Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1659
Views
0
Helpful
2
Replies

1941W telnet/Cisco CP connectivity

Go to solution
abc2014de
Level 1
Level 1

‎10-02-2010 01:55 PM - edited ‎03-04-2019 09:58 AM

Hello All,

I am trying to connect to my 1941W router via telnet and Cisco CP with no luck. When I attempt to telnet I receive the follow error: “…Could not open connection to host, on port 23: Connect failed.” When attempting to connect via CCP I receive: “Connection to the device could not be established. Either the device is not reachable or the HTTP service is not enabled on the device.” I am able to ping the Gigabit Ethernet 0/1 interface and have setup the vty lines with a username and password. Below is my current config for the router minus crypto information. I am sure there are a lot mistakes, all I am concerned with at the moment is my inability to connect via telnet or CCP.

Current configuration : 3515 bytes

!

! Last configuration change at 20:17:05 UTC Sat Oct 2 2010

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable password XXXXXXX

!

no aaa new-model

service-module wlan-ap 0 bootimage autonomous

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

no ip domain lookup

ip domain name yourdomain.com

multilink bundle-name authenticated

!

!

license udi pid CISCO1941W-A/K9 sn XXXXXXXXXXX

hw-module ism 0

!

!

!

username XXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXX

!

!

ip telnet source-interface GigabitEthernet0/1

!

!

!

!

interface Loopback0

ip address 10.0.0.127 255.255.255.0

!

interface Wlan-GigabitEthernet0/0

description Internal switch interface connecting to the embedded AP

!

interface GigabitEthernet0/0

description line

ip address dhcp

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

no ip address

shutdown

arp timeout 0

no mop enabled

no mop sysid

!

interface GigabitEthernet0/1

ip address 10.0.1.1 255.255.255.0

duplex auto

speed auto

!

interface Vlan1

no ip address

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

access-list 1 permit any

access-list 23 permit 10.10.10.0 0.0.0.7

!

!

!

control-plane

!

!

line con 0

exec-timeout 10 30

password XXXXXXXX

login

line aux 0

line 67

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

line vty 0 4

access-class 23 in

privilege level 15

password XXXXXXXX

login

transport input telnet

!

scheduler allocate 20000 1000

end

Any ideas?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gatlin007
Level 4
Level 4

‎10-02-2010 03:25 PM

VTY and HTTP access have a security measure applied to them.  This rule is in the form of access-list 23.  Access-list 23 will only allow hosts sourcing the IP address of 10.10.10.0/29.  That would be IP addresses from 10.10.10.0 through 10.10.10.7.  Is your management host addressed within this range?

I notice that IP source-route is enabled which is not a common practice.

I also notice this router has no IP route for 10.10.10.0/29.  There is a high probability that the router doesn't have a route for your management host and is discarding the return packet. 

The only active physical interface is g0/1.  Given this there should be a router in the 10.0.1.0/24 network that will server as a default gateway or in the very least be a next hop for the 10.0.1.0/24 network. 


Chris

View solution in original post

0 Helpful
2 Replies 2

Go to solution
gatlin007
Level 4
Level 4

‎10-02-2010 03:25 PM

VTY and HTTP access have a security measure applied to them.  This rule is in the form of access-list 23.  Access-list 23 will only allow hosts sourcing the IP address of 10.10.10.0/29.  That would be IP addresses from 10.10.10.0 through 10.10.10.7.  Is your management host addressed within this range?

I notice that IP source-route is enabled which is not a common practice.

I also notice this router has no IP route for 10.10.10.0/29.  There is a high probability that the router doesn't have a route for your management host and is discarding the return packet. 

The only active physical interface is g0/1.  Given this there should be a router in the 10.0.1.0/24 network that will server as a default gateway or in the very least be a next hop for the 10.0.1.0/24 network. 


Chris

0 Helpful

Go to solution
abc2014de
Level 1
Level 1
In response to gatlin007

‎10-02-2010 04:32 PM

Thank you Chris,

The computer I was using to access the router was from the 10.0.1.0/24 network. I appreciate your suggestions and will take heed in the additional issues mentioned.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card