|
It's disabled by default. If you turned it on at some point just ditch the vty line.
|
In short:
You need to keep the telnet access enabled, but need to apply an access-list list against it permitting only the local LAN addresses. access-list 8 permit 192.168.1.0 0.0.0.255 line vty 0 4 access-class 8 in The above would only allow vty access from local lan 192.168.1.0. Dave |
cool to see other Cisco guys around.
|
Wow, this brings back memories - I haven't done any IOS stuff in 5 years or so!
|
Wonder why cisco still uses telnet instead of ssh with keys?
Makes me think I outght to do a second AS as networking this time and focus on the cisco... |
Quote:
I used to work on the Cisco TAC. Lots of people that manage networking equipment, whether it be routers, switches, firewalls, etc..., have no clue. Lots of them were the PC guy and then they bought a router which automatically made them the router guy. They know just enough to get it to work or maybe not even. Not so much these days, but in days gone by you'd be amazed how many people used "cisco", "cmaker", "password", whatever for their telnet passwords. |
Quote:
Dave |
LOL. I guess I better read this. I just re-took my CCNA. It had expired a few years back.
|
ACcessl list the VTY with an access-list that only pertains to your internal IP addresses.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800873c8 .html#wp1017389 I think 12.1 and higher support SSH; in my experience with it on the lower end routers I've had a lot of flakey connections where telnet was rock solid; no lost connections. Your 3600 should handle SSH just fine though. |
| All times are GMT -8. The time now is 02:53 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2025 Pelican Parts, LLC - Posts may be archived for display on the Pelican Parts Website