cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1102
Views
0
Helpful
14
Replies

Unable to Telent(Destination unreachable; gateway or host down )

adhityakarthik
Level 1
Level 1

hi all

I need to restict telnet access to switches, mean i should able to telnet LAN Switches from core switch mangement vlan.

I have apllied ACL, but after applying ACL, i am able to ping access switch but i am unable to telnet, config is pasted below can some one help plz

On Core switch

int vlan 171

description Mgmt vlan

ip address 172.17.1.2 255.255.255.0

--------------

On access siwth i have apllied this config

access-list 110 permit ip 172.17.1.0 0.0.0.255 any

access-list 110 deny ip any any log

And on vlan interface i have apllied this

int vla171

ip aceess group 110 in

after this iam able to pin access switch from the core but uanble to telnet

erros pasted below

Core1ping 172.17.1.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.17.1.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Core-DC-1#tel

Core-DC-1#telnet 172.17.1.10

Trying 172.17.1.10 ...

% Destination unreachable; gateway or host down

Please help me on the same

srinivas sagar

14 Replies 14

cisco_lad2004
Level 5
Level 5

apply ACL under instead line VTY 0 4 and later 5 15.

conf t

line vty 0 4

access-class 110 in

end

HTH

Sam

Hi

Thanks very much for the update.

My erequirement is not only telnet but to allowSNMP servers and other montiroing tools to pool, i got requirement to apply on mangement vlan could you please gucid eme

Srinivas

please re test with telnet /source-interface vlan 171

this will confirm if u have any routing issues. if u can PING, u should be able to telnet unless going thru FW or further ACLs that re misleading u.

please inc show ip route from core for SWITCH management VLAN.

Sam

HI

i am able to ping and do the tracert

Core-DC-1#p 172.17.1.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.17.1.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Core-DC-1#tel

Core-DC-1#telnet 172.17.1.10

Trying 172.17.1.10 ...

% Destination unreachable; gateway or host down

Core-DC-1#traceroute 172.17.1.10

Type escape sequence to abort.

Tracing the route to 172.17.1.10

1 172.17.1.10 0 msec * 0 msec

Core-DC-1#q

Io route

Core-DC-1#sh ip route | in 172.17.1.0

C 172.17.1.0/24 is directly connected, Vlan171

Core-DC-1#

Rinivasa

HI

i am able to ping and do the tracert

Core-DC-1#p 172.17.1.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.17.1.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Core-DC-1#tel

Core-DC-1#telnet 172.17.1.10

Trying 172.17.1.10 ...

% Destination unreachable; gateway or host down

Core-DC-1#traceroute 172.17.1.10

Type escape sequence to abort.

Tracing the route to 172.17.1.10

1 172.17.1.10 0 msec * 0 msec

Core-DC-1#q

Io route

Core-DC-1#sh ip route | in 172.17.1.0

C 172.17.1.0/24 is directly connected, Vlan171

Core-DC-1#

Rinivasa

Rinivasa,

Ur config should work.

veriffy that there are no other ACLs on physical ports / trunks that may cause this.

Its a straight forward setup and should work.

Sam

Hi

there are no ACSL in the access siwth it has not worked

do u want to me to check any thing on core

srinivasa

what do u get when u telnet this way ?

telnet 172.17.1.10 /source-interface vlan 171

If u get through, then check that you have this line configured.

"ip telnet source-interface" which is corrupting your telnet source.

Hi,

i will check this

have not configured ip telnet source itnerface vlan

find my config below

ip tacacs source-interface Vlan171

logging source-interface Vlan171

snmp-server trap-source Vlan171

Srinivasa

Hi,

i will check this

have not configured ip telnet source itnerface vlan

find my config below

ip tacacs source-interface Vlan171

logging source-interface Vlan171

snmp-server trap-source Vlan171

Srinivasa

what do u get when u telnet this way ?

telnet 172.17.1.10 /source-interface vlan 171

Hi

Thanks for the update.

I havnet tried, will try later in the evening

Please note that its a stack Switch(5 Switches connected in sack) and i am doing it remotely

srinivasa

amitmarathe
Level 1
Level 1

Just check the source interface when you telnet to the switch.

Hi

i didnt get you

srinivasa

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: