Understood. But why attempt to stop the telnet daemon if not to prevent
telnet to/from the router? Setting the transport to "none" for input and
output is a very effective way of accomplishing this task.
jas
At 12:28 PM 5/5/01 -0400, Brian Dennis wrote:
>His intent was to "stop the telnet daemon" as he put it. You can not
>actually stop the "telnet" process on a router. Access-class and transport
>input none just stop access to the lines that it is applied to. It doesn't
>actually stop telnet as a process on the router.
>
>Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
>5G Networks, Inc.
>[EMAIL PROTECTED]
>(925) 260-2724
>
> > -----Original Message-----
> > From: John Starta [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, May 05, 2001 8:58 AM
> > To: Brian Dennis
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: Disable telnet port [7:3237]
> >
> >
> > If the intent is to prevent connections TO the router via telnet adding
> > "transport input none" to the vty's will accomplish this. To
> > prevent telnet
> > connections FROM the router add "transport output none" to the vty's. Add
> > both and you have effectively disabled telnet on the router.
> >
> > weezer#192.168.0.30
> > % Unknown command or computer name, or unable to find computer
address
> > weezer#telnet 192.168.0.30
> > % telnet connections not permitted from this terminal
> >
> > jas
> >
> > At 01:15 AM 5/5/01 -0400, Brian Dennis wrote:
> > >John,
> > >He was asking to disable the telnet process. This just disables
> > port 23 for
> > >the vty lines like an access-class does. There is not way to disable the
> > >process itself.
> > >
> > >Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> > >5G Networks, Inc.
> > >[EMAIL PROTECTED]
> > >(925) 260-2724
> > >
> > > > -----Original Message-----
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
> > > > john mcguinn
> > > > Sent: Friday, May 04, 2001 7:22 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: Disable telnet port [7:3237]
> > > >
> > > >
> > > > config t
> > > > line vty 0 4
> > > > transport input none
> > > >
> > > > You have successfully disabled telnet port.
> > > > Jack
> > > >
> > > > ----- Original Message -----
> > > > From: "Brian Dennis"
> > > > To:
> > > > Sent: Friday, May 04, 2001 7:21 PM
> > > > Subject: RE: Disable telnet port [7:3237]
> > > >
> > > >
> > > > > If you put an access-class in on the vty lines that
> > disables everything
> > > > like
> > > > > Chuck recommended no one will be able to telnet in. Also a port
> > > > scan will
> > > > > not show anything on port 23. So telnet would appear to be
disabled.
> > > > >
> > > > > There just isn't a way to actually turn off the telnet process
> > > > on a Cisco
> > > > > router. If you really want to stop the telnet process you could
> > > > power off
> > > > > the router but this would stop all the processes 8-)
> > > > >
> > > > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> > > > > 5G Networks, Inc.
> > > > > [EMAIL PROTECTED]
> > > > > (925) 260-2724
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of
> > > > > Jacques Atlas
> > > > > Sent: Friday, May 04, 2001 4:09 PM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: RE: Disable telnet port [7:3237]
> > > > >
> > > > >
> > > > > On Fri, 4 May 2001, Chuck Larrieu wrote:
> > > > >
> > > > > |There is no option "no service telnet" on the IOS I have available
>to
> > > me.
> > > > >
> > > > > :-) that was just an example of something that would be nice.
> > > > >
> > > > > |Your choice would then become an access-list denying telnet to
> > > > > appropriate
> > > > > |router interfaces. You can also apply access lists to the vty
> > > > > ports to limit
> > > > > |who can telnet in. nope, can't delete the vty lines either.
> > > > >
> > > > > acl's for all interfaces is way to complex.
> > > > >
> > > > > telnet is not an option. if you can stop the telnet daemon on
> > > a unix box
> > > > > you should be able to do it on a cisco device, if it support
another
> > > form
> > > > > of transport.
> > > > >
> > > > > owell
> > > > >
> > > > > --
> > > > > jacques
> > > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3319&t=3237
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
