His intent was to "stop the telnet daemon" as he put it. You can not
actually stop the "telnet" process on a router. Access-class and transport
input none just stop access to the lines that it is applied to. It doesn't
actually stop telnet as a process on the router.
Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
5G Networks, Inc.
[EMAIL PROTECTED]
(925) 260-2724
> -----Original Message-----
> From: John Starta [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, May 05, 2001 8:58 AM
> To: Brian Dennis
> Cc: [EMAIL PROTECTED]
> Subject: RE: Disable telnet port [7:3237]
>
>
> If the intent is to prevent connections TO the router via telnet adding
> "transport input none" to the vty's will accomplish this. To
> prevent telnet
> connections FROM the router add "transport output none" to the vty's. Add
> both and you have effectively disabled telnet on the router.
>
> weezer#192.168.0.30
> % Unknown command or computer name, or unable to find computer address
> weezer#telnet 192.168.0.30
> % telnet connections not permitted from this terminal
>
> jas
>
> At 01:15 AM 5/5/01 -0400, Brian Dennis wrote:
> >John,
> >He was asking to disable the telnet process. This just disables
> port 23 for
> >the vty lines like an access-class does. There is not way to disable the
> >process itself.
> >
> >Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> >5G Networks, Inc.
> >[EMAIL PROTECTED]
> >(925) 260-2724
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > john mcguinn
> > > Sent: Friday, May 04, 2001 7:22 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Disable telnet port [7:3237]
> > >
> > >
> > > config t
> > > line vty 0 4
> > > transport input none
> > >
> > > You have successfully disabled telnet port.
> > > Jack
> > >
> > > ----- Original Message -----
> > > From: "Brian Dennis"
> > > To:
> > > Sent: Friday, May 04, 2001 7:21 PM
> > > Subject: RE: Disable telnet port [7:3237]
> > >
> > >
> > > > If you put an access-class in on the vty lines that
> disables everything
> > > like
> > > > Chuck recommended no one will be able to telnet in. Also a port
> > > scan will
> > > > not show anything on port 23. So telnet would appear to be disabled.
> > > >
> > > > There just isn't a way to actually turn off the telnet process
> > > on a Cisco
> > > > router. If you really want to stop the telnet process you could
> > > power off
> > > > the router but this would stop all the processes 8-)
> > > >
> > > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> > > > 5G Networks, Inc.
> > > > [EMAIL PROTECTED]
> > > > (925) 260-2724
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
> > > > Jacques Atlas
> > > > Sent: Friday, May 04, 2001 4:09 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: Disable telnet port [7:3237]
> > > >
> > > >
> > > > On Fri, 4 May 2001, Chuck Larrieu wrote:
> > > >
> > > > |There is no option "no service telnet" on the IOS I have available
to
> > me.
> > > >
> > > > :-) that was just an example of something that would be nice.
> > > >
> > > > |Your choice would then become an access-list denying telnet to
> > > > appropriate
> > > > |router interfaces. You can also apply access lists to the vty
> > > > ports to limit
> > > > |who can telnet in. nope, can't delete the vty lines either.
> > > >
> > > > acl's for all interfaces is way to complex.
> > > >
> > > > telnet is not an option. if you can stop the telnet daemon on
> > a unix box
> > > > you should be able to do it on a cisco device, if it support another
> > form
> > > > of transport.
> > > >
> > > > owell
> > > >
> > > > --
> > > > jacques
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3315&t=3237
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
