Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

C876 Series telnet problem

Hello.

I have Cisco Router 876 Series, and have problem with telnet. i cant connect via telnet from remote office to my router. does anybody know how to solve that problem.

I have two vlan, vlan 1 is a nativ vlan and it is config for inside network, and vlan 2 for outside.

and fa0, fa1, and fa2 interface is in vlan1, while fa3 is in vlan2.

Anybody please!!!

33 REPLIES
Silver

Re: C876 Series telnet problem

Hi ,

Can you paste the config of 876 router.

have you configured intervlan routing on 876 router.

Thanks,

Satish

New Member

Re: C876 Series telnet problem

ok

here is config in attach

the config is not complex, just basic things.

Silver

Re: C876 Series telnet problem

Hi ,

line vty 0 4

password x

login

transport input telnet ssh

!

SSH is configured on 856 router.

if you want telnet access then

line vty 0 4

password x

login

transport input all

!

New Member

Re: C876 Series telnet problem

OK.

I try that but with no success!

Do you have more ideas?

Hall of Fame Super Gold

Re: C876 Series telnet problem

Satish

I do not understand how changing trasport input telnet ssh into transport input telnet is supposed to solve a problem with telnet access since telnet is specified in both commands. The original post did not ask how to remove ssh and asked how to get telnet to work.

Amar

It would help us to know more about your situation. Can you tell us more about where you are attempting telnet from, what address you are telnetting to, and what kind of response you are getting (do you get any kind of prompt? do you get a connection refused message? does it just hang and do nothing?) If we knew some of these things we might be able to give you better answers.

Since it appears that you also have SSH configured on the router it would be interesting to know if you get the same behavior if you attempt SSH as when you attempt telnet?

HTH

Rick

New Member

Re: C876 Series telnet problem

ok.

i trying from home to telnet on router in my office. attempting telnet to address 217.199.130.153 and response is:

telnet 217.199.130.153

Connecting To 217.199.130.153...Could not open connection to the host, on port 23: Connect failed

that is output from host, from router is:

telnet 217.199.130.153

Trying 217.199.130.153 ...

% Connection timed out; remote host not responding

ping work, and ssh dont give me any kind of prompt...

P.S. but i can telnet to router from my inside network..

Hall of Fame Super Gold

Re: C876 Series telnet problem

Amar

I am not seeing anything in the config that you posted that would prevent telnet from working if you have IP connectivity. If you can ping to that address from home that demonstrates that you have IP connectivity.

If you have IP connectivity and one protocol works (ping) and one protocol does not work (telnet) then there must be something that is looking for protocol specific information. I do not find anything like that in the router config, so I must assume that either your router is going through some firewall which is denying telnet or that the provider to which you connect is denying telnet.

If you want to test this one thing that I would suggest is to configure a simple access list and apply it inbound on the VLAN 2 interface.

access-list 100 permit tcp any host 217.199.130.153 eq 23 log

access-list 100 permit ip any any

interface vlan2

ip access-group 100 in

This will not prevent any traffic but it will create a log message if there is an inbound telnet attempt. It would be interesting to know if the telnet attempt is getting to your router - and I am guessing that it is not.

HTH

Rick

New Member

Re: C876 Series telnet problem

i got this log...

*Mar 7 02:31:24.630: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 217.199.133.54

(17414) -> 217.199.130.153(23), 1 packet

Hall of Fame Super Gold

Re: C876 Series telnet problem

Amar

Was this log the result of your attempt to telnet? is the address that you are telnetting from 217.199.133.54? And does the attempt to telnet still get the unable to connect message?

The log message is helpful. It does show that the telnet request was received. If the telnet request is received but netnet is not successful, then either there must be something on the router which we have not yet identified or something is preventing the telnet response. Answers to the questions I asked will help determine what is the next step.

[edit] I see that after starting this thread that you also started the same question in the Remote Access forum. I would suggest that you add a posting in the Remote Access forum suggesting that the discussion be consolidated in one forum or the other.

HTH

Rick

New Member

Re: C876 Series telnet problem

ok.

lets continue in this forum...

yes this log is result of my attempt to telnet from address 217.199.133.54, and i still get unable to connect message.

Hall of Fame Super Gold

Re: C876 Series telnet problem

Hi,

Do you have NAT configured ?

If so you need to use an extended ACL in the NAT statement, specifying the LAN ranges to go under NAT, else you can run into the problem mentioned.

Hall of Fame Super Gold

Re: C876 Series telnet problem

paolo

The config posted earlier in the thread does have NAT configured which uses a simple standard access list with permit any as the operative statement.

This issue is becoming quite puzzling to me. I had wondered whether it might be a NAT issue but a posting earlier in the thread says that ping from the remote address works. If it were a NAT issue would it not affect ping as well as telnet?

Amar - can you confirm that from the remote address that ping to the VLAN 2 address does work while telnet to that address does not work?

I have also wondered if there were some issue with telnet on the router that might cause this. But a posting earlier in the thread says that telnet from inside works ok. I had thought that there might be some filter (perhaps a firewall or perhaps something in the provider device) that was preventing telnet from getting through. But Amar configured an access list which shows that the telnet request does get to the router.

HTH

Rick

Silver

Re: C876 Series telnet problem

Hi Rick ,

if you don't mind can explain the purpose of the command "transport input telnet ssh " under line vty ...i mean we can use either telnet(port 23) or ssh (port 22) for accessing the device ...correct...

Thanks,

Satish

New Member

Re: C876 Series telnet problem

Amar,

I usually do a "no ip route-cache" on the interface and then do a debug ip packet xxx

with xxx specifying the traffic you want to trace.

that would really help. telnet from both inside and outside and check the differences.

Also, i would do a

"sh ip route x.x.x.x" for your source and then telnet from your router to that device .

another thing to do , is to run ethereal on your host and then telnet to the router. check all packets captured by ethereal.

New Member

Re: C876 Series telnet problem

ok.

i will do that and post the results.

by the way, ping work correctly, telnet from inside network to router too, and from router to outside network, but vice versa dont.

Silver

Re: C876 Series telnet problem

Hi ,

At starting you mentioned that you are trying to access 876 remotely..what exactly remote means ..do you have any other router at remote end....

if possible can you explain your setup or any diagram would be helpful...

Thanks,

Satish

New Member

Re: C876 Series telnet problem

NO i dont have other routher, only that one.

im call ISP and they say that no firewall on they side. i think the problem is with 876...

New Member

Re: C876 Series telnet problem

ok.

Im attach results from etheral, but its in pcap format, i have problem with exporting the results to txt.

can you analyse that and post the results?

Silver

Re: C876 Series telnet problem

Hi ,

Can you paste the result instead of uploading it...

Thanks,

Satish

New Member

Re: C876 Series telnet problem

No. Time Source Destination Protocol Info

9 7.146579 192.168.70.55 217.199.130.153 TCP 1332 > telnet [SYN] Seq=0 Len=

Frame 9 (62 bytes on wire, 62 bytes captured)

Ethernet II, Src: CompalCo_64:02:6e (00:16:d4:64:02:6e), Dst: Cisco_6c:d4:9d (00:11:21:6c:d4:9d)

Internet Protocol, Src: 192.168.70.55 (192.168.70.55), Dst: 217.199.130.153 (217.199.130.153)

Transmission Control Protocol, Src Port: 1332 (1332), Dst Port: telnet (23), Seq: 0, Len: 0

No. Time Source Destination Protocol Info

10 10.121002 192.168.70.55 217.199.130.153 TCP 1332 > telnet [SYN] Seq=0 Len=Frame 10 (62 bytes on wire, 62 bytes captured)

Ethernet II, Src: CompalCo_64:02:6e (00:16:d4:64:02:6e), Dst: Cisco_6c:d4:9d (00:11:21:6c:d4:9d)

Internet Protocol, Src: 192.168.70.55 (192.168.70.55), Dst: 217.199.130.153 (217.199.130.153)

Transmission Control Protocol, Src Port: 1332 (1332), Dst Port: telnet (23), Seq: 0, Len: 0

No. Time Source Destination Protocol Info

11 16.156109 192.168.70.55 217.199.130.153 TCP 1332 > telnet [SYN] Seq=0 Len=Frame 11 (62 bytes on wire, 62 bytes captured)

Ethernet II, Src: CompalCo_64:02:6e (00:16:d4:64:02:6e), Dst: Cisco_6c:d4:9d (00:11:21:6c:d4:9d)

Internet Protocol, Src: 192.168.70.55 (192.168.70.55), Dst: 217.199.130.153 (217.199.130.153)

Transmission Control Protocol, Src Port: 1332 (1332), Dst Port: telnet (23), Seq: 0, Len: 0

No. Time Source Destination Protocol Info

12 37.148100 217.199.130.153 192.168.70.55 TCP telnet > 1332 [RST] Seq=0 Len=Frame 12 (60 bytes on wire, 60 bytes captured)

Ethernet II, Src: Cisco_6c:d4:9d (00:11:21:6c:d4:9d), Dst: CompalCo_64:02:6e (00:16:d4:64:02:6e)

Internet Protocol, Src: 217.199.130.153 (217.199.130.153), Dst: 192.168.70.55 (192.168.70.55)

Transmission Control Protocol, Src Port: telnet (23), Dst Port: 1332 (1332), Seq: 0, Len: 0

Silver

Re: C876 Series telnet problem

Hi ,

I guess you are trying from 192.168.70.55 i.e pc ip to telent to 217.199.130.153 i.e vlan2 ip of 876 router.

But main thing is you configured vlan1 as

interface Vlan1

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

In which you can use 192.168.0.2 to 192.168.0.254 as PC's ip addresses.

Change the pc ip as 192.168.0.55 255.255.255.0 and gateway as 192.168.0.1 & check the issue.

Note : Remove nat on vlan1 and vlan2 fr checking purpose....

Thanks,

Satish

New Member

Re: C876 Series telnet problem

Satish,

Im trying telnet from remote host and ip 192.168.70.55 is addres of my pc, remote host.

I can telnet from 192.168.0.0 network to router, but from outside cant.

Silver

Re: C876 Series telnet problem

Hi,

Hi ,

I guess you are trying from 192.168.70.55 i.e pc ip to telent to 217.199.130.153 i.e vlan2 ip of 876 router.

But main thing is you configured vlan1 as

interface Vlan1

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

In which you can use 192.168.0.2 to 192.168.0.254 as PC's ip addresses.

Change the pc ip as 192.168.0.55 255.255.255.0 and gateway as 192.168.0.1 & check the issue.

Thanks,

Satish

Re: C876 Series telnet problem

Interactive traffic like telnet often requires less latency. wats your ping response?

New Member

Re: C876 Series telnet problem

ping respons:

Pinging 217.199.130.153 with 32 bytes of data:

Reply from 217.199.130.153: bytes=32 time=186ms TTL=249

Reply from 217.199.130.153: bytes=32 time=149ms TTL=249

Reply from 217.199.130.153: bytes=32 time=127ms TTL=249

Reply from 217.199.130.153: bytes=32 time=79ms TTL=249

Ping statistics for 217.199.130.153:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 79ms, Maximum = 186ms, Average = 135ms

New Member

Re: C876 Series telnet problem

Hi amar,

Your ethereal dump indicates to me

that the router recieved your telnet packet (maybe not all) and actively sent a reset back.

The source IP address of your telnet attempts is a private 192.168 address. Why is this? Where are you telnetting from? A remote LAN? If so, you have another NAT and possibly a firewall device infront of your remote LAN. Have you checked this device for any filtering, NAT issues?

This device mayb the culprit!!!

New Member

Re: C876 Series telnet problem

Yes, its remote LAN and have NAT and firewall. But from everywhere I attempt telnet to 217.199.130.153, from home, from friend, etc. I cant telnet to 876. Its the same problem.

This crazy me.

New Member

Re: C876 Series telnet problem

Dont worry, we will get this sorted out..Or ill bcome crazy as well!!!

Anyway, there are 3 more things to be done

a) Did you run the debug ip packet??

pls do that and post the output (remember do the following

int vlan 2

no ip route-cache

int vlan 1

no ip route-cache

logging console

logging buffered

exit

term mon

b)Check your remote end firewall logs. Or run ethereal from a computer that does a dialup to the internet(and hence recieves a public IP).

What I want to check here is that your router doesnt reply back with a different IP address than 217.199.130.153

c) Thirdly, if none of these gives us a clue, we could be looking at a corrupted image. Install a new image and try the telnet again..

let me know how it goes...

New Member

Re: C876 Series telnet problem

Ok. Im not now in position to run debug, i cant contact my client, have some meeting or...... I can run ethereal from my pc and try to get some infos that can be usefull to you.

I earlyer post some log from ethereal. did yo see it.

When I have contact with my client we will do the first step (a) and i will post debug output.

278
Views
0
Helpful
33
Replies
CreatePlease to create content