Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1538
Views
0
Helpful
8
Replies

Simple 2911 Question

Chris White
Level 1
Level 1

‎02-28-2011 10:29 AM - edited ‎03-04-2019 11:36 AM

We have a new 2911 that needs to be configured, unfortunately it's at a remote site.  I had my hands and eye guy install the following config:

Current configuration : 944 bytes
!
! Last configuration change at  17:24:09 UTC Mon Feb 28 2011
!
version 15.0
service timestamps debug  datetime msec
service timestamps log datetime msec
no service  password-encryption
!
hostname  Router
!
boot-start-marker
boot-end-marker
!
enable password  test
!
aaa new-model
!
!
aaa authentication login default  none
aaa authentication enable default enable
!
!
!
!
!
aaa  session-id common
!
no ipv6 cef
ip source-route
ip  cef
!
!
!
!
multilink bundle-name  authenticated
!
!
!
!
license udi pid CISCO2911/K9 sn  FTX1504ALE1
!
!
!
!
!
!
!
!
interface  GigabitEthernet0/0
ip address dhcp
duplex auto
speed  auto
!
interface GigabitEthernet0/1
no ip  address
shutdown
duplex auto
speed auto
!
interface  GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed  auto
!
ip forward-protocol nd
!
no ip http server
no ip http  secure-server
!
!
!
!
!
control-plane
!
!
line con  0
line aux 0
line vty 0 4
!
scheduler allocate 20000  1000
end

Router#

Now, I do get a dhcp ip on the G0/0 interface and I can ping it from my remote network and the local router as well as the local lan.  The hands and eye guy is able to telnet from the local lan but I am unable to telnet from either my remote lan or the local router    The only error I receive is "connection refused by remote host".  All lines are clear so I have no conflicts with multiple telnet sessions.

Any help is appreciated.

Thanks

Labels:
0 Helpful
8 Replies 8

andrew.prince
Level 10
Level 10

‎02-28-2011 10:55 AM

Chris,

As a temp measuere have your guy input;-

no aaa new-model

line vty 0 4

password cisco

This should get you on.

HTH>

0 Helpful

johnlloyd_13
Level 9
Level 9

‎02-28-2011 08:58 PM

hi chris,

further adding to andrew's commen, kindly add the "login" command under line vty.

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to johnlloyd_13

‎02-28-2011 11:27 PM

Hi Chris,

Below is how line vty 0 4 needs to be configured.

Router(config-line)#line vty 0 ?
<1-4> Last Line Number

Router(config-line)#line vty 0 4
Router(config-line)# password admin2
Router(config-line)# login


And also you can create access-list for security bindings. Below is the sample config as per best practices.

access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 10.20.20.0 0.0.0.255
access-list 23 permit 10.30.30.0 0.0.255.255

Router(config-line)#line vty 0 4
Router(config-line)#access-class 23 in


Hope this helps you.

Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Latchum Naidu

‎03-01-2011 12:10 AM

Hi,

The hands and eye guy is able to telnet from the local lan but I am 
unable to telnet from either my remote lan or the local router

If telnet is working from local lan then it's not an authentication problem but 2 things:

1) did you post complete running?

2)where are you trying to telnet from ---> just draw the topology with the addresses( modified for security reasons of course)?

3) are you using the same credentials as the eye guy?

It is looking more like a routing or ACL problem between your endpoint and the router you're trying to telnet in.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Chris White
Level 1
Level 1
In response to cadet alain

‎03-01-2011 08:23 AM

The 2911 is in Mexico and I am in Dallas and since I can ping from the desktop in Dallas, then we know the routing is working.  The config I posted is the full config so there are no ACL's or any security on the 2911.  Still waiting for the onsite guy to add the vty config.  I have tested the config I posted on a 2811 on a seperate LAN segment in Dallas and verified that it works.  Thanks for the help so far, will repost once the vty is configured.

*** UPDATE ***

Using the vty config doesn't help.

There has to be something on the 2911 that needs to be turned on.  This is a very simple config and has seved me will when trying to configure a remote router.  Jsut dont' understand why it's not working on a 2911.

0 Helpful

skarthic
Cisco Employee
Cisco Employee
In response to Chris White

‎03-01-2011 01:43 PM

Can you post the config after making the changes to "line vty"

0 Helpful

Chris White
Level 1
Level 1
In response to skarthic

‎03-01-2011 01:53 PM

version 15.0
service timestamps debug datetime msec
service timestamps log  datetime msec
no service password-encryption
!
hostname  Router
!
boot-start-marker
boot-end-marker
!
enable password  test
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip  cef
!
!
!
!
multilink bundle-name  authenticated
!
!
!
!
license udi pid CISCO2911/K9 sn  FTX1504ALE1
!
!
!
!
!
!
!
!
interface  GigabitEthernet0/0
ip address dhcp
duplex auto
speed  auto
!
interface GigabitEthernet0/1
no ip  address
shutdown
duplex auto
speed auto
!
interface  GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed  auto
!
ip forward-protocol nd
!
no ip http server
no ip http  secure-server
!
!
!
!
!
control-plane
!
!
line con  0
line aux 0
line vty 0 4
password cisco
login
!
scheduler  allocate 20000 1000
end

Router#

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Chris White

‎03-02-2011 12:45 AM

Hi,

Can you post the output of your ping and telnet to the router.

From which OS are you telnetting.

Can you also sniff on your computer while telnetting and put the pcap file here.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card