01-08-2019 02:26 PM
I am trying to understand why I am not able to remote into Cisco Switch 3750 v2series PoE 48 in the same building using the IP address of the Management Vlan. I am several offices away and I am unable to enter the IP address into putty and telnet or SSH into the switch, Am I missing something.How do I remote access a switch from a different geographic location.
I am studying for my CCNA and trying to understand this aspect so I can continue in my learning process.
I have configured the default gateway, already.. When I try to use telnet ( it gives me a putty failure) and when i use SSH it tells me my password is incorrect, here is my syntax...when i do the show run command.
line vty 0 4
password 7 01070308550E12
login
length 0
transport input telnet
line vty 5 15
password 7 01070308550E12
login
length 0
transport input telnet ssh
I have already created a username and a password and ran crypt also to generate my keys...I am prompyed with a login and when I give the switch my username, it changes to my ip address and than asks for my password, when I enter it it tells me access denied.
01-08-2019 02:45 PM
I understand your pain.
Based on the fact that you are unable to access the device remotely, you will require out of band access to the device using a console cable.
Use the following steps to re-establish remote connectivity to your device.
From the config# mode enter :
aaa new-model
user badamov password Your-Password
( badamove being your username and Your-Password : Your customized password)
service password-encryption
enable sec Your-Password
It is recommended to use ssh and not telnet for remote access to your device ,however for educational purposes i will also include telnet access as well
To determine the type of access that are allowed to your device you may include transport input telnet as listed below.
line vty 0 4
privilege level 15 ( allow you to login without specifying an enable password)
logging synchronous
transport input ssh (allow ssh access to the device)
transport input telnet (allow telnet access to the device)
01-08-2019 02:46 PM
And of course done forget to save your configs
wr memory
01-09-2019 05:24 AM
01-09-2019 05:26 AM
01-08-2019 05:08 PM
01-08-2019 05:13 PM
01-08-2019 03:15 PM
Can you verify ping connectivity to and from the device from your host PC/Laptop?
If so, try 'enable secret password' and confirm if you are not able to telnet to the device.
Thank you.
01-08-2019 05:11 PM
01-09-2019 05:35 PM
I am able to ping the switch from my laptop and I have enables secret password... still access denied
I can telnet from the switch to another switch just not using the IP, i egt to the log in it says'
login as:
( i select my username)
the prompt changes to the IP address it looks similar to this
192.168.10.4:it wants my password i put it in and access denied
01-09-2019 05:36 PM
here is the actual syntax i get
login as: localit
localit@192.168.10.4's password:
Access denied
localit@192.168.10.4's password:
What am I missing here?
01-09-2019 05:40 PM
Hi,
Do you have "login local" on line vty 0 15
Thanks
John
01-10-2019 04:55 PM
No,
I have it seperated as you suggested in a comment earlier
line vty 0 15
login local
01-12-2019 11:14 AM
I have several comments about this that I hope may be helpful.
It was not clear in posts early in the discussion whether aaa new-model had been configured or not. And that has significant impact on how the switch processes authentication. But in a post part way through the discussion the original poster does seem to have configured aaa new-model. That enables processing for aaa. And when aaa processing is enabled then commands like login local are no longer used.
It appears that separate transport input commands for telnet and for ssh were used. When you configure the second command it over writes the first command. If you want both protocols to be allowed then you should use one transport input command and put both protocols on that command.
It is interesting that it appears that telnet from the switch to itself is successful but telnet from the PC is not. If true then it suggests that the aaa configuration is correct and the user name and password are correct. And if local telnet is successful and remote telnet is not successful then it suggests that there is something like access-group that may be configured and prevents remote access. Could the original poster provide the complete configuration of the switch? If the complete config is not possible then could you provide at lest the aaa part of the config and the line configuration part of the config?
HTH
Rick
01-08-2019 03:24 PM
Hi,
If you need to login using username and password via telnet/ssh, then you need the following configuration:
username xxxxxx privilege 15 secret yyyyyyyy
enable secret zzzzzzzz
line vty 0 15
login local
transport input telnet ssh
replace xxxxxx yyyyyy and zzzzzzz with your own values. To use ssh you will need ensure you have configure hostname, domain-name and generated ssh keys with crypto key generate rsa general-keys modulus 1024
Thanks
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide