From: Kal Han (calikali2006@gmail.com)
Date: Tue Nov 07 2006 - 01:05:42 ART
I dont know how to do this.
You can disable VTY telnet access by using "transport input ssh"
You can use the rotary 3 so that the telnets are accepted on 3003 also.
But I dont know if you can disable all vty lines for telnet and
still be able to telnet on 3003. I am not sure if its possible.
and if you DONT disable telnet input by using
transport input telnet
you can telnet to the box on standard 23 port and also on 3003.
Both are accessible for me.
With the following config
line vty 0
password cisco
login
rotary 3
transport input telnet
line vty 1 4
login
transport input none
transport output none
I can telnet on port 23 and also on 3003
R5#telnet 195.1.135.3
Trying 195.1.135.3 ... Open
User Access Verification
Password:
[Connection to 195.1.135.3 closed by foreign host]
R5#telnet 195.1.135.3 3003
Trying 195.1.135.3, 3003 ... Open
User Access Verification
Password:
So I dont know the solution.
Thanks
Kal
On 11/6/06, Rodrigo Paes <rpaes@pobox.com> wrote:
>
> On Mon, 06 Nov 2006 21:04:32 -0500
> secondie <secondie@gmail.com> wrote:
>
> > Question asks for: Enable VTY to accept telnet on port 3003 and deny
> > all telnet access to VTY. ACL not allowed.
> >
> > 3003 part is easy, use rotary but can port 23 be disabled on VTY line so
> > that telnet is not accepted on the VTY line?
> >
> > For those that have trinet security lab workbook, (Trinet superlab-1,
> > section 8.5, task#1)
> >
>
> how about disabling the other VTY ? "transport input none"
>
>
> []s
> rodrigo
>
> --
> =========================================
> \ .-. +++ Rodrigo Paes +++ \
> / /v\ CCIE #14054 (R&S and SP) /
> \ // \\ LPIC2 #19753 \
> / /( )\ Linux User #324449 /
> \ ^^-^^ \
> / jabber: panfleto@jabber.org /
> \ gtalk : rodp43s@gmail.com \
> ==========================================
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART