08-02-2019 02:53 PM
We are in the process of rolling out a network upgrade using Cisco DNA Center. All of our switches are either Catalyst 9300 or 9500 series switches. We've noticed that after provisioning the devices that DNA Center leaves telnet access enabled on the vty lines. I don't want anyone to even accidentally connect to a device using telnet. I wish to require ssh. How do I make this the default for DNA Center deployment?
08-05-2019 05:13 AM
08-06-2019 01:57 AM
This is indeed the current workaround. Be aware that when you provision a device for a second time with the same revision of the linked template, the template won't be pushed again (CSCvq22396). In this case that would mean that the VTY settings are back to DNA's defaults.
Track enhancement CSCvq28740 for the real fix, hopefully they will include VTY and SNMP ACLs as part of this enhancement as well.
Please rate useful posts... :-)
08-07-2019 07:29 AM
Thanks for the feedback. I spoke with our implementation engineer. He confirmed that the BU is aware of the issue and will address this in a future update.
08-26-2019 07:34 PM
You can work on template editor and to create and template . Go through the process of provisioning your devices and make sure you configure the VTY lines using the tools and this will help .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide