>>On my cisco 3600 router. How can I disable telnet into >>serial 0/0.
>(config)# access-list 101 deny tcp any any eq 23 >(config)# access-list 101 permit ip any any >(config-if)# access-class 101 in I believe this does more than desired - it blocks all telnet traffic to any internal (if s0/0 is external interface) telnet server (of course, including router itself) - maybe this is desired behaviour, maybe not. There was another suggestion by Eric: >Use an access list on the serial interface denying telnet to the s0/0 >interfaces ip address. One can try to telnet to internal ip address (again assuming s0/0 is external interface), so this obviously is not enough. You can try to block (using incoming access-list on s0/0) telnet traffic to all IP addresses router has. Another suggestion would be to use some sort of ingress filtering on s0/0 (denying spoofed source IP addresses from internal networks) and then using standard access-list in combination with access-class command on line vty, allowing only specific internal hosts (or even networks, if that is OK). ROK
