Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
724
Views
0
Helpful
7
Replies

catalyst 4506 series switch

imranmohd
Level 1
Level 1

‎03-02-2006 04:28 AM - edited ‎03-03-2019 02:05 AM

Hi!

Please Help, How to block telnet access to a cat-4506 running CAT-OS from local LAN users.

i executed a command "set ip permit disable telnet" and an access list is also created but it is not working at all.

Labels:
0 Helpful
7 Replies 7

dnewell24
Level 1
Level 1

‎03-02-2006 06:05 AM

This command 'disables' the IP permit list, allowing telnet access. You need to enable the permit list specifying the permitted IP addresses.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_guide_chapter09186a008007fa09.html#26648

You can review the document for clarification.

0 Helpful

glen.grant
VIP Alumni
VIP Alumni

‎03-02-2006 07:46 AM

You disabled the command , should be set ip permit enable telnet . This turns the acl on for telnet so it will be restricted to whoever is in the ACL with the set ip permit

telnet commands .

0 Helpful

imranmohd
Level 1
Level 1
In response to glen.grant

‎03-03-2006 02:06 AM

Hi

Thanks for your instant reply and support.I tried this but iys not working at all.

I have asked my engr to put a command " set authentication enable local disabl telnet".

Aspecting more help from you in future.

0 Helpful

imranmohd
Level 1
Level 1

‎03-03-2006 02:02 AM

Hi

Thanks for your instant reply and support. I already have tried this.I think the correct syntax is " set authentication enable local disable telnet".

0 Helpful

dnewell24
Level 1
Level 1
In response to imranmohd

‎03-03-2006 06:13 AM

What are you trying to accomplish?

The command ‘set authentication enable local disable telnet’ will only allow a TACACS or RADIUS server to authenticate your enable mode during telnet connections. If your TACACS or RADIUS server is unavailable you will not have remote access privilege level access to the switch.

Supporting Documentation…

http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800d81c2.html#1020312

On the web page it gives a warning.

“Caution Make sure that RADIUS or TACACS+ authentication is configured and operating correctly before disabling local login or enable authentication. If you disable local authentication and RADIUS or TACACS+ is not configured correctly, or if the RADIUS or TACACS+ server is not online, you may be unable to log in to the switch.”

If your goal is to block access to your LAN users, I believe, the correct syntax would be…

set ip permit 172.16.0.0 255.255.0.0 telnet

set ip permit enable

Use the ‘show ip permit’ command to verify proper configuration.

But the requirement is meet with the ‘set authentication enable local disable telnet’ command, I can’t argue with results.

0 Helpful

dnewell24
Level 1
Level 1
In response to dnewell24

‎03-03-2006 06:14 AM

set ip permit 172.16.0.0 255.255.0.0 telnet

set ip permit enable

The IP address would be the range that's allowed to telnet to the switch.

0 Helpful

imranmohd
Level 1
Level 1
In response to dnewell24

‎03-09-2006 11:24 PM

Hi,

I cleared and disable the ip permit list and enabled the telnet for the permit list.Hence there was no permit list configured switch gave me a warninig and telnet access was disabled for all LAN users.

But i have console access to switch.If u can provide me some information on ssh login would be helpful.

0 Helpful
Customers Also Viewed These Support Documents