Solved: Disable Telnet on a Catalyst 3750 stack?

rstevek · ‎08-17-2010

Hi all,

I have just configured a new Catalyst 3750 switch stack. I am trying to disable Telnet access to the CLI while leaving SSH open. The "transport input ssh" command is not available for vty line 0 through 3, and even if I disable Telnet in the Web UI I can still Telnet to the switch. Is what I am trying to do possible with this model?

Thanks,
- Steve

Leo Laohoo · ‎08-18-2010

"transport input ssh" command is not available for vty line 0 through 3

Try the following:

line vty 0 15

transport input ssh

View solution in original post

vragotha · ‎08-17-2010

What IOS are you running? From the looks of it, you may not have a k9 image running.

Please post a 'show ver' and 'show run' if you do have a k9 image

rstevek · ‎08-18-2010

Hi Vijay,

Thanks for the response. I am running a k9 image. I CAN enable SSH, the problem is that I can't DISABLE Telnet.

Thanks,

- Steve

John Blakley · ‎08-18-2010

As an alternative, you could create an acl and apply it to your line that only allows port 22.

HTH,

John

HTH, John *** Please rate all useful posts ***

UsmanAkram1525 · ‎08-04-2020

I tried with this and it works.
but add the blocklist access group in vlan

vragotha · ‎08-18-2010

From what you are saying, telnet is still open from lines 4 through 15. You'll want to add the transport input ssh command to all 15 lines to disable telnet

Leo Laohoo · ‎08-18-2010

"transport input ssh" command is not available for vty line 0 through 3

Try the following:

line vty 0 15

transport input ssh

rstevek · ‎08-19-2010

Hi leolaohoo,

Thanks - that worked. I'm really confused, though, because originally, "transport input ssh" was not a recognized command on lines 0 through 3. Now, however, after running the command for vty 0 through 15, I can run the same comamnd on 0 3. I swear that I am not crazy! I think I hit some sort of bug.

Thanks,

- Steve

Leo Laohoo · ‎08-19-2010

Hi Steve,

Thanks for the ratings.

originally, "transport input ssh" was not a recognized command on lines 0 through 3

I've never seen this before, however, some Cisco routers (800, 810, 830, 850, 870) will support only up "4". So I'm suspecting you are getting confused with this. It's just a forced of habit for me to configure "0 15" all because of a similar mistake I made years ago.

GRAEME DANIELSON · ‎08-22-2010

Maybe you were doing something like configuring "line 0" instead of "line vty 0" ?

Leo Laohoo · ‎08-22-2010

Nah, mate. I was new to everything network.