Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Enabling ssh on router and denying telnet

Here is my config:

line vty 0 4

privilege level 15

login local

rotary 2

transport input ssh

I thought since I specified ssh as the input transport that it would not allow telnet. What do I have to do to block telent. Also please explain the rotary group. Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Enabling ssh on router and denying telnet

Matt

Given the config that you posted I would believe that telnet is not allowed on vty 0 4. Your message is not explicit about it but it seems to suggest that telnet is still working. Is that the case?

If telnet is still working then I would guess that your router has more than 5 vty lines (vty 0 4 includes 0, 1, 2, 3, and 4). Many of the current platforms and feature sets support more vty lines. On many of the platforms I am supporting the vty lines are 0 15 (which is 16 vty lines). The easy way to check is to show run and look down near the bottom. For historical reasons it will still show vty 0 4 and if there are more vty lines it will then show line vty 5 x (where x is the last line). If there are additional vty lines then include the transport intput ssh on them as well.

HTH

Rick

3 REPLIES
Hall of Fame Super Silver

Re: Enabling ssh on router and denying telnet

Matt

Given the config that you posted I would believe that telnet is not allowed on vty 0 4. Your message is not explicit about it but it seems to suggest that telnet is still working. Is that the case?

If telnet is still working then I would guess that your router has more than 5 vty lines (vty 0 4 includes 0, 1, 2, 3, and 4). Many of the current platforms and feature sets support more vty lines. On many of the platforms I am supporting the vty lines are 0 15 (which is 16 vty lines). The easy way to check is to show run and look down near the bottom. For historical reasons it will still show vty 0 4 and if there are more vty lines it will then show line vty 5 x (where x is the last line). If there are additional vty lines then include the transport intput ssh on them as well.

HTH

Rick

New Member

Re: Enabling ssh on router and denying telnet

Right on Rick.

5 15 were also configured. Changed those and now telnet is blocked.

Thanks,

Matt

Hall of Fame Super Silver

Re: Enabling ssh on router and denying telnet

Matt

Thank you for using the rating system to indicate that your problem was resolved. (and thanks for the rating) It makes the forum much more useful when people can read about a problem and can know that they will read a solution for their problem that worked. I encourage you to continue your participation in the forum.

HTH

Rick

127
Views
0
Helpful
3
Replies