cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
758
Views
10
Helpful
4
Replies
Highlighted
Beginner

DNA Center Provisioning and Disabling Telnet

We are in the process of rolling out a network upgrade using Cisco DNA Center. All of our switches are either Catalyst 9300 or 9500 series switches. We've noticed that after provisioning the devices that DNA Center leaves telnet access enabled on the vty lines. I don't want anyone to even accidentally connect to a device using telnet. I wish to require ssh. How do I make this the default for DNA Center deployment?

4 REPLIES 4
Highlighted
VIP Advocate

Best bet is to create a template via template editor to harden your devices. Then create a network profile with a Day-N-Template and assign your template to the respective Device Types. Then upon provisioning a device under advanced configuration you will be able to assign your changes and properly configure your VTY lines as you wish. Good luck & HTH!
Highlighted

This is indeed the current workaround. Be aware that when you provision a device for a second time with the same revision of the linked template, the template won't be pushed again (CSCvq22396). In this case that would mean that the VTY settings are back to DNA's defaults.

Track enhancement CSCvq28740 for the real fix, hopefully they will include VTY and SNMP ACLs as part of this enhancement as well.

Please rate useful posts... :-)

Highlighted

Thanks for the feedback. I spoke with our implementation engineer. He confirmed that the BU is aware of the issue and will address this in a future update.

Highlighted
Cisco Employee

You can work on template editor and to create and template . Go through the process of provisioning your devices and make sure you configure the VTY lines using the tools and this will help .