03-02-2006 04:28 AM - edited 03-03-2019 02:05 AM
Hi!
Please Help, How to block telnet access to a cat-4506 running CAT-OS from local LAN users.
i executed a command "set ip permit disable telnet" and an access list is also created but it is not working at all.
03-02-2006 06:05 AM
This command 'disables' the IP permit list, allowing telnet access. You need to enable the permit list specifying the permitted IP addresses.
You can review the document for clarification.
03-02-2006 07:46 AM
You disabled the command , should be set ip permit enable telnet . This turns the acl on for telnet so it will be restricted to whoever is in the ACL with the set ip permit
03-03-2006 02:06 AM
Hi
Thanks for your instant reply and support.I tried this but iys not working at all.
I have asked my engr to put a command " set authentication enable local disabl telnet".
Aspecting more help from you in future.
03-03-2006 02:02 AM
Hi
Thanks for your instant reply and support. I already have tried this.I think the correct syntax is " set authentication enable local disable telnet".
03-03-2006 06:13 AM
What are you trying to accomplish?
The command set authentication enable local disable telnet will only allow a TACACS or RADIUS server to authenticate your enable mode during telnet connections. If your TACACS or RADIUS server is unavailable you will not have remote access privilege level access to the switch.
Supporting Documentation
On the web page it gives a warning.
Caution Make sure that RADIUS or TACACS+ authentication is configured and operating correctly before disabling local login or enable authentication. If you disable local authentication and RADIUS or TACACS+ is not configured correctly, or if the RADIUS or TACACS+ server is not online, you may be unable to log in to the switch.
If your goal is to block access to your LAN users, I believe, the correct syntax would be
set ip permit 172.16.0.0 255.255.0.0 telnet
set ip permit enable
Use the show ip permit command to verify proper configuration.
But the requirement is meet with the set authentication enable local disable telnet command, I cant argue with results.
03-03-2006 06:14 AM
set ip permit 172.16.0.0 255.255.0.0 telnet
set ip permit enable
The IP address would be the range that's allowed to telnet to the switch.
03-09-2006 11:24 PM
Hi,
I cleared and disable the ip permit list and enabled the telnet for the permit list.Hence there was no permit list configured switch gave me a warninig and telnet access was disabled for all LAN users.
But i have console access to switch.If u can provide me some information on ssh login would be helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide