topic SSH access to 4006 switch in Network Access Control

SSH access to 4006 switch

ctheisen — Sun, 10 Mar 2019 21:49:19 GMT

I'm trying to enable SSH-only access to a Cisco 4006 running CAT OS 8.4(11)GLX with local authentication. SSH works fine, but telnet access is still available. How can I disable telnet access?

Re: SSH access to 4006 switch

m.sir — Tue, 31 Oct 2006 19:35:20 GMT

Try

set ip permit disable telnet

Re: SSH access to 4006 switch

ctheisen — Wed, 08 Nov 2006 14:50:26 GMT

Thanks; tried this command, but telnet still allowed.

Re: SSH access to 4006 switch

Collin Clark — Wed, 08 Nov 2006 17:58:03 GMT

Do a show conf and look for the following-

#permit list

set ip permit enable telnet

set ip permit enable ssh

set ip permit enable snmp

set ip permit 10.1.2.17 ssh

set ip permit 10.1.2.17 snmp

If you want to have SSH only, change the permit statements to reflect SSH only. In the example above 10.1.2.17 can SSH and SNMP to the switch. If it's blank after the IP, that means the IP can do everything that is enabled. Using the above example that means 10.1.2.17 could telnet, ssh, and snmp because all three protocols are enabled. If your admins already have 'all' access, remove 'all' access and then add SSH and any other protocols.

clear ip permit 10.1.2.17 255.255.255.255 all

set ip permit 10.1.2.17 ssh

set ip permit 10.1.2.17 snmp

Re: SSH access to 4006 switch

ctheisen — Mon, 27 Nov 2006 21:19:57 GMT

Thanks for the input. I configured as suggested, but still was able to telnet. I just set ip permit enabled for telnet, and didn't specify a list of addresses; that stopped telnet access.