11-01-2005 01:14 PM
hi.
can u help me...i cannot allow remote access for cisco 831.
i have configured the line vty 0 4:
login
password 7 ....
exec-timeout 0 0
transport input telnet
any idea?
thank you.
11-01-2005 09:40 PM
Hi
To isolate the exact reason for the accessiability problem do revert whether you are able to access the router from the local lan ?
if yes then can you revert whether any reachability issues are there from the remote location to the ip which you are trying to access ?
btw which ip address you are trying to access from the remote location.
if you are trying out for a local lan ip (ethernet ip) and if u have nat in place it wont work out for u from the remote..hope you arent trying out something inline like tht ....
regds
11-02-2005 05:53 AM
In addition to the suggestions from Edwin I have a comment and suggestion. I notice that the original post has the exec timeout set to 0 which says that inactive sessions will never time out. While I sometimes do this on console connections I think it is not a good idea on vty ports. I have seen many situations where someone telneted to a device, lost the network connection, and the vty port still maintained the session. I have seen situations where telnet access did not work because all of the vty ports were busy and orphan sessions were most or all of it.
If you can get to the router at all (perhaps through the console connection) do a show user and see if the vrt ports are in an occupied state with unexpired connections. If so a clear line on the router will solve the immediate problem.
I suggest that it is better to set very long timeouts on vty if you want, but I suggest that you do not disable inactive timeout on vty ports.
HTH
Rick
11-02-2005 12:41 PM
If I understand the question "if you do not want to have access to the 831 is correct" then I would remove the login and password from the line command. You could also create an access list and apply it to the vty's that would limit who is allowed to telnet to the router.
If you do want access and the lines are not all used what possible access lists do you have on the main interfaces that could be blocking incoming telnet connections?
Rburt is correct about the exec-timeout command. The way you have it all the vty lines could get used and also stop any further sessions to the router.
I would send us a copy of the configuration and
a copy of the show line command.
Rate the message,
Mike
11-15-2005 11:47 PM
so, tkx all for the ideas.
also, none of it didn't work.
here is my config:
"
15nov2005:
Building configuration...
Current configuration : 1450 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Camin
!
enable secret xxxx
!
username concept password xxxx
no aaa new-model
ip subnet-zero
!
!
ip cef
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface Ethernet1
ip address xx.xx.xxx.xx 255.255.255.0
ip nat outside
duplex auto
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
ip nat inside source list 101 interface Ethernet1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 xx.xx.xxx.1
ip http server
no ip http secure-server
!
access-list 101 permit ip any any
access-list 101 permit tcp any any eq telnet
access-list 110 permit tcp any any eq telnet
!
line con 0
no modem enable
line aux 0
line vty 0
exec-timeout 120 0
password xxxx
login
length 0
transport preferred telnet
transport input none
transport output none
line vty 1 4
exec-timeout 120 0
password xxxx
login
length 0
transport preferred telnet
transport input telnet
!
scheduler max-task-time 5000
!
end
"
any idea?
i can login local.
i can access web interface(only fron internal ip) - and i set up the allow telnet access.
also, i cannot telnet from outside the lan.
thank you.
11-16-2005 12:06 AM
Hi
From your post under line vty 0 you have disabled the incoming connections by keyin in transport input none just change the same to transport input telnet and also any specific reason attached in configuring the length to 0,we normally keep that to defau value which 24....
regds
11-16-2005 07:02 AM
Cisco Notes:
transport input none--Issue 1
Prevents any protocol selection on the line. This makes the port unusable by incoming connections
transport output none--Issue 2
Prevents any protocol selection on the line. The system normally assumes that any unrecognized command is a host name. If the protocol is set to none, the system no longer makes that assumption. No connection will be attempted if the command is not recognized.
Comment on above.
Any settings made with the transport input or transport output commands override settings made with the transport preferred command
length 0--"Not normal but should not be an issue"
In the following example, the terminal type is specified and the screen pause function is disabled for the terminal
My concern would be does the ISP allow you access your routers HTTP port.
What I would do is swap IP addresses on the router and connect your PC to the Outside interface(That is now configured with your internal IP network address) then see if you can get to the web interface. This would at least determine if you might have an ISP blocking you from accessing the outside interface when connected correctly to the Internet.
Rate this post if it helps.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide