Cisco 3560

Unanswered Question
Jul 30th, 2007

i'm facing a telnet issue. I have a cisco 3560 switch and a voip gateway vg224 connected to port 6 on vlan 3 (10.1.30.1) of the switch. i'm able to ping the gateway from my laptop that is connected to port 24 on vlan 1 (10.1.110.1), but when i try to telnet the gateway i get the following message after i type the first character of the password:

CSC#telnet 10.1.30.20

Trying 10.1.30.20 ... Open

User Access Verification

Password:

[Connection to 10.1.30.20 closed by foreign host]

CSC#

any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Mon, 07/30/2007 - 05:18

I don't think the problem is with the 3560 switch as the connection is made. It seems the VoIP gateway has a security feature that disconnect foreign host for some unknown reason.

What happens if you try to connect via telnet to this gateway while the PC is on the same Vlan ?

valides007 Mon, 07/30/2007 - 05:42

i put the pc on the same Vlan and it works out.

I set the vlan 3 ip address as a default-gateway on the gateway itself, but it's still not working when i try to telnet it from vlan 1.

Edison Ortiz Mon, 07/30/2007 - 06:05

I'm assuming the output you posted in the first query was taken from the switch, correct ?

Can we see the switch config ?

If you run a continuous ping from the laptop to the VoIP gateway, do you get any dropouts ?

valides007 Mon, 07/30/2007 - 06:17

here is the switch config:

Building configuration...

Current configuration : 3297 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname CSC

!

enable secret 5 $1$r0ST$buYncK5E91l5ffb602iKl0

!

no aaa new-model

ip subnet-zero

ip routing

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/1

switchport access vlan 2

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop

spanning-tree portfast

spanning-tree bpduguard enable

!

interface GigabitEthernet0/2

switchport access vlan 2

!

interface GigabitEthernet0/3

switchport access vlan 2

!

interface GigabitEthernet0/4

switchport access vlan 2

!

interface GigabitEthernet0/5

switchport access vlan 3

!

interface GigabitEthernet0/6

switchport access vlan 3

speed 100

!

interface GigabitEthernet0/7

switchport access vlan 3

!

interface GigabitEthernet0/8

switchport access vlan 3

!

interface GigabitEthernet0/9

switchport access vlan 5

speed 1000

!

interface GigabitEthernet0/10

switchport access vlan 5

speed 1000

!

interface GigabitEthernet0/11

switchport access vlan 6

!

interface GigabitEthernet0/12

switchport access vlan 6

!

interface GigabitEthernet0/13

switchport access vlan 7

!

interface GigabitEthernet0/14

switchport access vlan 7

!

interface GigabitEthernet0/15

switchport access vlan 7

!

interface GigabitEthernet0/16

switchport access vlan 7

!

interface GigabitEthernet0/17

switchport access vlan 8

!

interface GigabitEthernet0/18

switchport access vlan 8

!

interface GigabitEthernet0/19

switchport access vlan 8

!

interface GigabitEthernet0/20

switchport access vlan 8

!

interface GigabitEthernet0/21

switchport access vlan 9

!

interface GigabitEthernet0/22

switchport access vlan 9

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

switchport trunk native vlan 10

!

interface GigabitEthernet0/25

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-9

switchport mode trunk

!

interface GigabitEthernet0/26

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-9

switchport mode trunk

!

interface GigabitEthernet0/27

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-9

switchport mode trunk

!

interface GigabitEthernet0/28

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-9

switchport mode trunk

!

interface Vlan1

ip address 10.1.110.3 255.255.255.0

!

interface Vlan2

no ip address

!

interface Vlan3

ip address 10.1.30.1 255.255.255.0

!

interface Vlan4

ip address 10.1.40.1 255.255.255.0

ip helper-address 10.1.40.100

!

interface Vlan5

ip address 10.1.50.1 255.255.255.0

ip helper-address 10.1.40.100

!

interface Vlan6

ip address 10.1.60.1 255.255.255.0

ip helper-address 10.1.40.100

!

interface Vlan7

no ip address

!

interface Vlan8

no ip address

!

interface Vlan9

no ip address

!

interface Vlan10

no ip address

!

router rip

network 10.0.0.0

!

ip default-gateway 10.1.60.1

ip classless

ip http server

!

!

control-plane

!

!

line con 0

password cisco

login

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end

Edison Ortiz Mon, 07/30/2007 - 06:33

You mentioned the laptop is connected in port G0/24 (Vlan1).

interface GigabitEthernet0/24

switchport trunk native vlan 10

Can you change the port to Vlan1 ?

You also mentioned the VoIP gateway is connected on port 6.

interface GigabitEthernet0/6

switchport access vlan 3

speed 100

Can you change the speed to auto and do the same in the VoIP gateway device ?

If you try to connect to the VoIP gateway from another Vlan, let's say Vlan 4, 5 or 6, do you also have a problem ?

valides007 Mon, 07/30/2007 - 08:55

i did the changes you requested, it still doesn't work though. I tried to telnet it from Vlan 4, 5, 6 and i'm facing the same issue. It seems that the only way to telnet this device is by setting my laptop on the same vlan. Again i'm able to ping it from different vlans but telnet it.

Edison Ortiz Mon, 07/30/2007 - 10:19

There is nothing in the switch that is preventing this type of connection. I wonder if the VoIP gateway has some kind of ACL for telnet connections that allows devices only from the same subnet.

What happens if you try to telnet to the VoIP gateway from the 3560 switch ?

valides007 Mon, 07/30/2007 - 12:26

I tried everything. The only way to telnet it is from the same Vlan. I have the same issue with the IP PBX (2821) that is on vlan 3 too.

It's so weird because everytime i telnet the device it seems working until i try to put the password.

Edison Ortiz Mon, 07/30/2007 - 12:31

If you telnet from the 3560 switch, it should work since the switch will source its connection from the SVI, so to the VoIP Gateway is looks like it's coming from a device within the same Vlan.

Are you saying it doesn't work when you telnet from the switch ?

Actions

This Discussion