06-01-2019 02:40 AM
Hi,
We are unable to disable telnet on Cisco Switch 3850. version (Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9 -M), Version 16.6.4, RELEASE SOFTWARE (fc3).
Following command are already executed on device.
line con 0
logging synchronous
stopbits 1
line aux 0
no exec
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 15 0
transport preferred ssh
transport input ssh
transport output ssh
line vty 5 15
no exec
06-01-2019 03:46 AM
- Could you remove transport preferred ssh and try again; better is to have a backup session open on the device in case a command locks you out completely (then you can still revert).
M.
06-01-2019 04:25 AM - edited 06-01-2019 04:29 AM
Test what you say @marce1000 and you can also prevent me from logging into the range of access lines via telnet, for example:
vty line 5 15
No login
Another way that for some versions of IOS works by denying the lines they will not use:
No line vty 5 15
06-04-2019 07:59 AM
I am not clear about something in the original post. The partial config includes this
line vty 0 4
transport preferred ssh
transport input ssh
transport output ssh
line vty 5 15
no exec
So vty 0 through 4 accept only SSH and vty 5 through 15 do not accept connections. It looks to me like telnet is disabled. But the original post tells us they are not able to disable telnet. Can the original poster provide clarification about how telnet is not disabled?
HTH
Rick
06-04-2019 09:43 AM
>Can the original poster provide clarification about how telnet is not disabled?
- That looks like a strange sentence for me Richard, because I presume that this would follow from user experience. My assertion is that transport preferred ssh needs to be removed from the config otherwise the switch would think that telnet is still an alllowed option.
M.
06-04-2019 01:17 PM
M
Your assertion is flawed. There are several commands related to SSH and you need to understand the function of both of them.
line vty 0 4
transport preferred ssh ** this command indicates that when there are multiple transport protocols allowed which one of them is preferred. It does not have anything to do with which transport protocols are allowed.
transport input ssh ** this command indicates what transport protocol is allowed. In this cases only a single transport is allowed, which is ssh.
I would agree that when only a single transport protocol is allowed that it is not significant to specify which one is preferred. And therefore I would agree that the original poster might want to remove the un needed command. But having that command in the configuration is not going to enable telnet.
You find my question strange. My question reflects my analysis of the very limited partial configuration and it looks to me that telnet should be disabled. If the original poster has evidence that it is not disabled then I would like to know what that evidence is. Perhaps it does follow from user experience. In that case I would like to know what that experience is.
HTH
Rick
06-04-2019 05:02 PM
learned alot from u guys didnt know there was a transport preferred ssh command in other words picking from the list. Do you think this guy means disconnecting from a telnet session? Looks like he does not have it allowed coming into the device anyway, but its been my experience that disconnecting from telnet session with the disconnect command does not work a simple exit does.
06-05-2019 04:14 AM
>...
>If the original poster has evidence that it is not disabled then I would like to know what that evidence is. Perhaps it does follow from user experience. In that case I would like to know what that experience is.
- Remarkable , can't you shut check whether you can telnet to the device or not, using Putty (e.g.) or another app (?)
M.
08-04-2020 02:06 AM
add *transport input ssh* command to line vty 0 4 and linet vty 5 15
then check.
08-04-2020 12:12 PM
The original post was clear that vty 0 4 already had transport input ssh applied. And since vty 5 15 were configured with no exec then it would be superfluous to apply transport input ssh to them.
08-06-2020 06:19 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide