From: dszarmach (dszarmach@comhs.org)
Date: Tue Nov 07 2006 - 00:44:43 ART
How about NAT 23 off to an IP that is static routed to null0...or
perhaps some port that is not in use (if static routing is not allowed).
-
Doug
-----Original Message-----
From: secondie [mailto:secondie@gmail.com]
Sent: Monday, November 06, 2006 9:28 PM
To: dszarmach
Cc: security@groupstudy.com; ccielab@groupstudy.com
Subject: Re: Denying telnet to port 23 on VTY
transport input ssh ... will also kill telnet via 3003 :-(
dszarmach wrote:
> Try the 'transport' command under the line....'transport input ssh'
will
> allow encrypted mgmt via ssh and kill telnet, without ACL
>
> -
> Doug
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> secondie
> Sent: Monday, November 06, 2006 8:05 PM
> To: security@groupstudy.com; ccielab@groupstudy.com
> Subject: Denying telnet to port 23 on VTY
>
> Question asks for: Enable VTY to accept telnet on port 3003 and deny
> all telnet access to VTY. ACL not allowed.
>
> 3003 part is easy, use rotary but can port 23 be disabled on VTY line
so
>
> that telnet is not accepted on the VTY line?
>
> For those that have trinet security lab workbook, (Trinet superlab-1,
> section 8.5, task#1)
>
>
> -secondie
>
>
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART