telnet problem

sheerazkhatri · ‎05-30-2007

Hi all,

I have an E1 link between our two sites. Its terminated on 3825 router (2MFT-E1-G.703) on one side and 2801 (2MFT-E1-g.703) on the other side. Link is working fine. I can ping the corresponding serial interfaces from my machine but cannot telnet the 2801 router!! All routes are there.... When I telnet 3825 and than telnet 2801 from there, it works!! Any workaround ???

Sheeraz

jaffer_sathik2010 · ‎05-30-2007

I think there is a access-list at the LAN interface of 3825 router blocking the port '23' for the serial ip of 2801 router.

I dont think any other reasons. If you can provie config of 3825.

--Jaffer

smothuku · ‎05-30-2007

Hi Sheeraz ,

Can you paste the config of 2801 router.

Have you configured any username on 2801 router.

check out the line vty configuration on 2801 router.

line vty 0 4

login

password XXXX.

or

username XXXX password XXXX

line vty 0 4

login local

or

you can create access-list for restricting users to telent to 2801 router.

craete standard access-list like

access-list 4 permit IP address

line vty 0 4

login

access-class 4 in.

Thanks,

Satish

sheerazkhatri · ‎05-30-2007

Please see the attached configuration files

sheeraz

sheerazkhatri · ‎05-30-2007

Hi Satish,

I made the accesslist and it shows the hits as well but do not connect!!! It still gives the same message "Connecting To 172.16.15.30...Could not open connection to the host, on port 23: Connect failed"

Sheeraz

smothuku · ‎05-30-2007

Hi ,

You are using SSH for accessing the router.

SSH is an application and protocol that provides a secure replacement to the Berkley r-tools. SSH uses standard cryptographic mechanisms in order to secure the sessions. The SSH session between two devices is encrypted and, therefore, is secure. This encryption is an advantage over a Telnet session, in which the communication happens in clear text.

You need configure the following commands on 2801 router , where as same is configured on 3845 router.

In order to enable SSH-based access on the 2801 router ,, you first must configure the 2801 as a SSH server. Follow these steps in order to configure an SSH server on the from CLI:

Configure a host name and domain name for the router.

#configure terminal

#hostname XXX

#ip domain name XXXX

Generate a Rivest, Shamir, and Adelman (RSA) key for your 2801 router

Generation of an RSA key enables SSH on the 2801 router. Issue this command in global configuration mode:

#crypto key generate rsa rsa_key_size

!--- This generates an RSA key and enables the SSH server.

Note: The recommended minimum RSA key size is 1024.

1. Configure user authentication on the 2801 router.

On the 2801 router, you can configure user authentication to use either the local list or an external authentication, authorization, and accounting (AAA) server. This example uses a locally generated list in order to authenticate the users:

#aaa new-model

#aaa authentication login default local none

#username Test password Test123

#username ABC password xyz123

This configuration configures the 2801 router to perform user-based authentication with the use of a local database that is configured on the router. The example configures two users in the local database, "Test" and "ABC".

Configure the SSH parameters.

#ip ssh {[timeout seconds] | [authentication-retries integer]}

Thanks,

Satish

smothuku · ‎05-30-2007

Just try out below option once...

If you are able to ping to fast ethernet of 2801 router from your pc...made the following changes and check the issue....

Note: It is for testing purpose only...

Username XXXX password XXXX

line vty 0 4

login local.

where is your pc is connected means to which router ?

Thanks,

Satish

jpl861 · ‎05-30-2007

Have you tried to ping your workstation from the 2801 router? Use all possible interfaces as the source to see if there are any routing problem. Are you sure you are using no ip classless?