×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
Richard Burts Sun, 12/04/2011 - 18:50
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Scott


Are you saying that you have attempted to telnet into 192.168.2.1 and that it does not work? If that is the case then can you confirm that you do have IP connectivity to that address? (can you ping to that address from the host where you are attempting telnet?)


Note that your config applies access-class 10 on your console and on the vty. And access list 10 restricts what source addresses can telnet:

access-list 10 permit 192.168.3.0 0.0.0.255

access-list 10 permit 192.168.2.0 0.0.0.255

access-list 10 permit 192.168.1.0 0.0.0.255

access-list 10 permit 192.168.252.0 0.0.0.255


I am surprised in looking at this that your video VLAN (152) is included as a source for telnet but that your management VLAN (153) is not included. What that a typo?


HTH


Rick

Reza Sharifi Sun, 12/04/2011 - 18:55
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

In addition to Rick's comments, I don't see you are running any static route or routing protocol.  Do you have connectivity from this router to the rest of the network? or you missed part of the config?


HTH

Marvin Rhoads Sun, 12/04/2011 - 18:57
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Any number of issues could cause what you're seeing. In addition to the above responses, status of the SVIs and the platform / image would be the places I'd look.


"show interface status" and "show version" would help narrow things down further.


Hope this helps.

Scott O'Brien Sun, 12/04/2011 - 19:01
User Badges:

Thanks, ( sorry didnt try 2.1) yes 2.1 does work so it looks like the acl, if thats the case then how is 253 working as the (typo) would have stoped it form getting through. i will have another look at the config to see why 252 is allowed telent.

Richard Burts Sun, 12/04/2011 - 19:23
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Scott


The access list 10 used by the access class on the vty would limit what source addresses would be accepted in telnet. It does not restrict which interfaces could be used as destination addresses for telnet. So perhaps we need to ask you to go back and provide some details about what source addresses to what destination addresses do work and which do not work.


And given the distinction about restricting source addresses and not destination it is easier to understand why telnet to 192.168.253.129 does work - as long as the telnet is coming from an accepted source address.


Also in re-reading this thread I see that I made an error when I referred to 252 as the Video subnet. Clearly the Video subnet is 152 and not 252. I suspect that the 252 in the access list might be a typo and will be interested in what you can report to us about this.


HTH


Rick

Actions

This Discussion