Re: Disable telnet port [7:3237]
hi On Sat, 5 May 2001, EA Louie wrote: |If you have the right version of IOS, you can |transport input ssh that works :-) thanks -- jacques Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3293t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
His intent was to stop the telnet daemon as he put it. You can not actually stop the telnet process on a router. Access-class and transport input none just stop access to the lines that it is applied to. It doesn't actually stop telnet as a process on the router. Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: John Starta [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 05, 2001 8:58 AM To: Brian Dennis Cc: [EMAIL PROTECTED] Subject: RE: Disable telnet port [7:3237] If the intent is to prevent connections TO the router via telnet adding transport input none to the vty's will accomplish this. To prevent telnet connections FROM the router add transport output none to the vty's. Add both and you have effectively disabled telnet on the router. weezer#192.168.0.30 % Unknown command or computer name, or unable to find computer address weezer#telnet 192.168.0.30 % telnet connections not permitted from this terminal jas At 01:15 AM 5/5/01 -0400, Brian Dennis wrote: John, He was asking to disable the telnet process. This just disables port 23 for the vty lines like an access-class does. There is not way to disable the process itself. Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of john mcguinn Sent: Friday, May 04, 2001 7:22 PM To: [EMAIL PROTECTED] Subject: Re: Disable telnet port [7:3237] config t line vty 0 4 transport input none You have successfully disabled telnet port. Jack - Original Message - From: Brian Dennis To: Sent: Friday, May 04, 2001 7:21 PM Subject: RE: Disable telnet port [7:3237] If you put an access-class in on the vty lines that disables everything like Chuck recommended no one will be able to telnet in. Also a port scan will not show anything on port 23. So telnet would appear to be disabled. There just isn't a way to actually turn off the telnet process on a Cisco router. If you really want to stop the telnet process you could power off the router but this would stop all the processes 8-) Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jacques Atlas Sent: Friday, May 04, 2001 4:09 PM To: [EMAIL PROTECTED] Subject: RE: Disable telnet port [7:3237] On Fri, 4 May 2001, Chuck Larrieu wrote: |There is no option no service telnet on the IOS I have available to me. :-) that was just an example of something that would be nice. |Your choice would then become an access-list denying telnet to appropriate |router interfaces. You can also apply access lists to the vty ports to limit |who can telnet in. nope, can't delete the vty lines either. acl's for all interfaces is way to complex. telnet is not an option. if you can stop the telnet daemon on a unix box you should be able to do it on a cisco device, if it support another form of transport. owell -- jacques FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3315t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
Understood. But why attempt to stop the telnet daemon if not to prevent telnet to/from the router? Setting the transport to none for input and output is a very effective way of accomplishing this task. jas At 12:28 PM 5/5/01 -0400, Brian Dennis wrote: His intent was to stop the telnet daemon as he put it. You can not actually stop the telnet process on a router. Access-class and transport input none just stop access to the lines that it is applied to. It doesn't actually stop telnet as a process on the router. Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: John Starta [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 05, 2001 8:58 AM To: Brian Dennis Cc: [EMAIL PROTECTED] Subject: RE: Disable telnet port [7:3237] If the intent is to prevent connections TO the router via telnet adding transport input none to the vty's will accomplish this. To prevent telnet connections FROM the router add transport output none to the vty's. Add both and you have effectively disabled telnet on the router. weezer#192.168.0.30 % Unknown command or computer name, or unable to find computer address weezer#telnet 192.168.0.30 % telnet connections not permitted from this terminal jas At 01:15 AM 5/5/01 -0400, Brian Dennis wrote: John, He was asking to disable the telnet process. This just disables port 23 for the vty lines like an access-class does. There is not way to disable the process itself. Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of john mcguinn Sent: Friday, May 04, 2001 7:22 PM To: [EMAIL PROTECTED] Subject: Re: Disable telnet port [7:3237] config t line vty 0 4 transport input none You have successfully disabled telnet port. Jack - Original Message - From: Brian Dennis To: Sent: Friday, May 04, 2001 7:21 PM Subject: RE: Disable telnet port [7:3237] If you put an access-class in on the vty lines that disables everything like Chuck recommended no one will be able to telnet in. Also a port scan will not show anything on port 23. So telnet would appear to be disabled. There just isn't a way to actually turn off the telnet process on a Cisco router. If you really want to stop the telnet process you could power off the router but this would stop all the processes 8-) Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jacques Atlas Sent: Friday, May 04, 2001 4:09 PM To: [EMAIL PROTECTED] Subject: RE: Disable telnet port [7:3237] On Fri, 4 May 2001, Chuck Larrieu wrote: |There is no option no service telnet on the IOS I have available to me. :-) that was just an example of something that would be nice. |Your choice would then become an access-list denying telnet to appropriate |router interfaces. You can also apply access lists to the vty ports to limit |who can telnet in. nope, can't delete the vty lines either. acl's for all interfaces is way to complex. telnet is not an option. if you can stop the telnet daemon on a unix box you should be able to do it on a cisco device, if it support another form of transport. owell -- jacques FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3319t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disable telnet port [7:3237]
The port is still listening and will reply with something like Password required but none set. If I don't want telnet (or whatever service), I'd add it to my ACL incoming filters. access-list 101 deny tcp any host 1.1.1.1 eq telnet access-list 101 deny tcp any host 2.2.2.2 eq telnet (1.1.1.1 2.2.2.2 should match all of the routers IPs). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... By telnet port do you mean TCP port 23. Or do you mean the VTY's themselves? If the latter, the most effective way is to require a login but set no password. Eg Line vty 0 4 Login HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Victor Chan Sent: Friday, May 04, 2001 12:41 PM To: [EMAIL PROTECTED] Subject: Disable telnet port [7:3237] How do you disable telnet port on the cisco router 2524 and 2610? FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3342t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disable telnet port [7:3237]
That's actually the best method I've seen to date, and really only requires adding two lines: access-list 1 deny any line vty 0 4 access-class 1 in Of course, if you want it to not just % Connection refused by remote host but just not respond period, you could make a route-map for all telnet traffic to the router's ips and set it to forward to Null, and then they just get nothing, period. More work than it's worth, IMHO ;-) -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Brian Dennis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you put an access-class in on the vty lines that disables everything like Chuck recommended no one will be able to telnet in. Also a port scan will not show anything on port 23. So telnet would appear to be disabled. There just isn't a way to actually turn off the telnet process on a Cisco router. If you really want to stop the telnet process you could power off the router but this would stop all the processes 8-) Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jacques Atlas Sent: Friday, May 04, 2001 4:09 PM To: [EMAIL PROTECTED] Subject: RE: Disable telnet port [7:3237] On Fri, 4 May 2001, Chuck Larrieu wrote: |There is no option no service telnet on the IOS I have available to me. :-) that was just an example of something that would be nice. |Your choice would then become an access-list denying telnet to appropriate |router interfaces. You can also apply access lists to the vty ports to limit |who can telnet in. nope, can't delete the vty lines either. acl's for all interfaces is way to complex. telnet is not an option. if you can stop the telnet daemon on a unix box you should be able to do it on a cisco device, if it support another form of transport. owell -- jacques FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3346t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disable telnet port [7:3237]
Use ACLs to block. Not as simple as the command you're looking for. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Jacques Atlas wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... On Fri, 4 May 2001, Chuck Larrieu wrote: |By telnet port do you mean TCP port 23. Or do you mean the VTY's |themselves? | |If the latter, the most effective way is to require a login but set no |password. |Eg | |Line vty 0 4 |Login anyone know if you can _disable_ telnet to a cisco and only ssh ? something like no service telnet would be great -- jacques FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3344t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Disable telnet port [7:3237]
How do you disable telnet port on the cisco router 2524 and 2610? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3237t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
By telnet port do you mean TCP port 23. Or do you mean the VTY's themselves? If the latter, the most effective way is to require a login but set no password. Eg Line vty 0 4 Login HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Victor Chan Sent: Friday, May 04, 2001 12:41 PM To: [EMAIL PROTECTED] Subject:Disable telnet port [7:3237] How do you disable telnet port on the cisco router 2524 and 2610? FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3239t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
On Fri, 4 May 2001, Chuck Larrieu wrote: |By telnet port do you mean TCP port 23. Or do you mean the VTY's |themselves? | |If the latter, the most effective way is to require a login but set no |password. |Eg | |Line vty 0 4 |Login anyone know if you can _disable_ telnet to a cisco and only ssh ? something like no service telnet would be great -- jacques Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3247t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
There is no option no service telnet on the IOS I have available to me. Your choice would then become an access-list denying telnet to appropriate router interfaces. You can also apply access lists to the vty ports to limit who can telnet in. nope, can't delete the vty lines either. HTH Chuck -Original Message- From: Jacques Atlas [mailto:[EMAIL PROTECTED]] Sent: Friday, May 04, 2001 2:57 PM To: Chuck Larrieu Cc: [EMAIL PROTECTED] Subject:RE: Disable telnet port [7:3237] On Fri, 4 May 2001, Chuck Larrieu wrote: |By telnet port do you mean TCP port 23. Or do you mean the VTY's |themselves? | |If the latter, the most effective way is to require a login but set no |password. |Eg | |Line vty 0 4 |Login anyone know if you can _disable_ telnet to a cisco and only ssh ? something like no service telnet would be great -- jacques Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3250t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
On Fri, 4 May 2001, Chuck Larrieu wrote: |There is no option no service telnet on the IOS I have available to me. :-) that was just an example of something that would be nice. |Your choice would then become an access-list denying telnet to appropriate |router interfaces. You can also apply access lists to the vty ports to limit |who can telnet in. nope, can't delete the vty lines either. acl's for all interfaces is way to complex. telnet is not an option. if you can stop the telnet daemon on a unix box you should be able to do it on a cisco device, if it support another form of transport. owell -- jacques Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3254t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
If you put an access-class in on the vty lines that disables everything like Chuck recommended no one will be able to telnet in. Also a port scan will not show anything on port 23. So telnet would appear to be disabled. There just isn't a way to actually turn off the telnet process on a Cisco router. If you really want to stop the telnet process you could power off the router but this would stop all the processes 8-) Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jacques Atlas Sent: Friday, May 04, 2001 4:09 PM To: [EMAIL PROTECTED] Subject: RE: Disable telnet port [7:3237] On Fri, 4 May 2001, Chuck Larrieu wrote: |There is no option no service telnet on the IOS I have available to me. :-) that was just an example of something that would be nice. |Your choice would then become an access-list denying telnet to appropriate |router interfaces. You can also apply access lists to the vty ports to limit |who can telnet in. nope, can't delete the vty lines either. acl's for all interfaces is way to complex. telnet is not an option. if you can stop the telnet daemon on a unix box you should be able to do it on a cisco device, if it support another form of transport. owell -- jacques FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3256t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disable telnet port [7:3237]
How about configuring the vty's for transport input none. It doesn't disable telnet perse, but it results in the router refusing connections to it. (Out-of-band access recommended before applying; you will NOT be able to telnet/rlogin to the router after applying.) line vty 0 4 transport input none jas At 03:41 PM 5/4/01 -0400, Victor Chan wrote: How do you disable telnet port on the cisco router 2524 and 2610? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3258t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disable telnet port [7:3237]
An addendum to my message below: A port scan of the router after the vty's are configured for transport input none will show nothing on port 23 (telnet) or port 221 (rlogin). Thus telnet and rlogin would appear to be disabled. jas At 05:34 PM 5/4/01 -0700, John Starta wrote: How about configuring the vty's for transport input none. It doesn't disable telnet perse, but it results in the router refusing connections to it. (Out-of-band access recommended before applying; you will NOT be able to telnet/rlogin to the router after applying.) line vty 0 4 transport input none jas At 03:41 PM 5/4/01 -0400, Victor Chan wrote: How do you disable telnet port on the cisco router 2524 and 2610? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3260t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disable telnet port [7:3237]
config t line vty 0 4 transport input none You have successfully disabled telnet port. Jack - Original Message - From: Brian Dennis To: Sent: Friday, May 04, 2001 7:21 PM Subject: RE: Disable telnet port [7:3237] If you put an access-class in on the vty lines that disables everything like Chuck recommended no one will be able to telnet in. Also a port scan will not show anything on port 23. So telnet would appear to be disabled. There just isn't a way to actually turn off the telnet process on a Cisco router. If you really want to stop the telnet process you could power off the router but this would stop all the processes 8-) Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jacques Atlas Sent: Friday, May 04, 2001 4:09 PM To: [EMAIL PROTECTED] Subject: RE: Disable telnet port [7:3237] On Fri, 4 May 2001, Chuck Larrieu wrote: |There is no option no service telnet on the IOS I have available to me. :-) that was just an example of something that would be nice. |Your choice would then become an access-list denying telnet to appropriate |router interfaces. You can also apply access lists to the vty ports to limit |who can telnet in. nope, can't delete the vty lines either. acl's for all interfaces is way to complex. telnet is not an option. if you can stop the telnet daemon on a unix box you should be able to do it on a cisco device, if it support another form of transport. owell -- jacques FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3266t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disable telnet port [7:3237]
If you have the right version of IOS, you can transport input ssh and to answer Chuck's questions, there is a way to disable telnet and everything else, transport input none - Original Message - From: Jacques Atlas To: Sent: Friday, May 04, 2001 3:12 PM Subject: RE: Disable telnet port [7:3237] On Fri, 4 May 2001, Chuck Larrieu wrote: |By telnet port do you mean TCP port 23. Or do you mean the VTY's |themselves? | |If the latter, the most effective way is to require a login but set no |password. |Eg | |Line vty 0 4 |Login anyone know if you can _disable_ telnet to a cisco and only ssh ? something like no service telnet would be great -- jacques FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3273t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
John, He was asking to disable the telnet process. This just disables port 23 for the vty lines like an access-class does. There is not way to disable the process itself. Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of john mcguinn Sent: Friday, May 04, 2001 7:22 PM To: [EMAIL PROTECTED] Subject: Re: Disable telnet port [7:3237] config t line vty 0 4 transport input none You have successfully disabled telnet port. Jack - Original Message - From: Brian Dennis To: Sent: Friday, May 04, 2001 7:21 PM Subject: RE: Disable telnet port [7:3237] If you put an access-class in on the vty lines that disables everything like Chuck recommended no one will be able to telnet in. Also a port scan will not show anything on port 23. So telnet would appear to be disabled. There just isn't a way to actually turn off the telnet process on a Cisco router. If you really want to stop the telnet process you could power off the router but this would stop all the processes 8-) Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jacques Atlas Sent: Friday, May 04, 2001 4:09 PM To: [EMAIL PROTECTED] Subject: RE: Disable telnet port [7:3237] On Fri, 4 May 2001, Chuck Larrieu wrote: |There is no option no service telnet on the IOS I have available to me. :-) that was just an example of something that would be nice. |Your choice would then become an access-list denying telnet to appropriate |router interfaces. You can also apply access lists to the vty ports to limit |who can telnet in. nope, can't delete the vty lines either. acl's for all interfaces is way to complex. telnet is not an option. if you can stop the telnet daemon on a unix box you should be able to do it on a cisco device, if it support another form of transport. owell -- jacques FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3281t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]