Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 2821 remote login question

Hello

I have configured a Cisco 2821 with a 16port FE PA plugged into slot 1. I left the VLAN1 as standard on the rotuer and gave the VLAN the network address 10.230.x.x/24 I also configured a gateway on it.

On the line vty 0 4 I took off the input telnet statement as well as the ip access class 23 in which states to only allow 10.10.x.x connections. I made sure the vty's have passwords and local login configured. I have disabled ip http server.

However my problem is I cannot telnet to the router to log in remotely.

I also noticed I cannot ping the router. Should Cisco routers not automatically allow ping unless you explicitly deny icmp in an ACL?

Thanks

wvw

7 REPLIES
Bronze

Re: Cisco 2821 remote login question

By default, the router will always response to pings. The default config for the VTY's is "transport input telnet" which is needed if you want to telnet to the box. If you've removed that, than you cannot telnet but you should still be able to ping. If you ping the router, even if the ping fails, do you see an entry in the arp cache for the routers IP? (on windows, goto cli, and type "arp -a". If the entry is all 0's and says invalid at the end, than arp is not working and you probably have a config or topology issue"). You can also check the arp cache on the router (show arp) to see if the router can arp to anything on the LAN. If it cannot, than you have something wrong with the config or your topology. If you would like more help, post the config for your interfaces and the vty lines and include any ACL's that are applied to them. Also include a basic topology map(ip addresses and the routers/switches that are in the path).

GL

-Rob

New Member

Re: Cisco 2821 remote login question

This is the weird thing that surprised me. When I was told the router has been installed the first thing I tried was to ping it, without any luck.

I checked the mac address entried from xp's cli and the router's one is not in. So I think there could be a topology problem. I was not aware of the transport input telnet, I thought if I remove that the router will allow any transport method regardless of what type it is, whereas if I specify telnet and want to connect using another method it will not allow that method.

I did not grab a copy of the config as I was hoping to do so while testing by remotely logging in. But if I cannot even ping the device and there are no ACL's denying ping, then I think there must be a bigger problem. Thanks for the help.

Hall of Fame Super Gold

Re: Cisco 2821 remote login question

Can you post the config of your router?

Hall of Fame Super Silver

Re: Cisco 2821 remote login question

wvw

There are several issues that could impact the ability to telnet to the router. But if you can not ping the router then there is a bigger problem than just not being able to telnet, especially if you are sure that there is not any access list which could cause this.

Is it possible that the configuration was not saved on the router? Is it popssible that the router interfaces are in shutdown state? Is it possible that there was a keystroke error and the IP address entered was different from what you intended?

If you can not telnet and you can not ping then I believe that to find out what the problem is that you will need to access the router by its console port and investigate.

And the default is to accept multiple protocols for remote access (telnet and SSH being the most common protocols). If you configure the vty with no transport input (or transport input none) then you would have prevented any remote access. If you configure the vty with transport input telnet then you have permitted remote access only by telnet and not any other protocol.

HTH

Rick

New Member

Re: Cisco 2821 remote login question

Hi Rick

Thanks again for all the help. I did the setup of this 2821 last week, so what I did is still fresh in mind, which is great as I can compare what I did to the questions you have raised.

I did save the configuration, multiple times. Coming from a Cisco background I know what havoc can be caused when the config is not saved and the router bounces. So I am 500% sure I saved all my config changes.

The router has 2 Gig interfaces. GE0/0 is up down and GE0/1 is admin shut. This does not pose any problems as we are not yet using those interfaces.

I created a file with the router's ip addresses in. Basically we are using a 16 port FE apater which has all 16 ports in VLAN1. VLAN 1 has an ip address of 10.230.100.x and the router has a gateway to reach the 10.230.100.x router as the gateway. I have tried a few other ip's different from what I configured on the router, but with no success.

Having read the responses so far on here, I have come to realise I will have to access the router via console as there's nothing else I can do.

Regards

wvw

Hall of Fame Super Gold

Re: Cisco 2821 remote login question

If you have another reachable router at the site, you can reverse-telnet into your problematic router (AUX to Console).

New Member

Re: Cisco 2821 remote login question

Hi

Unfortunately I do not have another router at the site :( But from the looks of it the initial reason why we wanted to deploy the router is getting more complicated, which means that I might have to go to site not only to trouble shoot the current problems but also assist with cutting the line over from Ether to FX where the FX needs to plug into the new 2821 and the current Ether is plugged into a DSL router. Fun Games! :) LOL!

Thanks anyway for all the help :-)

313
Views
0
Helpful
7
Replies
CreatePlease login to create content