06-03-2021 09:24 AM
Question - Is this an expected action? I have attempted to reestablish Telnet access using the "line vty 0 4" commands. The CLI commands indicated that they executed correctly, but the Telnet connections are still being refused.
Solved! Go to Solution.
06-03-2021 11:34 AM
There are multiple options for configuring transport input but there are 3 that we should focus on (the other options are possible but rarely used)
- transport input telnet. It appears that this might be configured on some of your devices. The result of this configuration is that telnet is allowed but no other protocol is allowed (specifically ssh is not allowed).
- transport input ssh. This is on the device in your post. The result of this configuration is that ssh is allowed but no other protocol (specifically telnet is not allowed).
- transport input all. This is the default value, and since default values usually do not show up in the output of show run, you would typically not see this command in the show run output. The result of this configuration is that multiple protocols including both telnet and ssh are allowed.
On the device in your original post if you want telnet to work then change the line in the vty config from transport input ssh to either transport input telnet or transport input all.
06-03-2021 09:51 AM
- What is the full model of this device as can be seen from show version ? Post current vty-config (from running-config) too.
M.
06-03-2021 10:14 AM
I've currently have had this happen on two systems: Cisco C9200L-24p-4x and Cisco C9200L-48p-4G
This is the output for vty on these systems:
From 48P:
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 15051804517F7872
login
length 0
transport input ssh
line vty 5 15
login
transport input ssh
From 24P:
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 051C150774191D5F
login
length 0
transport input ssh
line vty 5 10
password 7 08365F465C4C5641
login
transport input ssh
line vty 11 15
password 7 071832441B5C4A53
login
transport input ssh
06-03-2021 10:46 AM
The current behavior of not allowing telnet is easy to explain. From your post showing partial config
transport input ssh
This allows ssh and does not allow telnet. How it got this way is not something that I can explain. I would be very surprised if a code upgrade changed the vty config. Do you have a copy of the config from before the code upgrade? Can you show the vty config from before the code upgrade?
06-03-2021 11:17 AM
Sorry, but no. I don't have any previous config copies for these systems. How do I go about making changes to the transport input settings? Just to test, I ran an upgrade on a Cisco C9200L-24PXE-4X to iosxe17.03.03 - Once completed and the system rebooted. I was still able to telnet into the system. The VTY-Config confirmed that the transport input and output were set to Telnet on this system. I'm trying to understand why I'm not able to get the Telnet to work on the other systems using the previously established CLI commands.
06-03-2021 11:34 AM
There are multiple options for configuring transport input but there are 3 that we should focus on (the other options are possible but rarely used)
- transport input telnet. It appears that this might be configured on some of your devices. The result of this configuration is that telnet is allowed but no other protocol is allowed (specifically ssh is not allowed).
- transport input ssh. This is on the device in your post. The result of this configuration is that ssh is allowed but no other protocol (specifically telnet is not allowed).
- transport input all. This is the default value, and since default values usually do not show up in the output of show run, you would typically not see this command in the show run output. The result of this configuration is that multiple protocols including both telnet and ssh are allowed.
On the device in your original post if you want telnet to work then change the line in the vty config from transport input ssh to either transport input telnet or transport input all.
06-03-2021 11:53 AM
I am glad that my explanation and suggestions were helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide