cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
468
Views
0
Helpful
5
Replies

only one management ip?

Scott O'Brien
Level 1
Level 1

Hi All,

with the attached config why am i anly able to telenet into 192.168.253.129 and not telnet into any other interfaces?

5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

Scott

Are you saying that you have attempted to telnet into 192.168.2.1 and that it does not work? If that is the case then can you confirm that you do have IP connectivity to that address? (can you ping to that address from the host where you are attempting telnet?)

Note that your config applies access-class 10 on your console and on the vty. And access list 10 restricts what source addresses can telnet:

access-list 10 permit 192.168.3.0 0.0.0.255

access-list 10 permit 192.168.2.0 0.0.0.255

access-list 10 permit 192.168.1.0 0.0.0.255

access-list 10 permit 192.168.252.0 0.0.0.255

I am surprised in looking at this that your video VLAN (152) is included as a source for telnet but that your management VLAN (153) is not included. What that a typo?

HTH

Rick

HTH

Rick

Reza Sharifi
Hall of Fame
Hall of Fame

In addition to Rick's comments, I don't see you are running any static route or routing protocol.  Do you have connectivity from this router to the rest of the network? or you missed part of the config?

HTH

Marvin Rhoads
Hall of Fame
Hall of Fame

Any number of issues could cause what you're seeing. In addition to the above responses, status of the SVIs and the platform / image would be the places I'd look.

"show interface status" and "show version" would help narrow things down further.

Hope this helps.

Thanks, ( sorry didnt try 2.1) yes 2.1 does work so it looks like the acl, if thats the case then how is 253 working as the (typo) would have stoped it form getting through. i will have another look at the config to see why 252 is allowed telent.

Scott

The access list 10 used by the access class on the vty would limit what source addresses would be accepted in telnet. It does not restrict which interfaces could be used as destination addresses for telnet. So perhaps we need to ask you to go back and provide some details about what source addresses to what destination addresses do work and which do not work.

And given the distinction about restricting source addresses and not destination it is easier to understand why telnet to 192.168.253.129 does work - as long as the telnet is coming from an accepted source address.

Also in re-reading this thread I see that I made an error when I referred to 252 as the Video subnet. Clearly the Video subnet is 152 and not 252. I suspect that the 252 in the access list might be a typo and will be interested in what you can report to us about this.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco