the following:


line vty 0 15

transport input ssh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
vragotha Tue, 08/17/2010 - 21:59
User Badges:
  • Silver, 250 points or more

What IOS are you running? From the looks of it, you may not have a k9 image running.


Please post a 'show ver' and 'show run' if you do have a k9 image

rstevek Wed, 08/18/2010 - 09:58
User Badges:

Hi Vijay,


Thanks for the response.  I am running a k9 image.  I CAN enable SSH, the problem is that I can't DISABLE Telnet.


Thanks,

- Steve

John Blakley Wed, 08/18/2010 - 11:47
User Badges:
  • Purple, 4500 points or more

As an alternative, you could create an acl and apply it to your line that only allows port 22.


HTH,

John

vragotha Wed, 08/18/2010 - 21:44
User Badges:
  • Silver, 250 points or more

From what you are saying, telnet is still open from lines 4 through 15. You'll want to add the transport input ssh command to all 15 lines to disable telnet

Correct Answer
Leo Laohoo Wed, 08/18/2010 - 15:31
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless


"transport input ssh" command is not available for vty line 0 through 3

Try the following:


line vty 0 15

transport input ssh

rstevek Thu, 08/19/2010 - 08:52
User Badges:

Hi leolaohoo,


Thanks - that worked.  I'm really confused, though, because originally, "transport input ssh" was not a recognized command on lines 0 through 3.  Now, however, after running the command for vty 0 through 15, I can run the same comamnd on 0 3.  I swear that I am not crazy!  I think I hit some sort of bug.


Thanks,

- Steve

Leo Laohoo Thu, 08/19/2010 - 15:48
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Hi Steve,


Thanks for the ratings.



originally, "transport input ssh" was not a recognized command on lines 0 through 3

I've never seen this before, however, some Cisco routers (800, 810, 830, 850, 870) will support only up "4".  So I'm suspecting you are getting confused with this.  It's just a forced of habit for me to configure "0 15" all because of a similar mistake I made years ago.
GRAEME DANIELSON Sun, 08/22/2010 - 19:33
User Badges:

Maybe you were doing something like configuring "line 0" instead of "line vty 0" ?

Leo Laohoo Sun, 08/22/2010 - 19:44
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Nah, mate.  I was new to everything network.

Actions

This Discussion