cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1239
Views
0
Helpful
33
Replies

C876 Series telnet problem

aadilovic
Level 1
Level 1

Hello.

I have Cisco Router 876 Series, and have problem with telnet. i cant connect via telnet from remote office to my router. does anybody know how to solve that problem.

I have two vlan, vlan 1 is a nativ vlan and it is config for inside network, and vlan 2 for outside.

and fa0, fa1, and fa2 interface is in vlan1, while fa3 is in vlan2.

Anybody please!!!

33 Replies 33

smothuku
Level 7
Level 7

Hi ,

Can you paste the config of 876 router.

have you configured intervlan routing on 876 router.

Thanks,

Satish

ok

here is config in attach

the config is not complex, just basic things.

Hi ,

line vty 0 4

password x

login

transport input telnet ssh

!

SSH is configured on 856 router.

if you want telnet access then

line vty 0 4

password x

login

transport input all

!

OK.

I try that but with no success!

Do you have more ideas?

Satish

I do not understand how changing trasport input telnet ssh into transport input telnet is supposed to solve a problem with telnet access since telnet is specified in both commands. The original post did not ask how to remove ssh and asked how to get telnet to work.

Amar

It would help us to know more about your situation. Can you tell us more about where you are attempting telnet from, what address you are telnetting to, and what kind of response you are getting (do you get any kind of prompt? do you get a connection refused message? does it just hang and do nothing?) If we knew some of these things we might be able to give you better answers.

Since it appears that you also have SSH configured on the router it would be interesting to know if you get the same behavior if you attempt SSH as when you attempt telnet?

HTH

Rick

HTH

Rick

ok.

i trying from home to telnet on router in my office. attempting telnet to address 217.199.130.153 and response is:

telnet 217.199.130.153

Connecting To 217.199.130.153...Could not open connection to the host, on port 23: Connect failed

that is output from host, from router is:

telnet 217.199.130.153

Trying 217.199.130.153 ...

% Connection timed out; remote host not responding

ping work, and ssh dont give me any kind of prompt...

P.S. but i can telnet to router from my inside network..

Amar

I am not seeing anything in the config that you posted that would prevent telnet from working if you have IP connectivity. If you can ping to that address from home that demonstrates that you have IP connectivity.

If you have IP connectivity and one protocol works (ping) and one protocol does not work (telnet) then there must be something that is looking for protocol specific information. I do not find anything like that in the router config, so I must assume that either your router is going through some firewall which is denying telnet or that the provider to which you connect is denying telnet.

If you want to test this one thing that I would suggest is to configure a simple access list and apply it inbound on the VLAN 2 interface.

access-list 100 permit tcp any host 217.199.130.153 eq 23 log

access-list 100 permit ip any any

interface vlan2

ip access-group 100 in

This will not prevent any traffic but it will create a log message if there is an inbound telnet attempt. It would be interesting to know if the telnet attempt is getting to your router - and I am guessing that it is not.

HTH

Rick

HTH

Rick

i got this log...

*Mar 7 02:31:24.630: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 217.199.133.54

(17414) -> 217.199.130.153(23), 1 packet

Amar

Was this log the result of your attempt to telnet? is the address that you are telnetting from 217.199.133.54? And does the attempt to telnet still get the unable to connect message?

The log message is helpful. It does show that the telnet request was received. If the telnet request is received but netnet is not successful, then either there must be something on the router which we have not yet identified or something is preventing the telnet response. Answers to the questions I asked will help determine what is the next step.

[edit] I see that after starting this thread that you also started the same question in the Remote Access forum. I would suggest that you add a posting in the Remote Access forum suggesting that the discussion be consolidated in one forum or the other.

HTH

Rick

HTH

Rick

ok.

lets continue in this forum...

yes this log is result of my attempt to telnet from address 217.199.133.54, and i still get unable to connect message.

Hi,

Do you have NAT configured ?

If so you need to use an extended ACL in the NAT statement, specifying the LAN ranges to go under NAT, else you can run into the problem mentioned.

paolo

The config posted earlier in the thread does have NAT configured which uses a simple standard access list with permit any as the operative statement.

This issue is becoming quite puzzling to me. I had wondered whether it might be a NAT issue but a posting earlier in the thread says that ping from the remote address works. If it were a NAT issue would it not affect ping as well as telnet?

Amar - can you confirm that from the remote address that ping to the VLAN 2 address does work while telnet to that address does not work?

I have also wondered if there were some issue with telnet on the router that might cause this. But a posting earlier in the thread says that telnet from inside works ok. I had thought that there might be some filter (perhaps a firewall or perhaps something in the provider device) that was preventing telnet from getting through. But Amar configured an access list which shows that the telnet request does get to the router.

HTH

Rick

HTH

Rick

Hi Rick ,

if you don't mind can explain the purpose of the command "transport input telnet ssh " under line vty ...i mean we can use either telnet(port 23) or ssh (port 22) for accessing the device ...correct...

Thanks,

Satish

Amar,

I usually do a "no ip route-cache" on the interface and then do a debug ip packet xxx

with xxx specifying the traffic you want to trace.

that would really help. telnet from both inside and outside and check the differences.

Also, i would do a

"sh ip route x.x.x.x" for your source and then telnet from your router to that device .

another thing to do , is to run ethereal on your host and then telnet to the router. check all packets captured by ethereal.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: