Cannot Telnet to 2950 switch

Unanswered Question
Aug 17th, 2007

Hello all,

I have a 2950 that I cannot telnet into from one specific subnet. I can ping and tracert to that switch from this subnet. I can telnet/ping/tracert from any other PC on the same subnet as the 2950. There is a firewall between the two subnets, but all IP traffic is being allowed to cross. There are other 2900 switches on that subnet, that are daisy chained to the 2950 and I have no problem telnetting into them. In the past I have been able to telnet into that 2950, I have also been able to use Cisco Network Assistant and Ciscoworks to communicate with that 2950 - but now these cannot talk to it either.

Any help/suggestions would be appreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
MUHAMMAD SHAHEEN Fri, 08/17/2007 - 08:01


As you have explained, the Firewall rule is protecting the telnet access to that switch. You need to check with Firewall administrators to allow telnet traffic for 2950 Switch's IP address from that specific IP subnet.



cgfarley671 Fri, 08/17/2007 - 08:11


It's not a firewall issue. I have checked with the firewall admins and they can see no logging of my attempts to telnet. Also quite sure its not a firewall problem since I can connect to other switches in the chain (x.x.32.123, x.x.32.124, etc.)


Pavel Bykov Fri, 08/17/2007 - 08:02

Do you have default gateway set on your 2950?

Use this command on your 2950:

"ip default-gateway x.x.x.x" where x.x.x.x is the address of a VLAN router (probably same default gateway as PCs on the subnet use)

I assume you have IP address on correct VLAN and that subnet mask is correct.

Hope this helps.

Please rate all helpful posts.

cgfarley671 Fri, 08/17/2007 - 08:08

Yes, the gateway and mask are set correctly. We are only using VLAN1 (due to limitations on the older 2900's IOS versions), so not a VLAN issue.

MUHAMMAD SHAHEEN Fri, 08/17/2007 - 08:44


I think you have explained it quite clearly, that you can ping to and traceroute to that 2950 from your subnet but cannot telnet. This make it clear that you have IP connectivity and the issue you have is Layer4 and above. You may have an access list or other restrictions between (that specific IP subnet <--> that specific 2950)as this IP subnet is able to telnet to other Cisco switches on the same subnet as 2950 switch. Or you may have an access list on that 2950 to not allow telnet from that IP subnet.

Check the FireWall running on your PC as well !




This Discussion