Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
5623
Views
0
Helpful
16
Replies

Telnet Issues

badamov
Level 1
Level 1

‎01-08-2019 02:26 PM

I am trying to understand why I am not able to remote into Cisco Switch 3750 v2series   PoE 48 in the same building using the IP address of the Management Vlan. I am several offices away and I am unable to enter the IP address into putty and  telnet or SSH into the switch, Am I missing something.How do I remote access a switch from a different geographic location.

I am studying for my CCNA and trying to understand this aspect so I can continue in my learning process.

 

I have configured the default gateway, already.. When I try to use telnet ( it gives me a putty failure) and when i use SSH it tells me my password is incorrect, here is my syntax...when i do the show run command.

 

line vty 0 4

password 7 01070308550E12

login

length 0

transport input telnet

 

line vty 5 15

password 7 01070308550E12

login

length 0

transport input telnet ssh

 

I have already created a username and a password and ran crypt also to generate my keys...I am prompyed with a login and when I give the switch my username, it changes to my ip address and than asks for my password, when I enter it it tells me access denied.

 

 

 

Labels:
0 Helpful
16 Replies 16

Patrick.Williams
Level 1
Level 1

‎01-08-2019 02:45 PM

I understand your pain.

Based on the fact that you are unable to access the device remotely, you will require out of band access to the device using a console cable.

 

Use the following steps to re-establish remote connectivity to your device.

From the config# mode enter :

 

aaa new-model  

user badamov password Your-Password 

( badamove being your username and Your-Password : Your customized password)


service password-encryption

enable sec  Your-Password

 

It is recommended to use ssh and not telnet for remote access to your device ,however for educational purposes i will also include telnet access as well

To determine the type of access that are allowed to your device you may include transport input telnet as listed below.

 

line vty 0 4
 privilege level 15  ( allow you to login without specifying an enable password)
 logging synchronous
 transport input ssh  (allow ssh access to the device)
transport input telnet (allow telnet access to the device)

 

P.Williams
0 Helpful

Patrick.Williams
Level 1
Level 1
In response to Patrick.Williams

‎01-08-2019 02:46 PM

And of course done forget to save your configs

wr memory

P.Williams
0 Helpful

badamov
Level 1
Level 1
In response to Patrick.Williams

‎01-09-2019 05:24 AM

Okay so I tried the synatx and that did not work.. here is my syntax

SW1(config)#aaa new-model
SW1(config)#user localit password welcome123
SW1(config)#service password-enc
SW1(config)#service password-encryption
SW1(config)#enable sec welcome123
SW1(config)#line vty 0 4
SW1(config-line)#privilege level 15
SW1(config-line)#logging syn
SW1(config-line)#logging synchronous
SW1(config-line)#transport input ssh
SW1(config-line)#transport input telnet
SW1(config-line)#exit
SW1(config)#exit
SW1#
000731: *Apr 1 19:22:39.073: %SYS-5-CONFIG_I: Configured from console by console
SW1#wr memory
Building configuration...



RESULT
login as: localit
localit@192.168.10.4's password:
Access denied
localit@192.168.10.4's password:

What am I missing here?
0 Helpful

badamov
Level 1
Level 1
In response to Patrick.Williams

‎01-09-2019 05:26 AM

I accessed the switch via console cable and then telnet's from the switch using the IP address and the credentials worked, just cant access it directly from the Pc using putty

SW1#telnet 192.168.10.4
Trying 192.168.10.4 ... Open

UNAUTHORIZED ACCESS IS PROHIBITED

User Access Verification

Username: localit
Password:

SW1#

0 Helpful

badamov
Level 1
Level 1
In response to Patrick.Williams

‎01-08-2019 05:08 PM

I will work on this tomorrow thanks for the feedback, much appreciated
0 Helpful

badamov
Level 1
Level 1
In response to Patrick.Williams

‎01-08-2019 05:13 PM

By the way any idea why it has length 0 in my syntax...
0 Helpful

joepak
Cisco Employee
Cisco Employee

‎01-08-2019 03:15 PM

Can you verify ping connectivity to and from the device from your host PC/Laptop?

 

If so, try 'enable secret password' and confirm if you are not able to telnet to the device.

 

Thank you.

0 Helpful

badamov
Level 1
Level 1
In response to joepak

‎01-08-2019 05:11 PM

when I use putty to telnet by IP address, it recognizes it and asks for username, I give it and then it asks for password that I created and than says access denied, so it can conenct to it by IP..still working on it thanks for the feedback
0 Helpful

badamov
Level 1
Level 1
In response to joepak

‎01-09-2019 05:35 PM

I am able to ping the switch from my laptop and I have enables secret password... still access denied

I can telnet from the switch to another switch just not using the IP, i egt to the log in it says'

 

login as:

( i select my username)

the prompt changes to the IP address it looks similar to this

192.168.10.4:it wants my password i put it in and access denied

0 Helpful

badamov
Level 1
Level 1
In response to joepak

‎01-09-2019 05:36 PM

here is the actual syntax i get

 

login as: localit
localit@192.168.10.4's password:
Access denied
localit@192.168.10.4's password:

What am I missing here?

0 Helpful

johnd2310
Level 8
Level 8
In response to badamov

‎01-09-2019 05:40 PM

Hi,

 

Do you have "login local" on line vty 0 15

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

badamov
Level 1
Level 1
In response to johnd2310

‎01-10-2019 04:55 PM

No,

I have it seperated as you suggested in a comment earlier

 line vty 0 15

login local

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to badamov

‎01-12-2019 11:14 AM

I have several comments about this that I hope may be helpful.

 

It was not clear in posts early in the discussion whether aaa new-model had been configured or not. And that has significant impact on how the switch processes authentication. But in a post part way through the discussion the original poster does seem to have configured aaa new-model. That enables processing for aaa. And when aaa processing is enabled then commands like login local are no longer used.

 

It appears that separate transport input commands for telnet and for ssh were used. When you configure the second command it over writes the first command. If you want both protocols to be allowed then you should use one transport input command and put both protocols on that command.

 

It is interesting that it appears that telnet from the switch to itself is successful but telnet from the PC is not. If true then it suggests that the aaa configuration is correct and the user name and password are correct. And if local telnet is successful and remote telnet is not successful then it suggests that there is something like access-group that may be configured and prevents remote access. Could the original poster provide the complete configuration of the switch? If the complete config is not possible then could you provide at lest the aaa part of the config and the line configuration part of the config?

 

HTH

 

Rick

HTH

Rick
0 Helpful

johnd2310
Level 8
Level 8

‎01-08-2019 03:24 PM

Hi,

If you need to login  using username and password via telnet/ssh, then you need the following configuration:

 

username xxxxxx privilege 15 secret yyyyyyyy

enable secret zzzzzzzz

line vty 0 15

   login local

   transport input telnet ssh

 

replace xxxxxx yyyyyy and zzzzzzz with your own values. To use ssh you will need ensure you have configure hostname, domain-name and generated ssh keys with crypto key generate rsa general-keys modulus 1024

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful
Customers Also Viewed These Support Documents
Top