Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Preventing modems from dialing outbound

I would like to ensure that my modems are only used for dial-in access to my network and prevent any dial-out functionality. I did have the "modem InOut" command configured on my lines but when I removed that, I could still reverse telnet to a modem and dial out by issuing an atdt command.

I have both 5200's and 5300's. Thank You!

  • Other Network Infrastructure Subjects
8 REPLIES
Silver

Re: Preventing modems from dialing outbound

Add "modem dialin" under the lines if you want user to get only dial in access into the as5xxx.

Thanks, Mak.

New Member

Re: Preventing modems from dialing outbound

Thanks for your reply, Mak. I tried adding "modem dialin" under the lines and then reloaded the access server but, for some reason, I could still reverse telnet to a line and could then dial out using atdt command.

Mark

Cisco Employee

Re: Preventing modems from dialing outbound

With "modem dialin" uner the line, the AS shouldn't allow you to even reverse telnet to the modem. You can enter command for reverse telnet but the session will be disconnected or closed next second.

So make sure to enter "modem dialin" and issue "clear line x" and then reverse telnet after that. If still no luck, need to see the config under the line on which you are trying to attempt the reverse telnet session.

New Member

Re: Preventing modems from dialing outbound

Thank you for your response. Below I have pasted pertinent parts of my configuration (sanitized). I have "modem dialin" for all my lines (1 thru 96). I picked one at random (line 9), cleared the line, connected to it with reverse telnet, and after authenticating I placed a call to the Cisco Dial-up lab in San Jose:

(hostname)#show config

!

!

!

interface FastEthernet0

ip address 10.1.1.1 255.255.255.0

no ip directed-broadcast

duplex full

speed 100

!

!

line 1 96

session-timeout 10 output

exec-timeout 1 0

autoselect during-login

autoselect ppp

absolute-timeout 240

login authentication users

modem Dialin

modem autoconfigure type mica_new

transport preferred pad telnet rlogin udptn

transport input all

transport output pad telnet rlogin udptn

end

(hostname)#clear line 9

[confirm]y [OK]

(hostname)#telnet 10.1.1.1 2009

Trying 10.1.1.1, 2009 ... Open

(Banner Removed)

User Access Verification

Username:(removed)

Password:

Access Permitted

at

OK

atdt1,4085703932

CONNECT 31200 /V.42/V.42bis

Welcome! Please login with username cisco, password

cisco, and type the appropriate commands for your test:

ppp - to start ppp

slip - to start slip

arap - to start arap

Please e-mail comments about this service to dpeng@cisco.com.

customer-dialin-sj line 5 Microcom V.90 modems

User Access Verification

Username: cisco

Password:

customer-dialin-sj>exit

Silver

Re: Preventing modems from dialing outbound

CSCdt11058 "modem dialin on a line does not prevent reverse telnet" was filed coz ideally only with "modem dialin" it should not let a reverse telnet.

IOS Modem Control Scaling changes in the code now should permit this, I tried in my lab as5300 with 12.1 & 12.2 & it worked....what IOS image are you presently running?

Thanks, Mak.

New Member

Re: Preventing modems from dialing outbound

Perhaps an IOS upgrade is in order - this particular box is an AS5300 running 12.0(7)T. Thanks very much for your help!

Mark

Cisco Employee

Re: Preventing modems from dialing outbound

I dont think you need IOS upgrade. Its the job of "transport input" command to let you rev telnet into a modem. So if you have "transport input all" under the tty lines , pls remove that if you do not want to be able to rev telnet into them.

~Zulfi

New Member

Re: Preventing modems from dialing outbound

Thanks! That solved my issue. And thanks to all who replied to my original post.

127
Views
0
Helpful
8
Replies