10-02-2010 01:55 PM - edited 03-04-2019 09:58 AM
Hello All,
I am trying to connect to my 1941W router via telnet and Cisco CP with no luck. When I attempt to telnet I receive the follow error: “…Could not open connection to host, on port 23: Connect failed.” When attempting to connect via CCP I receive: “Connection to the device could not be established. Either the device is not reachable or the HTTP service is not enabled on the device.” I am able to ping the Gigabit Ethernet 0/1 interface and have setup the vty lines with a username and password. Below is my current config for the router minus crypto information. I am sure there are a lot mistakes, all I am concerned with at the moment is my inability to connect via telnet or CCP.
Current configuration : 3515 bytes
!
! Last configuration change at 20:17:05 UTC Sat Oct 2 2010
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable password XXXXXXX
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip domain name yourdomain.com
multilink bundle-name authenticated
!
!
license udi pid CISCO1941W-A/K9 sn XXXXXXXXXXX
hw-module ism 0
!
!
!
username XXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXX
!
!
ip telnet source-interface GigabitEthernet0/1
!
!
!
!
interface Loopback0
ip address 10.0.0.127 255.255.255.0
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
!
interface GigabitEthernet0/0
description line
ip address dhcp
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
shutdown
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
ip address 10.0.1.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
access-list 1 permit any
access-list 23 permit 10.10.10.0 0.0.0.7
!
!
!
control-plane
!
!
line con 0
exec-timeout 10 30
password XXXXXXXX
login
line aux 0
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
access-class 23 in
privilege level 15
password XXXXXXXX
login
transport input telnet
!
scheduler allocate 20000 1000
end
Any ideas?
Solved! Go to Solution.
10-02-2010 03:25 PM
VTY and HTTP access have a security measure applied to them. This rule is in the form of access-list 23. Access-list 23 will only allow hosts sourcing the IP address of 10.10.10.0/29. That would be IP addresses from 10.10.10.0 through 10.10.10.7. Is your management host addressed within this range?
I notice that IP source-route is enabled which is not a common practice.
I also notice this router has no IP route for 10.10.10.0/29. There is a high probability that the router doesn't have a route for your management host and is discarding the return packet.
The only active physical interface is g0/1. Given this there should be a router in the 10.0.1.0/24 network that will server as a default gateway or in the very least be a next hop for the 10.0.1.0/24 network.
Chris
10-02-2010 03:25 PM
VTY and HTTP access have a security measure applied to them. This rule is in the form of access-list 23. Access-list 23 will only allow hosts sourcing the IP address of 10.10.10.0/29. That would be IP addresses from 10.10.10.0 through 10.10.10.7. Is your management host addressed within this range?
I notice that IP source-route is enabled which is not a common practice.
I also notice this router has no IP route for 10.10.10.0/29. There is a high probability that the router doesn't have a route for your management host and is discarding the return packet.
The only active physical interface is g0/1. Given this there should be a router in the 10.0.1.0/24 network that will server as a default gateway or in the very least be a next hop for the 10.0.1.0/24 network.
Chris
10-02-2010 04:32 PM
Thank you Chris,
The computer I was using to access the router was from the 10.0.1.0/24 network. I appreciate your suggestions and will take heed in the additional issues mentioned.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide