07-08-2008 02:08 AM - edited 03-03-2019 10:38 PM
I'm not sure if I stumble into a possible IOS bug of a certain IOS release for Catalyst Switch. I test other IOS release and don't see this problem. I look for similar problem in Cisco Security Center but I don't see any.
Here is the configuration...
!
ip access-list standard VTY
permit 192.168.1.1
!
line vty 0 4
access-class VTY in
exec-timeout 5 0
length 0
transport input ssh
line vty 5 15
I can login with the following.....
Application: Telnet
Source IP Address: Any IP Address except 192.168.1.1
Account: Any local user accounts
Line: 6 to 16 (which is vty 5 to 15)
The workaround I use...
!
line vty 5 15
access-class VTY in
Any idea how to totally block access to line 6 to 16?
TIA
Solved! Go to Solution.
07-08-2008 03:18 AM
07-08-2008 02:21 AM
If you do not need those lines i.e. more than five simultaneous telnet/ssh sessions then I would remove them (no line vty 5 15) you can always reinstate them later.
Tom
07-08-2008 02:21 AM
You cannot remove them :)
07-08-2008 03:18 AM
Hi Dandy,
Simply do "no exec" under these lines.
BR,
Mohammed Mahmoud.
07-08-2008 03:41 AM
Thanks Mohammed, that works..
07-08-2008 03:59 AM
Dandy,
You are more than welcomed.
BR,
Mohammed Mahmoud.
07-08-2008 05:57 AM
I usualy just configure all the vty with
line vty 0 15
this way all 16 have the same restrictions
07-08-2008 06:36 AM
Yes, but as I mentioned I only encountered this on one particular Catalyst Switch IOS.
This is because everytime I update/upgrade IOS, I use a tool to scan the device for any vulnerability. Sometime, you can just try it manually - as in this case I found out the problem when manually trying to telnet to the switch using an IP Address that is not in the ACL in line 1 to 5 (vty 0 4). I did not encounter this in other Catalyst Switch IOS. But of course I cannot test all release as I have other better things to do :) like playing COD4 (right now) and AAO (maybe later) :).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: