Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSH access to 4006 switch

I'm trying to enable SSH-only access to a Cisco 4006 running CAT OS 8.4(11)GLX with local authentication. SSH works fine, but telnet access is still available. How can I disable telnet access?

4 REPLIES
Gold

Re: SSH access to 4006 switch

Try

set ip permit disable telnet

M.

New Member

Re: SSH access to 4006 switch

Thanks; tried this command, but telnet still allowed.

Re: SSH access to 4006 switch

Do a show conf and look for the following-

#permit list

set ip permit enable telnet

set ip permit enable ssh

set ip permit enable snmp

set ip permit 10.1.2.17 ssh

set ip permit 10.1.2.17 snmp

If you want to have SSH only, change the permit statements to reflect SSH only. In the example above 10.1.2.17 can SSH and SNMP to the switch. If it's blank after the IP, that means the IP can do everything that is enabled. Using the above example that means 10.1.2.17 could telnet, ssh, and snmp because all three protocols are enabled. If your admins already have 'all' access, remove 'all' access and then add SSH and any other protocols.

clear ip permit 10.1.2.17 255.255.255.255 all

set ip permit 10.1.2.17 ssh

set ip permit 10.1.2.17 snmp

New Member

Re: SSH access to 4006 switch

Thanks for the input. I configured as suggested, but still was able to telnet. I just set ip permit enabled for telnet, and didn't specify a list of addresses; that stopped telnet access.

505
Views
4
Helpful
4
Replies