×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Telnet problem .... am i being an idiot?

Unanswered Question
Nov 24th, 2006
User Badges:

Cannot remote telnet to a router.

telnet: Unable to connect to remote host: Connection refused


line vty 0 4

password <removed>

login

transport input telnet

!


what am i doing wronng? no access list on router. the router is completely open to all connections. its accepting pings but not telnet.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ankbhasi Fri, 11/24/2006 - 07:10
User Badges:
  • Cisco Employee,

Hi Brad,


Can you try to console into the router and then try to ping somewhere in your network through your router and see if you are able to telnet into the router?


Also can you update the IOS version you are running on your router?


I also believe that because there are only 5 VTY lines configured and no exec time out is configured so all 5 are already occupied and someone might have telnet to it and had not logged out.


Ankur

Richard Burts Fri, 11/24/2006 - 07:50
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Brad


I believe that Ankur's first suggestion is especially helpful since it suggests the problem might be with IP connectivity. I think a test that is better than trying to access the console and do ping is to do ping from where you are trying the telnet. If you can ping the router it demonstrates IP connectivity to that particular address.


I am not sure why Ankur suggests updating IOS and am not aware of any problems with telnet that are IOS version specific.


I agree that Ankur's third suggestion is frequently a good idea to check when problems in telnetting to the router are concerned. If all the vty lines are busy it does produce the symptom of telnet failure. However if the config of the vty that was provided is complete and accurate then the vty have the default inactivity timeout of 10 minutes and this reduces the chances that all the vty are busy. The real way to check this is to access the router (via console?) and do show line. This will show whether the vty lines are busy.


The other thing that I would look for is an access list. The original post states that there are no access lists on the router. But I wonder whether there might be an access list or a firewall somewhere along the path that is denying the telnet.


HTH


Rick

ankbhasi Fri, 11/24/2006 - 07:58
User Badges:
  • Cisco Employee,

Hey Rick,


Howdy!! The reason I asked for the IOS version on router is because there is a bug where the VTY lines get stuck in idle state and router does not allow the telnet connection.


So before posting the bug I thaught to get the IOS detail.


Regards,


Ankur

Richard Burts Fri, 11/24/2006 - 08:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Ankur


That is interesting and I had not heard of this condition. Can you provide any specifics about it so that I can learn more about it?


HTH


Rick

ankbhasi Fri, 11/24/2006 - 08:13
User Badges:
  • Cisco Employee,

Hi Rick,


CSCdz53602


Release-note:


The VTY lines are get stuck in idle state.


The VTY lines in idle state have to be manually cleared to free up for use.


Work Around: Clear the VTY lines manually when they are stuck in idle state


Regards,


Ankur

bradlesliect Fri, 11/24/2006 - 12:59
User Badges:

Hi Rick,


I can ping the router.


IOS should not be a problem.


As previously mentioned there are no other telnet sessions to the router. Will try and do the show line.


There is no access lists at all on the router. No firewall configured. Router is open to the world.


I'm still can't understand why this is happening ....



bradlesliect Fri, 11/24/2006 - 12:42
User Badges:

Hi Ankur,


I am running the latest GD release of IOS. There is no telnet sessions to the router. I am the only one trying to connect to it. Connecting via console is fine. I am able to ping the router IP from a remote location. This is a 837 router and its currently connected to the internet.


tdrais Fri, 11/24/2006 - 14:45
User Badges:
  • Blue, 1500 points or more

Something new I notices in the last post is that you indicate this is a internet router.


Are you running NAT on this router and do you get different results telneting from a machine on the inside to the router as you do from the internet.


You may also want to do a debug telnet command to see if it show anything interesting at all.

You could have a authentication issue if you have configured AAA incorrectly but you see a slightly different error.

Actions

This Discussion