I have a Cisco 891F router that I have been trying to set it up for remote access for a while.
IOS is c800-universalk9-mz.SPA.153-3.M6.bin
Current configuration : 2880 bytes
version 15.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router_Fef_Pak ! boot-start-marker boot-end-marker ! aqm-register-fnf ! enable secret 5 $1$CIOB$49J2KXNkFcaRHSGiSZ/fs/ ! aaa new-model ! ! aaa authentication login userauthen local aaa authorization exec userauthen local ! ! ! ! ! aaa session-id common ! crypto pkitrustpoint TP-self-signed-2158060672 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2158060672 revocation-check none rsakeypair TP-self-signed-2158060672 ! ! crypto pki certificate chain TP-self-signed-2158060672 ! ! ! !
! ! ! ! no ip domain lookup ip domain name Fef.com ipcef no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! ! ! ! ! license udipid C891F-K9 sn FGL200526SA ! !
vtp mode transparent username S3ed privilege 15 secret 5 $1$8wlv$dqE1hbiE4ULO3Izy48FkP0 username Fef_HO privilege 15 secret 5 $1$B2aZ$Z8JBxWWyHfCuduLtABDzG. ! ! ! ! ! ip ssh time-out 15 ip ssh authentication-retries 2 ip ssh logging events ip ssh version 2 !
! interface GigabitEthernet8 ip address x.x.x.x 255.255.255.248 duplex auto speed auto !
! ip route 0.0.0.0 0.0.0.0 x.x.x.x ! ! line con 0 logging synchronous login authentication userauthen no modem enable line aux 0 line 3 modem InOut speed 115200 flowcontrol hardware line vty 0 4 session-timeout 1 exec-timeout 60 0 logging synchronous login authentication userauthen transport input ssh line vty 5 15 session-timeout 1 exec-timeout 60 0 logging synchronous login authentication userauthen transport input ssh ! scheduler allocate 20000 1000 ntp server 184.108.40.206 prefer ntp server 220.127.116.11 ! end
From the config it is apparent that SSH v2 needs to be configured. Crypto key generate RSA is 2048 bytes. authentication and authorization is via "userauthen" group.
The problem strangely that i am seeing is that the vty lines appears to be not operating. i.e no access from remote devices is allowed.
The response always is "Network Error: Connection refused".
As a troubleshooting procedure I have tried "ssh -l S3ed -c 3des -v 2 x.x.x.x" and this successfully opens a SSH sessions. Furthermore the userauthen group of aaa works fine since through proper credentials I am able to login. But any sort of attempt to remotely access via vty lines fails.
Furthermore show user command shows line con 0 and nothing else in the list. I suspect vty lines should also appear here.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.