03-06-2006 02:03 PM - edited 03-03-2019 02:08 AM
I am runnning a 4506 with 12.2(20) EWA. I had configured telnet to the switch and then removed telnet by entering the "no login" command on line vty 0 4.
line vty 0 4
no login
This will disable telnet access to the switch but it did not. I have opned a case with Cisco regarding this isue which I think is a bug. They have created the same issue and are trying to confirm that its a bug. I know you removing the vty line will give me same of affect as no login.
I would like to know if anyone experiencing the same issue and what IOS they are using.
03-06-2006 05:51 PM
Can't really say most network admins need to be able to telnet into the switches to manage them so generally most of us would not shut them down . If you need security you can always add acl's against the vty lines.
03-07-2006 05:25 AM
Yes, I understand that. The reason for the post is to find similiar issues.
03-07-2006 07:23 AM
This is *NOT* a bug and working as designed. "no login" under VTY lines just allows telnet without prompting for a password. As you can see in the parser, it clearly says its for password checking only
cse-45b(config-line)#no login ?
local Local password checking
tacacs Use tacacs server for password checking
If you want to disable access, try configuring "no transport input" under the VTY lines.
03-07-2006 07:59 AM
no transport input is a good way to stop telnet access. I also have found "no exec" on the VTYs to be quite effective.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide