I was going to suggest the use of an access class <similar to access
lists>... applied to the vty lines ... but thanks for the transport input
line!
<<also - file under "related info" - it is my understanding that if we did
make a simple ACL applied to all incoming traffic blocking telnet on S0/0
<for example> that outbound telnet from all boxes on the LAN would be
blocked as well; as there 'responses' would get dropped at the router ...
hence the use of access classes ...>>
Regarding the slow SSH ... have you run a sniffer on that segment to watch
the packets, and see if there is some disagreement between your router and
TACACS+ server ... or see if the TACACS_ server itself is causing the delay
... ?
Thanks!
TJ
-----Original Message-----
From: Sean Young [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 27, 2001 14:58
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Cisco router is running very slow when SSh is implmented
Curtis,
Thanks for the tip. However, I just figure out. The solution is:
line vty 0 4
transport input ssh
That effectively shut off telnet.
Sean
>From: Curtis Call <[EMAIL PROTECTED]>
>To: "Sean Young" <[EMAIL PROTECTED]>
>CC: [EMAIL PROTECTED]
>Subject: Re: Cisco router is running very slow when SSh is implmented
>Date: Tue, 27 Mar 2001 09:37:49 -0700
>
>Why not try to throw an access list on it that blocks the incoming telnet
>port? I submit that I haven't read the document either so that might be a
>stupid suggestion :-)
>
>
>At 09:16 AM 3/27/01, you wrote:
>>Hope I am not offending you but did you read the document before giving
>>me advice or do you just give it out of the blue? If I "no login"
>>under vty then users will NOT be able to SSH to the router period.
>>
>>Any more ideas?
>>
>>Sean
>>
>>
>> >From: "Mask Of Zorro" <[EMAIL PROTECTED]>
>> >To: [EMAIL PROTECTED], [EMAIL PROTECTED]
>> >CC: [EMAIL PROTECTED]
>> >Subject: Re: Cisco router is running very slow when SSh is implmented
>> >Date: Tue, 27 Mar 2001 11:04:33 -0500
>> >
>> >Enter a "no login" under the vty config and that will disable telnet
>> >authentication, effectively shutting off telnet...
>> >
>> >>From: "Sean Young" <[EMAIL PROTECTED]>
>> >>Reply-To: "Sean Young" <[EMAIL PROTECTED]>
>> >>To: [EMAIL PROTECTED]
>> >>CC: [EMAIL PROTECTED]
>> >>Subject: Re: Cisco router is running very slow when SSh is implmented
>> >>Date: Tue, 27 Mar 2001 10:38:38 -0500
>> >>
>> >>This is my configuration
>> >>
>> >>line con 0
>> >>logging synchronous
>> >>login authentication usetacacs
>> >>transport input lat pad v120 lapb-ta mop telnet rlogin udptn nasi ssh
>> >>line aux 0
>> >>line vty 0 4
>> >>exec-timeout 0 0
>> >>authorization commands 1 usetacacs1
>> >>login authentication usetacacs
>> >>!
>> >>
>> >>even when I set the "exec-timeout 0 0", I still can telnet to the
>> >>router which is something I would like to avoid. I only want ssh to
>> >>work. By the way, I use TACACS+ to authenticate users.
>> >>
>> >>Anymore ideas?
>> >>
>> >>Sean
>> >>
>> >>
>> >>
>> >> >From: "John Neiberger" <[EMAIL PROTECTED]>
>> >> >To: [EMAIL PROTECTED]
>> >> >CC: [EMAIL PROTECTED]
>> >> >Subject: Re: Cisco router is running very slow when SSh is implmented
>> >> >Date: Tue, 27 Mar 2001 08:20:26 -0700
>> >> >
>> >> >I don't know about the performance issue, that sounds like a
>>"feature"
>> >> >since a 3640 shouldn't have much trouble handling that.
>> >> >
>> >> >As far as disabling telnet, the only way I know of is not to set a
>>vty
>> >> >password. While not disabling the telnet server, it will prevent any
>> >> >attempts to telnet to the router.
>> >> >
>> >> >John
>> >> >
>> >> > >>> "Sean Young" <[EMAIL PROTECTED]> 3/27/01 7:58:37 AM >>>
>> >> >Hi everyone,
>> >> >
>> >> >Is it just me or anyone in the group experiencing the same thing?
>> >> >I've implemented SSH features on one of our ACCESS servers and I
>> >> >notice
>> >> >that it is very slow. The access server is a Cisco 3640 with 128MB
>> >> >RAM.
>> >> >I notice the performance is quited slow even on a Fast Ethernet LAN.
>> >> >I don't have any performance issues with Unix servers. Another
>>thing,
>> >> >now that I have SSH running on the access server, how can I turn off
>> >> >telnet completely on the router? I check Cisco website but didn't
>>see
>> >> >any solutions for it.
>> >> >
>> >> >Any ideas? Thanks.
>> >> >
>> >> >Sean
>> >> >_________________________________________________________________
>> >> >Get your FREE download of MSN Explorer at http://explorer.msn.com
>> >> >
>> >> >_________________________________
>> >> >FAQ, list archives, and subscription info:
>> >> >http://www.groupstudy.com/list/cisco.html
>> >> >Report misconduct and Nondisclosure violations to
>>[EMAIL PROTECTED]
>> >> >
>> >> >
>> >> >
>> >>
>> >>_________________________________________________________________
>> >>Get your FREE download of MSN Explorer at http://explorer.msn.com
>> >>
>> >>_________________________________
>> >>FAQ, list archives, and subscription info:
>> >>http://www.groupstudy.com/list/cisco.html
>> >>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>> >
>>
>>_________________________________________________________________
>>Get your FREE download of MSN Explorer at http://explorer.msn.com
>>
>>_________________________________
>>FAQ, list archives, and subscription info:
>>http://www.groupstudy.com/list/cisco.html
>>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
