How to disable Telnet on Cisco Switches and Routers

Telnet protocol enables users to remotely connect to Cisco devices and it is enabled by default on most Cisco device. However it is not very secure to enable Telnet on your Cisco device as the login information and commands are sent in clear text and can be easily hacked. It is recommended to use SSH for remote access as this gives you secure, encrypted connection to your Cisco device.

This article demonstrates how to disable Telnet Protocol on a Cisco Router ( the same applies to all Cisco IOS devices)

To disable Telnet and enable only SSH connections:

First login to the Cisco Switch or Router and enter configuration mode

Router# config t
Router1(config)# line vty 0 4
Router1(config-line)# transport input ssh

This disables telnet and enables ssh on all the five VTYs (Virtual Terminal Lines)

On earlier platforms five simultaneous remote connections are allowed and these are vty 0 to 4. On IOS 12.2 and up 16 simultaneous connections are allowed. On these

Router1(config)# line vty 0 15
Router1(config-line)# transport input ssh

This disables telnet and enables ssh on all the 16 VTYs.

Sometimes you want to disable all forms of remote access (Telnet and SSH). For this

Router1(config)# line vty 0 4
Router1(config-line)# transport input none

Or

Router1(config)# line vty 0 15
Router1(config-line)# transport input none

After this you can only connect to your Cisco device by direct console connection.

To enable Telnet and SSH back

Router1(config)# line vty 0 4
Router1(config-line)# transport input telnet ssh

(Note: The default for this command is transport input all which allows all protocols)


Post a comment

Name

Your Comment

Email (We dont publish it)

Comments

Robert Braddock | June 22, 2016 7:47 AM |

I am trying to find out how one blocks incoming I phones from coming or being made to my home internet router or is there a way to other than changing the whole password and etc

Abdullah | October 10, 2016 5:39 PM |

what about the telnet i want open telnet in my PC the another one he can't open