I would like to ensure that my modems are only used for dial-in access to my network and prevent any dial-out functionality. I did have the "modem InOut" command configured on my lines but when I removed that, I could still reverse telnet to a modem and dial out by issuing an atdt command.
Thanks for your reply, Mak. I tried adding "modem dialin" under the lines and then reloaded the access server but, for some reason, I could still reverse telnet to a line and could then dial out using atdt command.
With "modem dialin" uner the line, the AS shouldn't allow you to even reverse telnet to the modem. You can enter command for reverse telnet but the session will be disconnected or closed next second.
So make sure to enter "modem dialin" and issue "clear line x" and then reverse telnet after that. If still no luck, need to see the config under the line on which you are trying to attempt the reverse telnet session.
Thank you for your response. Below I have pasted pertinent parts of my configuration (sanitized). I have "modem dialin" for all my lines (1 thru 96). I picked one at random (line 9), cleared the line, connected to it with reverse telnet, and after authenticating I placed a call to the Cisco Dial-up lab in San Jose:
ip address 10.1.1.1 255.255.255.0
no ip directed-broadcast
line 1 96
session-timeout 10 output
exec-timeout 1 0
login authentication users
modem autoconfigure type mica_new
transport preferred pad telnet rlogin udptn
transport input all
transport output pad telnet rlogin udptn
(hostname)#clear line 9
(hostname)#telnet 10.1.1.1 2009
Trying 10.1.1.1, 2009 ... Open
User Access Verification
CONNECT 31200 /V.42/V.42bis
Welcome! Please login with username cisco, password
cisco, and type the appropriate commands for your test:
I dont think you need IOS upgrade. Its the job of "transport input" command to let you rev telnet into a modem. So if you have "transport input all" under the tty lines , pls remove that if you do not want to be able to rev telnet into them.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...