cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1250
Views
15
Helpful
34
Replies

Telnet issue

John Blakley
VIP Alumni
VIP Alumni

Ok,

I posted a couple of days ago about a telnet problem that I had where I could ping the router, but couldn't telnet to it. There are NO acls involved at all.

Well today, I figured out that I can telnet to the router from another router, but not from a host behind the router. It looks like this:

Cannot telnet: host -> router -> router

Can telnet: router -> router

This doesn't make any sense to me at all. Any ideas?

--John

HTH, John *** Please rate all useful posts ***
34 Replies 34

Edison Ortiz
Hall of Fame
Hall of Fame

It seems the destination router does not have a route back to the host - Yes, I know you said ping works but it could be due to some proxy-arp feature enable on the router<->router link.

Verify routing from the router to host and vice-versa.

HTH,

__

Edison.

Ping works fine. The setup is like this:

RouterA (f0/0) 192.168.1.2 -----> 192.168.1.1 (fa0/0) Router b

Router B's last resort is 192.168.1.2 (ip route 0.0.0.0 0.0.0.0 192.168.1.2)

That's the only route that it has.

If I do a show arp | i 192.168.1.2, I show that 1.1 and 1.2 are on interface fa0/0 on RouterA. Does this mean it's doing proxy arp? I don't have it specifically disabled, and I'm not sure what ramifications it would have if I did disable it. Aside from that, why can I telnet from a router, but not from a host behind the router? No firewalls in any scenario by the way.

Thanks,

John

HTH, John *** Please rate all useful posts ***

Richard Burts
Hall of Fame
Hall of Fame

John

Can that host telnet to the first router? Is it possible that there is something on that host that interferes with telnet?

Is it possible that there is some security policy on the middle router that might intercept the telnet to the other router?

HTH

Rick

HTH

Rick

The host can telnet into the router that's local to it, but not across to the other router. The router that's local to the host can telnet to the other router. There's nothing blocking traffic, and it's really frustrating me. :-)

Thanks Rick!

--John

HTH, John *** Please rate all useful posts ***

Rick Morris
Level 6
Level 6

Can any other host get to this router?

Is there a firewall inline between these, or a proxy server?

I had an issue at a client site and it was a firewall that sit between the host and the edge router, but there was another path via another zone in the firewall that allowed a switch to telnet into the router.

There are no hosts behind this router, but all routers in the enterprise can telnet to it.

HTH, John *** Please rate all useful posts ***

Is this the only router that this particular host cannot telnet to?

Have you tried from another host?

also telnet to that specific router from another router and turn on debug

debug telnet

Make sure you term mon to show the output

This will tell you if you can even get to it.

I can telnet to any of my other routers from this host (and it's not really a host issue). I can't telnet from any location, any host, behind a router, to this router. I've created access lists that dump logs, and I don't see any of my host IPs in there, but I do see when the router gets connected.

--John

HTH, John *** Please rate all useful posts ***

Ok, I can't telnet from the "bad" router to another host. I'm sure it's a routing issue, but I can ping the host from the router, soooo my next question is:

What is so different about telnet as compared to ping in that it won't just use the default route of "ip route 0.0.0.0 0.0.0.0 192.168.1.2"?

Thanks!!

--John

HTH, John *** Please rate all useful posts ***

Are you advertising the 192.168.1.x (router-to-router) link to the rest of the network?

Can you traceroute from the host to the router and see where it dies?

You can setup an ACL with log options on the router incoming interface and see if the packet is making it there.

HTH,

__

Edison.

Packet isn't making it there, but traceroute doesn't die. It goes all the way through to the router. I admit, it's a weird problem.

I'm not advertising the public interface of that router, but I am advertising the internal subnet (10.10.10.0) to the rest of the network via bgp by redistributing my statics on the primary router that links to this router.

--John

HTH, John *** Please rate all useful posts ***

I'm not advertising the public interface of that router,

A little confused there. You mentioned 192.168.1.x/24 - you call that public interface?

You said, traceroute doesn't die - does it go into a loop ?

Is this a lab or production network?

Can you post configs, diagram and routing table?

Thanks

No loop; it finishes the trace with no problems. I've attached a quick diagram. This is a production network, and it's working fine with everything else. It's a DR site, and yes the 192.168.1.1 is the public side. This is a fiber point to point connection (ATT Opteman link).

Here's my routing table

Routing entry for 10.10.10.0/24

Known via "static", distance 1, metric 0

Redistributing via bgp 65101

Advertised by bgp 65101

Routing Descriptor Blocks:

* 192.168.1.1

Route metric is 0, traffic share count is 1

192.168.1.1 Routing table:

192.168.1.0/24 is subnetted, 1 subnets

C 192.168.1.0 is directly connected, FastEthernet0/1

10.0.0.0/24 is subnetted, 2 subnets

C 10.10.10.0 is directly connected, FastEthernet0/0

C 10.11.11.0 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 192.168.1.2

Thanks!

John

HTH, John *** Please rate all useful posts ***

Try redistributing connected on the 192.168.1.2 BGP router.

HTH,

__

Edison.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: