Am 11.12.2025 um 12:32:51 Uhr schrieb Nick Hilliard: > Marco Moock via cisco-nsp wrote on 11/12/2025 11:48: > > Certain Cisco models (in my case 800 series, e.g. C886vaw, 886w > > etc.) have telnet services on port 2001,4001,6001 and 9001. > > > > What is the preferred way to disable them entirely (not firewalling > > them), but keep telnet and ssh? > > This isn't telnet-to-the-device, it's remote access to physical > ports. You can disable it easily using e.g. for serial console: > > line con 0 > transport preferred none
Thanks for the hint.
Which is the real console port here, is that con 0?
My device only has one that has the name console and AUX both on them.
cisco886va#sh line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
0 CTY - - - - 23 0 0 0/0 -
1 AUX 0/0 - - - - 23 0 0 0/0 -
* 10 VTY - - - - 23 6 0 0/0 -
* 11 VTY - - - - 23 2 0 0/0 -
12 VTY - - - - 23 0 0 0/0 -
13 VTY - - - - 23 0 0 0/0 -
14 VTY - - - - 23 0 0 0/0 -
Line(s) not in async mode -or- with no hardware support:
2-9
I want to allow local access via RS232, but disallow the "remote access
to physical ports".
I've now checked and line aux 0 is responsible for the open ports here.
transport input none disabled the remote access on port
2001,4001,6001,9001.
How does that affect the local console port for accessing the device
itself?
--
Gruß
Marco
Send unsolicited bulk mail to [email protected]
pgpR5H87JR9ru.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
