RE: how to disable telnet client

From: Arif Rahman (arahman@cisco.com)
Date: Fri Feb 18 2005 - 21:11:07 GMT-3

Folks
thx lot. Now it is clear.

My 2nd question was on http, which line router use for web browser. I heard
it is vty but it seems console. Is there any trick here that i am missing

Image: c3640-jk8o3s-mz.122-15.T9
browser: IE with windows XP

r1#sh run | inc aaa|authen|authori|line con|http
username r1-http privilege 15 password 0 cisco
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login noauthen none
aaa authorization exec default group tacacs+
aaa authorization exec noexec none
aaa session-id common
ip http server
ip http authentication aaa
no ip http secure-server
radius-server authorization permit missing Service-Type
line con 0
   authorization exec noexec
   login authentication noauthen
r1#sd
General OS:
    TACACS+ authentication debugging is on
    TACACS+ authorization debugging is on
    AAA Authentication debugging is on
    AAA Authorization debugging is on

r1#
*Mar 4 23:38:08.656: AAA/AUTHEN/LOGIN (00000000): Pick method list 'noauthen'
*Mar 4 23:38:08.656: AAA/AUTHOR (00000000): Method=None for method list
id=84000007. Skip author
r1#ct
Enter configuration commands, one per line. End with CNTL/Z.
r1(config)#line con 0
r1(config-line)#no authorization exec noexec
r1(config-line)#no login authentication noauthen
r1(config-line)#^Z
r1#
*Mar 4 23:38:38.132: AAA/AUTHEN/LOGIN (00000000): Pick method list 'default'
*Mar 4 23:38:38.132: TPLUS: Queuing AAA Authentication request 0 for
processing

thank you - Arif

At 11:03 PM 2/18/2005 +0000, Richard Dumoulin wrote:
>Yes, I never realized that myself too. The key is the standpoint. When you
>telnet onto R2 you arrive at the router through a vty where the transport
>command is applied to.
>When you are logged through the console, it is the command configured on
>line con 0 that matters,
>
>-- Richard
>
>-----Original Message-----
>From: ccie2be [mailto:ccie2be@nyc.rr.com]
>Sent: Friday, February 18, 2005 11:17 PM
>To: Richard Dumoulin; Arif Rahman; ccielab@groupstudy.com
>Subject: Re: how to disable telnet client
>
>Richard,
>
>I'm trying to understand your explanation. Please let me know if I've got
>it.
>
>Let's say this is the setup:
>
>R1 ------- R2 ------- R3
> |
> con 0
>
>And, this is R2's config:
>
>line vty 0 4
> transport output none
>
>If I'm consoled into R2 and then I telnet to R3, the telnet will work.
>
>However, if I telnet to R2 from R1 and then from R2 try to telnet to R3, it
>won't work.
>
>Do I understand you correctly?
>
>If so, why is that?
>
>Thanks, Tim
>
>
>
>----- Original Message -----
>From: "Richard Dumoulin" <Richard.Dumoulin@vanco.fr>
>To: "Arif Rahman" <arahman@cisco.com>; <ccielab@groupstudy.com>
>Sent: Friday, February 18, 2005 5:00 PM
>Subject: RE: how to disable telnet client
>
>
> > It is "transport output none" but not from the console! Try and telnet to
>r1
> > and then issue telnet 120.5.72.130, you'll see it works,
> >
> > -- Richard
> >
> > -----Original Message-----
> > From: Arif Rahman [mailto:arahman@cisco.com]
> > Sent: Friday, February 18, 2005 8:47 PM
> > To: ccielab@groupstudy.com
> > Subject: how to disable telnet client
> >
> > Hi Group
> > I am trying to disable telnet client on router, ie nobody should be able
>to
> > telnet other device from router. Use of ACL is not allowed. I tried with
> > "transport output" command but no luck.
> >
> > Also another question which line router use for telnet to other device.
>And
> > which line is used for http connection to router, I mean if I use web
> > browser to access router then router uses vty, aux, console or something
> > else?
> >
> > r1#srb vty
> > line vty 0 4
> > transport output none
> > end
> > r1#120.5.72.130
> > Trying 120.5.72.130 ... Open
> > User Access Verification
> > Username: cisco
> > Password:
> > r2#exit
> > [Connection to 120.5.72.130 closed by foreign host]
> > r1#
> >
> >
> > thank you
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > **********************************************************************
> > Any opinions expressed in the email are those of the individual and not
>necessarily the company. This email and any files transmitted with it are
>confidential and solely for the use of the intended recipient. If you are
>not the intended recipient or the person responsible for delivering it to
>the intended recipient, be advised that you have received this email in
>error and that any dissemination, distribution, copying or use is strictly
>prohibited.
> >
> > If you have received this email in error, or if you are concerned with the
>content of this email please e-mail to: e-security.support@vanco.info
> >
> > The contents of an attachment to this e-mail may contain software viruses
>which could damage your own computer system. While the sender has taken
>every reasonable precaution to minimise this risk, we cannot accept
>liability for any damage which you sustain as a result of software viruses.
>You should carry out your own virus checks before opening any attachments to
>this e-mail.
> > **********************************************************************
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:23 GMT-3