Options
completely disable telenet access to a mullti layer switch
![Pash](https://us.v-cdn.net/6030959/uploads/userpics/navatar160086_5.gif)
in CCNA & CCENT
We have a 6500 switch running CatOS at L2 and IOS at L3. The L3 part is easy with use of access list's, but the L2 part seems to be a stopgap. I was under the impression:
"set ip permit enable telnet" command without supplying a permit list would disable telnet access entirely, but our clients pen testers seem to believe differently.
Does anyone have any ideas how I can remove telenet access entirely from this 6500 switch?
Cheers,
Pash
"set ip permit enable telnet" command without supplying a permit list would disable telnet access entirely, but our clients pen testers seem to believe differently.
Does anyone have any ideas how I can remove telenet access entirely from this 6500 switch?
Cheers,
Pash
DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
Comments
-
Options
jason_lunde Member Posts: 567
I am not a big CatOS guru, but I believe the command to disable it is:
set ip permit X.X.X.X Y.Y.Y.Y telnet
set ip permit disable telnet
try that out, and let me know... -
Options
rwwest7 Member Posts: 300
Couldn't you also add:
conf t
line vty 0 X
no password
login
Then if somebody is able to get through the access list, they would get the "password required but none set" error. -
Options
LBC90805 Member Posts: 247
Couldn't you also add:
conf t
line vty 0 X
no password
login
Then if somebody is able to get through the access list, they would get the "password required but none set" error.
Those commands would just allow someone to log into the VTY without a password. Correct me if I'm wrong, someone, but that wouldn't turn off TELNET altogether.
I was thinking something along the lines of "No Transport Input SOMETHING". -
Options
networker050184 Mod Posts: 11,962 Mod
Those commands would just allow someone to log into the VTY without a password. Correct me if I'm wrong, someone, but that wouldn't turn off TELNET altogether.
You're thinking of no login.An expert is a man who has made all the mistakes which can be made. -
Options
amp2030 Member Posts: 253
I was thinking something along the lines of "No Transport Input SOMETHING".
"Transport Input SSH" should do the trick... -
Options
tiersten Member Posts: 4,505
jason_lunde wrote: »I am not a big CatOS guru, but I believe the command to disable it is:
set ip permit X.X.X.X Y.Y.Y.Y telnet
set ip permit disable telnet
try that out, and let me know... -
Options
tiersten Member Posts: 4,505
Those commands would just allow someone to log into the VTY without a password. Correct me if I'm wrong, someone, but that wouldn't turn off TELNET altogether.
I was thinking something along the lines of "No Transport Input SOMETHING". -
Options
Pash Member Posts: 1,600 ■■■■■□□□□□
Thanks for response guys:
set ip permit X.X.X.X Y.Y.Y.Y telnet
set ip permit disable telnet
We will try thaat jason thanks.
Its actually a multi layer switch, so L2 catOS L3 IOSDevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me. -
Options
rwwest7 Member Posts: 300
Those commands would just allow someone to log into the VTY without a password. Correct me if I'm wrong, someone, but that wouldn't turn off TELNET altogether.
I was thinking something along the lines of "No Transport Input SOMETHING". -
Options
LBC90805 Member Posts: 247
networker050184 wrote: »You're thinking of no login.
I knew I was missing something. It's been awhile since I goofed around with the "line" commands.