Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Deny Telnet and Permit SSH on 3560

I am trying to secure vty access to my 3560's. I enabled ssh, and added the following to my vty 0 4 line:

line vty 0 4

privilege level 15

password XXXXXXXXXXXX

length 0

transport preferred ssh

transport input ssh

I thought this would block telnet traffic, but I still can access it via telnet.

I am running 12.2(25)SEE4

Anybody know what else is needed?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Deny Telnet and Permit SSH on 3560

Hi

I'm not sure you do need access-list as well. The 3560 supports vty 0 - 15. Is there a chance that when you telnet you are using a vty above 4 to get in ?

Jon

3 REPLIES

Re: Deny Telnet and Permit SSH on 3560

Hi,

You need ACL's

3560(config)# access-list 101 deny tcp any any eq telnet

3560(config)# access-list 101 permit ip any any

3560(config)# line vty 0 15

3560(config-line)# access-class 101 in

Please rate if helps

Regards,

~JG

Hall of Fame Super Blue

Re: Deny Telnet and Permit SSH on 3560

Hi

I'm not sure you do need access-list as well. The 3560 supports vty 0 - 15. Is there a chance that when you telnet you are using a vty above 4 to get in ?

Jon

New Member

Re: Deny Telnet and Permit SSH on 3560

You were correct. It was not ACL, I must have been coming in on 5 15

when I put the command no exec under line vty 5 15 that made the difference. Thank you very much.

409
Views
0
Helpful
3
Replies