Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1741
Views
0
Helpful
2
Replies

HELP! Can't Telnet from inside to 891

eddysamson
Level 1
Level 1

‎01-27-2012 08:42 AM

I have a 891 router I have been testing some things on. I have been able to successfully telnet to it in the past with no problems. Just yesterday I was trying to set an interface to have an IP of 10.10.10.2 which I realized was an IP I had forgot to exlcude from DHCP and it was handed out to the computer I was using to telnet in. So I wrote in the exlcude commands and did an ipconfig -release ipconfig -renew on my PC that had the 10.10.10.2 IP. After the renew I was given 10.10.10.7 (put in a few more excludes).

However the release dropped my telnet connection and afterwards I was completely unable to telnet in, getting the error that says I cannot open the connection on port 23. I had made some changes to my entire config beforehand which had it switch to use a new public IP. I never saved the changes and did a hard reset by unplugging the router to get my old config back and see if I could telnet after that. Still could not get in, same error. Well I went through and remade my entire config to use the new public IP. My 10.10.10.7 PC can access the internet, DNS, ping the router, all just fine. Still can't telnet. I remade my line/vty config and made sure it matched up with a config I had on another router. Still can't telnet.

Last thing I did was go in and manually clear all open line connections. All that is left is an idle 0 con 0 line that it wont let me close. Still can't telnet.

What the hell is going on with this thing? I am completely at a loss to explain why I cant telnet. It must be something in my ACLs that I am misisng? Please help, I was just about to move this to an environment where I HAVE to access it by telnet!

EDIT: attached config

Labels:
121375-config.txt.zip
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-27-2012 11:09 AM

Hmm,

your vty lines are controlled with an access-list:

line vty 0 4

access-class 23 in

access-list 23 permit 10.10.10.0 0.0.0.7

I believe that access-list will allow clients from 10.10.10.1-10.10.10.6. Try lifting it for a moment (or making the inverse mask 0.0.0.15) to open up telnet to a few more hosts (or make it a set of /32s).

0 Helpful

eddysamson
Level 1
Level 1
In response to Marvin Rhoads

‎01-27-2012 11:22 AM

I actually did figure this out on my own. I am wondering why I was able to telnet in with no problem before without the access-list and I am also wondering why my other router, a 1921, also does not have the access-list but I am able to telnet with no problems.

0 Helpful
Customers Also Viewed These Support Documents