4506 Telnet Issues

paulsa3598 · ‎03-06-2006

I am runnning a 4506 with 12.2(20) EWA. I had configured telnet to the switch and then removed telnet by entering the "no login" command on line vty 0 4.

line vty 0 4

no login

This will disable telnet access to the switch but it did not. I have opned a case with Cisco regarding this isue which I think is a bug. They have created the same issue and are trying to confirm that its a bug. I know you removing the vty line will give me same of affect as no login.

I would like to know if anyone experiencing the same issue and what IOS they are using.

glen.grant · ‎03-06-2006

Can't really say most network admins need to be able to telnet into the switches to manage them so generally most of us would not shut them down . If you need security you can always add acl's against the vty lines.

paulsa3598 · ‎03-07-2006

Yes, I understand that. The reason for the post is to find similiar issues.

Prashanth Krishnappa · ‎03-07-2006

This is *NOT* a bug and working as designed. "no login" under VTY lines just allows telnet without prompting for a password. As you can see in the parser, it clearly says its for password checking only

cse-45b(config-line)#no login ?

local Local password checking

tacacs Use tacacs server for password checking

If you want to disable access, try configuring "no transport input" under the VTY lines.

Richard Burts · ‎03-07-2006

no transport input is a good way to stop telnet access. I also have found "no exec" on the VTYs to be quite effective.

HTH

Rick

HTH

Rick