1941W telnet/Cisco CP connectivity

Answered Question
Oct 2nd, 2010

Hello All,

I am trying to connect to my 1941W router via telnet and Cisco CP with no luck. When I attempt to telnet I receive the follow error: “…Could not open connection to host, on port 23: Connect failed.” When attempting to connect via CCP I receive: “Connection to the device could not be established. Either the device is not reachable or the HTTP service is not enabled on the device.” I am able to ping the Gigabit Ethernet 0/1 interface and have setup the vty lines with a username and password. Below is my current config for the router minus crypto information. I am sure there are a lot mistakes, all I am concerned with at the moment is my inability to connect via telnet or CCP.

Current configuration : 3515 bytes

!

! Last configuration change at 20:17:05 UTC Sat Oct 2 2010

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable password XXXXXXX

!

no aaa new-model

service-module wlan-ap 0 bootimage autonomous

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

no ip domain lookup

ip domain name yourdomain.com

multilink bundle-name authenticated

!

!

license udi pid CISCO1941W-A/K9 sn XXXXXXXXXXX

hw-module ism 0

!

!

!

username XXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXX

!

!

ip telnet source-interface GigabitEthernet0/1

!

!

!

!

interface Loopback0

ip address 10.0.0.127 255.255.255.0

!

interface Wlan-GigabitEthernet0/0

description Internal switch interface connecting to the embedded AP

!

interface GigabitEthernet0/0

description line

ip address dhcp

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

no ip address

shutdown

arp timeout 0

no mop enabled

no mop sysid

!

interface GigabitEthernet0/1

ip address 10.0.1.1 255.255.255.0

duplex auto

speed auto

!

interface Vlan1

no ip address

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

access-list 1 permit any

access-list 23 permit 10.10.10.0 0.0.0.7

!

!

!

control-plane

!

!

line con 0

exec-timeout 10 30

password XXXXXXXX

login

line aux 0

line 67

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

line vty 0 4

access-class 23 in

privilege level 15

password XXXXXXXX

login

transport input telnet

!

scheduler allocate 20000 1000

end

Any ideas?

I have this problem too.
0 votes
Correct Answer by gatlin007 about 6 years 2 months ago

VTY and HTTP access have a security measure applied to them.  This rule is in the form of access-list 23.  Access-list 23 will only allow hosts sourcing the IP address of 10.10.10.0/29.  That would be IP addresses from 10.10.10.0 through 10.10.10.7.  Is your management host addressed within this range?

I notice that IP source-route is enabled which is not a common practice.

I also notice this router has no IP route for 10.10.10.0/29.  There is a high probability that the router doesn't have a route for your management host and is discarding the return packet. 

The only active physical interface is g0/1.  Given this there should be a router in the 10.0.1.0/24 network that will server as a default gateway or in the very least be a next hop for the 10.0.1.0/24 network. 


Chris

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
gatlin007 Sat, 10/02/2010 - 15:25

VTY and HTTP access have a security measure applied to them.  This rule is in the form of access-list 23.  Access-list 23 will only allow hosts sourcing the IP address of 10.10.10.0/29.  That would be IP addresses from 10.10.10.0 through 10.10.10.7.  Is your management host addressed within this range?

I notice that IP source-route is enabled which is not a common practice.

I also notice this router has no IP route for 10.10.10.0/29.  There is a high probability that the router doesn't have a route for your management host and is discarding the return packet. 

The only active physical interface is g0/1.  Given this there should be a router in the 10.0.1.0/24 network that will server as a default gateway or in the very least be a next hop for the 10.0.1.0/24 network. 


Chris

abc2014de Sat, 10/02/2010 - 16:32

Thank you Chris,

The computer I was using to access the router was from the 10.0.1.0/24 network. I appreciate your suggestions and will take heed in the additional issues mentioned.

Actions

This Discussion