Cisco IOS: Disable Telnet access… or enable SSH

Telnet access is enabled by default on some IOS releases. See this article for why this is bad.

If you don’t need Telnet access, you should disable it. The commands are as follows:

  1. line vty 0 4
  2. transport input none

If you do need remote terminal access, you should switch Telnet to SSH where possible. Be sure to set a secure password.

  1. ip domain-name your.domain.com
  2. crypto key generate rsa
  3. username yourusername secret supersecretpassword
  4. line vty 0 4
  5. transport input ssh
  6. login local

The crypto key generate rsa command will ask you “How many bits in the modulus”. It is recommended to use at least 2048.

Configuring Cisco IOS switches for Cisco VOIP phones

Some Cisco switches, such as our Catalyst 3560 series, have Smartports which can be configured via the switch’s web interface to have roles. These roles provide the ports with typical settings for network security and QOS. If your switch doesn’t have Smartports these are Cisco’s recommended settings for each switch interface which is supporting a Cisco VOIP phone. It is taken in the content of interface fa0/1

  1. interface FastEthernet0/1
  2. switchport access vlan 14
  3. switchport mode access
  4. switchport voice vlan 5
  5. switchport port-security maximum 2
  6. switchport port-security
  7. switchport port-security aging time 2
  8. switchport port-security violation restrict
  9. switchport port-security aging type inactivity
  10. macro description cisco-phone
  11. auto qos voip cisco-phone
  12. spanning-tree portfast
  13. spanning-tree bpduguard enable

 

You’ll need to change the access VLAN ID and voice VLAN ID to relate to your own PCs VLAN and voice VLAN.