cisco 878 refusing telnet sessions

Answered Question

Hi all,


I've made some config changes on one of our routers and after those changes telnet sessions to the router are no longer accepted.


Here's what I did:

I've added a vlan5, gave it a public ip address.

I then gave fastethernet port #3 switchport access vlan5.


That's it.


I've done some debugging.

The telnet sessions still arrive at the router. No nat is taking place for these packets (at first I thought another machine was responding).

Debugging the particular ip packets for these sessions only show syn packets.


Mar 18 13:41:31 <routername> 259185: 3w1d: %SEC-6-IPACCESSLOGP: list 125 permitted tcp <source ip>(4212) -> <dest ip>(23), 1 packet
Mar 18 13:41:32 <routername> 259186: 3w1d: IP: tableid=0, s=<source ip> (Dialer0), d=<dest ip> (Dialer0), routed via RIB
Mar 18 13:41:32 <routername> 259187: 3w1d: IP: s=<source ip> (Dialer0), d=<dest ip> (Dialer0), len 48, rcvd 3
Mar 18 13:41:32 <routername> 259188: 3w1d:     TCP src=4212, dst=23, seq=3819487968, ack=0, win=65535 SYN
Mar 18 13:41:32 <routername> 259189: 3w1d: IP: tableid=0, s=<source ip> (Dialer0), d=<dest ip> (Dialer0), routed via RIB
Mar 18 13:41:32 <routername> 259190: 3w1d: IP: s=<source ip> (Dialer0), d=<dest ip> (Dialer0), len 48, rcvd 3
Mar 18 13:41:32 <routername>259191: 3w1d:     TCP src=4212, dst=23, seq=2955492222, ack=0, win=65535 SYN
Mar 18 13:41:32 <routername> 259192: 3w1d: IP: tableid=0, s=<source ip> (Dialer0), d=<dest ip> (Dialer0), routed via RIB
Mar 18 13:41:32 <routername>259193: 3w1d: IP: s=<source ip> (Dialer0), d=<dest ip> (Dialer0), len 48, rcvd 3
Mar 18 13:41:33 <routername> 259194: 3w1d:     TCP src=4212, dst=23, seq=2853220139, ack=0, win=65535 SYN


Debugging the telnet session itself does not give any results in the logging.


I'm now able to access the router through a machine attached to the console port.


Config is attached.


Any thoughts?

Correct Answer by desharm2 about 6 years 11 months ago

Hi


1. check show line

2. clear (line no)

3. try telnet

4. If probllem same.

5. Check CPU utilization, Some time Exec and Virtual Exec proccess hanged

6. save the config

7. reload the router and try


May this help you.


Deepak

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Thu, 03/18/2010 - 06:58

Hello,

I don't see the last change you did


there is no trace of new SVI vlan 5 in the attached file.


you should probably try to telnet to private ip address in vlan1 because you allow telnet only from internal ip addresses



access-list 12 permit




line vty 0 4
access-class 12 in
exec-timeout 0 0


you are trying to telnet to dialer0 ip address from log messages


Difficult to say more


Hope to help

Giuseppe

Reza Sharifi Thu, 03/18/2010 - 07:08

Hi,

Remove "access-class 12 in" and try again.  Also, I did not see vlan 5 in your config.


HTH

Reza

Hi folks,


Thanks for the speedy answers so far.



Access-list 12 contains multiple ace's with multiple public ip addresses which our company uses. My ip address falls squarely into those acl's. I have removed the access list from the line, no joy there either.


The config lacks the details for vlan 5, because the attached config it the latest rancid could retrieve. Fortunalely my telnet client has a large buffer, so here is the missing piece:


interface FastEthernet3
switchport access vlan 5

!
interface Vlan5
description Pub Range
ip address 255.255.255.248

no ip redirects
  no ip proxy-arp
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 out


The ip address on vlan5 does not overlap with any other addresses on the router.


I haven;t tried connecting to the router from the inside, and at the moment I have no connnection to the machine attached to the console port. I'll try that tomorrow morning.

Correct Answer
desharm2 Thu, 03/18/2010 - 09:00

Hi


1. check show line

2. clear (line no)

3. try telnet

4. If probllem same.

5. Check CPU utilization, Some time Exec and Virtual Exec proccess hanged

6. save the config

7. reload the router and try


May this help you.


Deepak

Actions

This Discussion