cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4355
Views
0
Helpful
4
Replies

Can ping the switch but not telnet to it.

whiteford
Level 1
Level 1

Hi,

I have a ASA firewall and trunked off the firewall I have a 3750 which I can ping, telnet and SSH to. From the 3750 I have another trunk into a 3560 which I can also ping to but not SSH or telnet to.

I have opened the firewall from my PC to the 3560 so nothing is blocking it (I hope) as the packet tracer on the ASA confirms this. I know telnet works because I can telnet to the switch from the vlan that the switches IP is in.

So I can ping it so I guess it is not a routing issue, how can I tell my telnet request is even getting to the switch, can the switch display attempts?

Just can't work out what it is.

4 Replies 4

Hi,

A brief diagram can be better than many words as i didnt get you :)

Create an acl like this:

ip access-list ext TELNET

permit tcp any any eq 23 log

permit ip any any

apply it to the interface that you're telnetting into.

If it's a vlan SVI:

int vlan

ip access-group TELNET in

If it's a routed port:

int G0/1:

ip access-group TELNET in

Then try to telnet to see if you are getting hits. If you are telnetted into the switch from a box that can get to it, you can do:

Switch# term mon

and it should show you hits on the acl as they happen. You can then go to the system that can't telnet and try while your other system is up and watch as it happens.

--John

HTH, John *** Please rate all useful posts ***

glen.grant
VIP Alumni
VIP Alumni

Sounds like the 3560 is missing the default gateway or default static route if routing is still turned on .

wilson_1234_2
Level 3
Level 3

You could use the ASA ASDM gui to monitor the traffic and filter to the switch IP Address.

Set the filter to "informational" and try to telnet from your workstation to the switch.

If the firewall is blocking the traffic, it will show up in the monitor session (it will also show up if it is not).

You could also do this with a packet capture on the ASA, but the gui is quicker and easier.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: