How to block telnet??

[dblaine]

Hai gurus,
How to block the telnet to the router for the external world and allow to only my network.

Any tutorials available on router configuration and its implmentaions

please do suggest
thanks in advance,
dblaine.

 

[routerman]

You can apply an ACL to the vty ports:

access-list 150 permit 10.1.1.0 0.0.0.255 any eq telnet

line vty 0 4
access-class 150 in


This will permit only telnet connections from the 10.1.1.0 subnet. I had problems using the actual router address in the destination field in the access list, so used the any keyword.

Another useful command to apply to the vty ports, transport input telnet, this limits what protocols can be used.

 

[SF18C]

Turning off telnet and going secure shell (SSH) is an option I use.

http://www.cisco.com/en/US/products...figuration_guide_chapter09186a00800ca7d5.html

SF18C
CCNP, MCSE, A+, N+ & HPCC

"Tis better to die on your feet than live on your knees!"

 

[tbilan]

Actually on the:
access-list 150 permit 10.1.1.0 0.0.0.255 any eq telnet

you'd only need:
access-list 150 permit 10.1.1.0 0.0.0.255 any


Tom Bilan
TJBA, Inc.
CCNP, CCDP, MCSE & CNE

 

[Ciscon]

Yeah but that will open up snmp, http, finger and other unwanted services too. Just keyword the telnet.

 

[tbilan]

If it's applied under line vty 0 4 it applies to telnet. If you want to block those other services then apply the access list under the ethernet and WAN ports.


Tom Bilan
TJBA, Inc.
CCNP, CCDP, MCSE & CNE