10-02-2010 01:55 PM - edited 03-04-2019 09:58 AM
Hello All,
I am trying to connect to my 1941W router via telnet and Cisco CP with no luck. When I attempt to telnet I receive the follow error: “…Could not open connection to host, on port 23: Connect failed.” When attempting to connect via CCP I receive: “Connection to the device could not be established. Either the device is not reachable or the HTTP service is not enabled on the device.” I am able to ping the Gigabit Ethernet 0/1 interface and have setup the vty lines with a username and password. Below is my current config for the router minus crypto information. I am sure there are a lot mistakes, all I am concerned with at the moment is my inability to connect via telnet or CCP.
Current configuration : 3515 bytes
!
! Last configuration change at 20:17:05 UTC Sat Oct 2 2010
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable password XXXXXXX
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip domain name yourdomain.com
multilink bundle-name authenticated
!
!
license udi pid CISCO1941W-A/K9 sn XXXXXXXXXXX
hw-module ism 0
!
!
!
username XXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXX
!
!
ip telnet source-interface GigabitEthernet0/1
!
!
!
!
interface Loopback0
ip address 10.0.0.127 255.255.255.0
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
!
interface GigabitEthernet0/0
description line
ip address dhcp
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
shutdown
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
ip address 10.0.1.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
access-list 1 permit any
access-list 23 permit 10.10.10.0 0.0.0.7
!
!
!
control-plane
!
!
line con 0
exec-timeout 10 30
password XXXXXXXX
login
line aux 0
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
access-class 23 in
privilege level 15
password XXXXXXXX
login
transport input telnet
!
scheduler allocate 20000 1000
end
Any ideas?
Solved! Go to Solution.
10-02-2010 03:25 PM
VTY and HTTP access have a security measure applied to them. This rule is in the form of access-list 23. Access-list 23 will only allow hosts sourcing the IP address of 10.10.10.0/29. That would be IP addresses from 10.10.10.0 through 10.10.10.7. Is your management host addressed within this range?
I notice that IP source-route is enabled which is not a common practice.
I also notice this router has no IP route for 10.10.10.0/29. There is a high probability that the router doesn't have a route for your management host and is discarding the return packet.
The only active physical interface is g0/1. Given this there should be a router in the 10.0.1.0/24 network that will server as a default gateway or in the very least be a next hop for the 10.0.1.0/24 network.
Chris
10-02-2010 03:25 PM
VTY and HTTP access have a security measure applied to them. This rule is in the form of access-list 23. Access-list 23 will only allow hosts sourcing the IP address of 10.10.10.0/29. That would be IP addresses from 10.10.10.0 through 10.10.10.7. Is your management host addressed within this range?
I notice that IP source-route is enabled which is not a common practice.
I also notice this router has no IP route for 10.10.10.0/29. There is a high probability that the router doesn't have a route for your management host and is discarding the return packet.
The only active physical interface is g0/1. Given this there should be a router in the 10.0.1.0/24 network that will server as a default gateway or in the very least be a next hop for the 10.0.1.0/24 network.
Chris
10-02-2010 04:32 PM
Thank you Chris,
The computer I was using to access the router was from the 10.0.1.0/24 network. I appreciate your suggestions and will take heed in the additional issues mentioned.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: