cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

287
Views
15
Helpful
7
Replies

Unable to disable telnet on Cisco Switch 3850

Hi,

 

We are unable to disable telnet on Cisco Switch 3850. version (Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9 -M), Version 16.6.4, RELEASE SOFTWARE (fc3).

 

Following command are already executed on device.

 

 

line con 0
logging synchronous
stopbits 1
line aux 0
no exec
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 15 0
transport preferred ssh
transport input ssh
transport output ssh
line vty 5 15
no exec

7 REPLIES 7
Rising star

Re: Unable to disable telnet on Cisco Switch 3850

 

 - Could you remove transport preferred ssh  and try again; better is to have a backup  session open on the device in case a command locks you out completely (then you can still revert).

 M.

Rising star

Re: Unable to disable telnet on Cisco Switch 3850

Spoiler
Hi my Friend, 


Test what you say @marce1000 and you can also prevent me from logging into the range of access lines via telnet, for example:

vty line 5 15
No login

Another way that for some versions of IOS works by denying the lines they will not use:

 No line vty 5 15

Hall of Fame Master

Re: Unable to disable telnet on Cisco Switch 3850

I am not clear about something in the original post. The partial config includes this

line vty 0 4
transport preferred ssh
transport input ssh
transport output ssh
line vty 5 15
no exec

 

So vty 0 through 4 accept only SSH and vty 5 through 15 do not accept connections. It looks to me like telnet is disabled. But the original post tells us they are not able to disable telnet. Can the original poster provide clarification about how telnet is not disabled?

 

HTH

 

Rick

Rising star

Re: Unable to disable telnet on Cisco Switch 3850

 

                     >Can the original poster provide clarification about how telnet is not disabled?

  - That looks like a strange sentence for me Richard,  because I presume that this would  follow from user experience. My assertion is that transport preferred ssh needs to be removed from the config otherwise the switch would think that telnet is still an alllowed option.

 M.

Hall of Fame Master

Re: Unable to disable telnet on Cisco Switch 3850

M

 

Your assertion is flawed. There are several commands related to SSH and you need to understand the function of both of them.

line vty 0 4
transport preferred ssh  **  this command indicates that when there are multiple transport protocols allowed which one of them is preferred. It does not have anything to do with which transport protocols are allowed.
transport input ssh  **  this command indicates what transport protocol is allowed. In this cases only a single transport is allowed, which is ssh. 

 

I would agree that when only a single transport protocol is allowed that it is not significant to specify which one is preferred. And therefore I would agree that the original poster might want to remove the un needed command. But having that command in the configuration is not going to enable telnet.

 

You find my question strange. My question reflects my analysis of the very limited partial configuration and it looks to me that telnet should be disabled. If the original poster has evidence that it is not disabled then I would like to know what that evidence is. Perhaps it does follow from user experience. In that case I would like to know what that experience is.

 

HTH

 

Rick

Highlighted
Beginner

Re: Unable to disable telnet on Cisco Switch 3850

learned alot from u guys didnt know there was a transport preferred ssh command in other words picking from the list. Do you think this guy means disconnecting from a telnet session? Looks like he does not have it allowed coming into the device anyway, but its been my experience that disconnecting from telnet session with the disconnect command does not work a simple exit does.

Rising star

Re: Unable to disable telnet on Cisco Switch 3850

>...

>If the original poster has evidence that it is not disabled then I would like to know what that evidence is. Perhaps it does follow from user experience. In that case I would like to know what that experience is.

  - Remarkable , can't you shut check whether you can telnet to the device or not, using Putty (e.g.) or another app (?)

 M.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards