02-26-2008 10:16 PM - edited 03-03-2019 08:53 PM
Dear All
We are not able to telnet our core router.We are logging from the console , no cpu process no traffic is there all vty sessions are cleared but not able to telnet.
regards
:S
02-26-2008 10:29 PM
Are you able tp ping the core router? Are there any ACLs which could be blocking telnet? What IOS and platform do you have?
Please post the line vty config.
~Vaibhav
02-26-2008 10:46 PM
ping is there , clients are working but only problem with the telnet
regards
:S
02-27-2008 04:50 AM
S
I can not tell from your description whether telnet was working and now is not (something changed) or whether telnet has never worked. Perhaps you can clarify since understanding this would influence how we would troubleshoot.
It would also be helpful if you would post the configuration of the vty lines on the router where you can not telnet.
HTH
Rick
02-27-2008 07:46 AM
Hi,
As a rule of thumb, if ping to the box works and if routing is uninterrupted and only telnet is blocked, its an access-list.
If you try to connect and the message says ( telnet connection refused) then its probably
an access-list. Please see the follwoing e.g:
line vty 0 4
access-class 1 in
access-list 1 permit xxx.yyy.0.0 0.0.255.255
In the above e.g., access-class "1" clarifies access-list 1. Please chekc if such an access-list exists on the box referring to the line vty. If so, check the ip address range permitted there and the ip address you are trying to telnet from.
But, if you can actually connect and the box does not accept your username and password then its a problem with authentication username/password combination on the line vty.
Best
santanu
02-27-2008 12:30 PM
Hi S,
As a first simple approach, specify a password for telnet access like this:
line vty 0 4
password xxxxxxxxxxx
login
It is a requirement for telnet access to specify a password.
Cheers:
Istvan
02-27-2008 01:54 PM
I offer one clarification to the post by Istvan. He is correct if the router is configured with no aaa new-model. However if the router is configured with aaa new-model then the password on the vty is an option but not a requirement.
And if the router has no aaa new-model and the vty is configured with no login, then the vty password is not required.
Istvan's suggestion represents the best practice for a router which has no aaa new-model.
HTH
Rick
02-28-2008 04:20 AM
Its working now after reboot.
regards
shivlu
02-28-2008 04:54 AM
shivlu
I am glad that you got it working now. Based on the symptom (could not telnet and after reboot can telnet) I would guess that the problem was that all vty lines were busy. This happens sometimes especially when the vty lines are configured with exec-timeout 0 (or with no exec-timeout). Can you confirm whether this is the case or not?
In my experience it is not good to have exec-timeout 0 on vty lines. You can have a relatively long timeout if you do not want to be logged out after the default of 10 minutes of inactivity. But exec-timeout of 0 invites this problem of vty lines not clearing when a telnet session got terminated but not by logout.
HTH
Rick
02-28-2008 05:34 AM
We've run into this problem on 7600 series routers running 12.2(33)SRA5 and SRA6 where it just locks up the VTY completely until you reboot. This is with VTY's that have worked in the past. If you "busy out" the VTY(s) that are locked by telneting into them and letting that session hang, you can open another session and get into another VTY though.
We opened up a TAC case quite awhile ago with no resolution beyond rebooting, but now we have it happening on two routers at once on two different IOS's.. Only 7600 routers though w/ Sup720's, no other routers.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: