Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
5
Helpful
3
Replies

Securing Telnet

Go to solution
sunjoseph
Level 1
Level 1

‎11-18-2008 10:10 AM - edited ‎03-04-2019 12:23 AM

How do I disable telnet sessions from the wan adapter but allowing telnet access from the lan network.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
jpoplawski
Level 1
Level 1

‎11-18-2008 10:22 AM

Two ways.

1) Add an ACL to your WAN interface

ip access-list ext InboundACL

deny tcp any any eq telnet

permit ip any any

int s 1/0

access-g InboundACL in

2) Create an ACL and apply it to the Line VTY.

access-list 10 permit 10.1.1.0 0.0.0.255

line vty 0 4

access-class 10 in

That should do it for a rough sketch, although you'll need to modify for your environment. I would recommend disabling telnet altogether and going with SSH, too.

Hope this helps, rate if it does,

JB

View solution in original post

Go to solution
scottmac
Level 10
Level 10
In response to sunjoseph

‎11-19-2008 06:17 AM

VTY is short for "Virtual Terminal" (old system name for terminals is TTY).

VTY handles Telnet and SSH (for IOS that supports SSH)

Line Console is the serial port on the front.

Good Luck

Scott

View solution in original post

0 Helpful
3 Replies 3

Go to solution
jpoplawski
Level 1
Level 1

‎11-18-2008 10:22 AM

Two ways.

1) Add an ACL to your WAN interface

ip access-list ext InboundACL

deny tcp any any eq telnet

permit ip any any

int s 1/0

access-g InboundACL in

2) Create an ACL and apply it to the Line VTY.

access-list 10 permit 10.1.1.0 0.0.0.255

line vty 0 4

access-class 10 in

That should do it for a rough sketch, although you'll need to modify for your environment. I would recommend disabling telnet altogether and going with SSH, too.

Hope this helps, rate if it does,

JB

Go to solution
sunjoseph
Level 1
Level 1
In response to jpoplawski

‎11-19-2008 05:09 AM

I think i'm wrong on this issue but isn't the VTY the serial inerface? I wanted access from my internal network without plugging a cables into a special port.

0 Helpful

Go to solution
scottmac
Level 10
Level 10
In response to sunjoseph

‎11-19-2008 06:17 AM

VTY is short for "Virtual Terminal" (old system name for terminals is TTY).

VTY handles Telnet and SSH (for IOS that supports SSH)

Line Console is the serial port on the front.

Good Luck

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card