07-30-2007 05:15 AM - edited 03-03-2019 06:05 PM
i'm facing a telnet issue. I have a cisco 3560 switch and a voip gateway vg224 connected to port 6 on vlan 3 (10.1.30.1) of the switch. i'm able to ping the gateway from my laptop that is connected to port 24 on vlan 1 (10.1.110.1), but when i try to telnet the gateway i get the following message after i type the first character of the password:
CSC#telnet 10.1.30.20
Trying 10.1.30.20 ... Open
User Access Verification
Password:
[Connection to 10.1.30.20 closed by foreign host]
CSC#
any ideas?
07-30-2007 05:18 AM
I don't think the problem is with the 3560 switch as the connection is made. It seems the VoIP gateway has a security feature that disconnect foreign host for some unknown reason.
What happens if you try to connect via telnet to this gateway while the PC is on the same Vlan ?
07-30-2007 05:42 AM
i put the pc on the same Vlan and it works out.
I set the vlan 3 ip address as a default-gateway on the gateway itself, but it's still not working when i try to telnet it from vlan 1.
07-30-2007 06:05 AM
I'm assuming the output you posted in the first query was taken from the switch, correct ?
Can we see the switch config ?
If you run a continuous ping from the laptop to the VoIP gateway, do you get any dropouts ?
07-30-2007 06:17 AM
here is the switch config:
Building configuration...
Current configuration : 3297 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CSC
!
enable secret 5 $1$r0ST$buYncK5E91l5ffb602iKl0
!
no aaa new-model
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
switchport access vlan 2
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/2
switchport access vlan 2
!
interface GigabitEthernet0/3
switchport access vlan 2
!
interface GigabitEthernet0/4
switchport access vlan 2
!
interface GigabitEthernet0/5
switchport access vlan 3
!
interface GigabitEthernet0/6
switchport access vlan 3
speed 100
!
interface GigabitEthernet0/7
switchport access vlan 3
!
interface GigabitEthernet0/8
switchport access vlan 3
!
interface GigabitEthernet0/9
switchport access vlan 5
speed 1000
!
interface GigabitEthernet0/10
switchport access vlan 5
speed 1000
!
interface GigabitEthernet0/11
switchport access vlan 6
!
interface GigabitEthernet0/12
switchport access vlan 6
!
interface GigabitEthernet0/13
switchport access vlan 7
!
interface GigabitEthernet0/14
switchport access vlan 7
!
interface GigabitEthernet0/15
switchport access vlan 7
!
interface GigabitEthernet0/16
switchport access vlan 7
!
interface GigabitEthernet0/17
switchport access vlan 8
!
interface GigabitEthernet0/18
switchport access vlan 8
!
interface GigabitEthernet0/19
switchport access vlan 8
!
interface GigabitEthernet0/20
switchport access vlan 8
!
interface GigabitEthernet0/21
switchport access vlan 9
!
interface GigabitEthernet0/22
switchport access vlan 9
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
switchport trunk native vlan 10
!
interface GigabitEthernet0/25
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-9
switchport mode trunk
!
interface GigabitEthernet0/26
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-9
switchport mode trunk
!
interface GigabitEthernet0/27
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-9
switchport mode trunk
!
interface GigabitEthernet0/28
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-9
switchport mode trunk
!
interface Vlan1
ip address 10.1.110.3 255.255.255.0
!
interface Vlan2
no ip address
!
interface Vlan3
ip address 10.1.30.1 255.255.255.0
!
interface Vlan4
ip address 10.1.40.1 255.255.255.0
ip helper-address 10.1.40.100
!
interface Vlan5
ip address 10.1.50.1 255.255.255.0
ip helper-address 10.1.40.100
!
interface Vlan6
ip address 10.1.60.1 255.255.255.0
ip helper-address 10.1.40.100
!
interface Vlan7
no ip address
!
interface Vlan8
no ip address
!
interface Vlan9
no ip address
!
interface Vlan10
no ip address
!
router rip
network 10.0.0.0
!
ip default-gateway 10.1.60.1
ip classless
ip http server
!
!
control-plane
!
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
07-30-2007 06:33 AM
You mentioned the laptop is connected in port G0/24 (Vlan1).
interface GigabitEthernet0/24
switchport trunk native vlan 10
Can you change the port to Vlan1 ?
You also mentioned the VoIP gateway is connected on port 6.
interface GigabitEthernet0/6
switchport access vlan 3
speed 100
Can you change the speed to auto and do the same in the VoIP gateway device ?
If you try to connect to the VoIP gateway from another Vlan, let's say Vlan 4, 5 or 6, do you also have a problem ?
07-30-2007 08:55 AM
i did the changes you requested, it still doesn't work though. I tried to telnet it from Vlan 4, 5, 6 and i'm facing the same issue. It seems that the only way to telnet this device is by setting my laptop on the same vlan. Again i'm able to ping it from different vlans but telnet it.
07-30-2007 10:19 AM
There is nothing in the switch that is preventing this type of connection. I wonder if the VoIP gateway has some kind of ACL for telnet connections that allows devices only from the same subnet.
What happens if you try to telnet to the VoIP gateway from the 3560 switch ?
07-30-2007 12:26 PM
I tried everything. The only way to telnet it is from the same Vlan. I have the same issue with the IP PBX (2821) that is on vlan 3 too.
It's so weird because everytime i telnet the device it seems working until i try to put the password.
07-30-2007 12:31 PM
If you telnet from the 3560 switch, it should work since the switch will source its connection from the SVI, so to the VoIP Gateway is looks like it's coming from a device within the same Vlan.
Are you saying it doesn't work when you telnet from the switch ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide