Skip to content
Related Articles

Related Articles

How to Disable Telnet on Cisco Switches and Routers?

View Discussion
Improve Article
Save Article
Like Article
  • Last Updated : 23 Feb, 2022

A computer network is a group of devices connected to each other using a transmission method such as cables etc. These devices can be computers, printers, scanners, fax machines, etc. The purpose of having a computer network is to send and receive data. stored on other devices over the network. These devices are called nodes.

Telnet is a network protocol used to access almost a computer and provide two channels, a text-based communication channel between two devices. Telnet is a type of client-server protocol that can be used to open a command line on a remote computer, usually a server. Telnet uses Transmission Control Protocol / Internet (TCP / IP) to create remote times. On the web, Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP) simply enable users to request certain files on remote computers, while, through Telnet, users can log in as normal users with the right applications and data on that computer.

 Switches and Routers:

Routers are used to create and maintain LANs as well as the management data entering and leaving the respective network. Also, the Routers operate on the Network layer of the OSI Model. A switch connects various devices on a single network and operates in the Data Link Layer of the OSI Model.

To Know more about Switches vs Routers, read the Difference between Router and Switch article.

How do you turn off Telnet?

Disabling Telnet and using SSH on a communication device is an ongoing step in increasing security across the network. Encrypted communication is needed these days, something that many experts have not paid much attention to in the last few years. There are several ways to manage a Cisco device. Here are the most popular:

  • Direct Console Access: Uses a special serial cable to connect directly to the console port and access the Command Line Interface (CLI) on the device.
  • Telnet Access: Device remote control from the network. Provides guaranteed Command Line access to the device but not all encrypted connections.
  • SSH Access: Remote device management builds networks (such as Telnet) but all traffic is encrypted with the SSH protocol.

There are other management methods (depending on the device) such as HTTPS web access, application management, etc, but the above three are the most common options.

Let’s see first how we can disable Telnet on a Cisco IOS device that integrates Routers and Switches. Each Telnet access to the device (the same applies to SSH again) using a single VTY line (Visual Airport lines). We need to keep in mind that older IOS versions (before 12.2) have 5 VTY lines (numbers from 0 to 4), while newer IOS versions (after 12.2) have VTY lines – 16 (numbers from 0 to 15). Therefore, to disable Telnet you need to perform the action below all VTY lines. The configuration below will lead to a connection to change/route with only the correct console.

CiscoDevice(config)# line vty 0 15   
<= Command to Configure all of 16 VTY lines 
CiscoDevice(config-line)# transport input none  
<= Command to disable Telnet and others   

Telnet  – Controlled Access:

Another way to control Telnet access to routers and switches is to use the Access Control List (ACL) on VTY lines and only allow specific administrator IPs to connect. This way you do not completely shut down Telnet but control access to administrative channels.

CiscoDevice(config)# enable secret strongenablepass 
<– Used to configure enabled password CiscoDevice(config)
# access-list 10 permit 192.168.1.0 0.0.0.255 
<– Used to create ACL CiscoDevice(config)
# line vty 0 15 CiscoDevice(config-line)
# access-class 10 in 
<– Used to Allow subnet above only to access t
he device via Telnet CiscoDevice(config-line)
# password strongtelnetpass 
<– Used to configure password CiscoDevice(config-line)
# login <– Login using password   

Enablement of SSH:

By enabling SSH and configuring the transport protocol on the VTY lines of the device, Telnet will be automatically disabled.

CiscoDevice(config)
# enable secret strongenablepass CiscoDevice(config)
# username admin password adminpass CiscoDevice(config)
# hostname Newme Newme(config)
# ip domain-name mycompany.com 
<– used for configuring hostname and domain
name are necessary for creating SSH keys Newme(config)
# ip ssh version 2 Newme(config)
# crypto key generate rsa modulus 4096 Newme(config)
# ip ssh time-out 100 Newme(config)
# ip ssh authentication-retries 4 Newme(config)
# line vty 0 15 Newme(config-line)# transport input ssh 
<– performs the required operation Newme(config-line)# login local   
My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!