From: Rodrigo Paes (rpaes@pobox.com)
Date: Tue Nov 07 2006 - 01:34:29 ART
On Mon, 6 Nov 2006 20:05:42 -0800
"Kal Han" <calikali2006@gmail.com> wrote:
> I dont know how to do this.
> You can disable VTY telnet access by using "transport input ssh"
> You can use the rotary 3 so that the telnets are accepted on 3003 also.
> But I dont know if you can disable all vty lines for telnet and
> still be able to telnet on 3003. I am not sure if its possible.
>
> and if you DONT disable telnet input by using
> transport input telnet
>
> you can telnet to the box on standard 23 port and also on 3003.
> Both are accessible for me.
>
Could be this ...
!
!
class-map match-any KILL_TELNET
match protocol telnet
!
!
policy-map POLICY_IN
class KILL_TELNET
drop
!
!
interface Tunnel1245
service-policy input POLICY_IN
!
!
line vty 0 4
rotary 3
!
!
Rack1R2#
Rack1R2#telnet 100.4.4.4
Trying 100.4.4.4 ...
% Connection timed out; remote host not responding
Rack1R2#telnet 100.4.4.4 3003
Trying 100.4.4.4, 3003 ... Open
User Access Verification
Password:
Rack1R4>
But it seems like a _huge_ overkill to me :\ ... I'm guessing there might be some other simpler way
[]s
rodrigo
-- ========================================= \ .-. +++ Rodrigo Paes +++ \ / /v\ CCIE #14054 (R&S and SP) / \ // \\ LPIC2 #19753 \ / /( )\ Linux User #324449 / \ ^^-^^ \ / jabber: panfleto@jabber.org / \ gtalk : rodp43s@gmail.com \ ==========================================
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART