If you are really security conscious, you would disable telnet and only allow ssh (available in IOS12.1.5(X).T or higher. The command would be:
line vty 0 4 transport input ssh Also, use AAA because it is your friend >From: "Chamak" >Reply-To: "Chamak" >To: [EMAIL PROTECTED] >Subject: Re: Disable Telnet [7:23388] >Date: Fri, 19 Oct 2001 04:18:40 -0400 > >thanks !! this will be really useful. > >Mukul > > >""BM"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > You can restrict access to your router via telnet. Create an >access-list > > and permit the specific addresses you want to be able to access the >router. > > Apply it to the vty ports as an access-class in. Here's an example: > > > > access-list 1 permit 10.1.1.1 0.0.0.0 > > > > line vty 0 4 > > access-class 1 in > > > > > > This will all only 10.1.1.1 to telnet into the router. If you were to >apply > > it outbound, it would restrict outbound telnet sessions to that address > > only. So, you could only telnet to 10.1.1.1 from this router. > > > > If you want to block all access to it: > > > > line vty 0 4 > > login > > no password > > > > When someone tries to telnet in, they get 'password required, but none >set'. > > > > Hope this helps. > > > > -- > > Brian Morgan > > CCIE# 4865 > > [EMAIL PROTECTED] > > ""Chamak"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > can I diable the Telnet on my router or can I restrict IP that can >telnet > > to > > > the router ? > > > > > > > > > Mukul _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23499&t=23388 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
