02-26-2024 04:03 PM - last edited on 02-26-2024 04:09 PM by Jimena Saez
Hello everyone and I would like to express my gratitude. I will do a penetration test and I have a little intermediate or higher knowledge about this subject, but knowledge is certainly not a solution for everything and I will share a topology with you. I will talk about the problems of the numbered things in this topology one by one. The problem is basically the telnet connection defined in switch in a local network Router. In the inside leg, it can telnet and ping to Switch from inside, but when you try to make a telnet and ping connection from outside, it does not have any effect. What could be the main problem with this? I will explain the problem in detail below.
You can find the full-size version of the image at this link.
- It does not telnet and ping from 1 to 2, but it does ping and telnet to the 192.168.1.1 cable. What I want is a direct telnet connection to switch. There is EIGRP configuration in the topology and I will share the configuration of a router as an example.
If it is from -3 to '2, it can telnet and ping. The inner leg of the router does this. Thank you. I want someone from outside to do ping and telnet as well. If this is a scenario, will anyone find a valid solution for every configured router, thank you.
Router1 CONF Example
R1#show run
Building configuration...
Current configuration : 1882 bytes
!
! Last configuration change at 20:17:49 UTC Sun Feb 25 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
username ciprivilege 15 password 0 cisco
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
FastEthernet0/0 interface
no ip address
shutdown
duplex full
!
Serial1/0 interface
ip address 1.1.1.1 255.255.255.0
serial restart-delay 0
!
Serial1/1 interface
no ip address
shutdown
serial restart-delay 0
!
Serial1/2 interface
no ip address
shutdown
serial restart-delay 0
!
Serial1/3 interface
no ip address
shutdown
serial restart-delay 0
!
Gigabit Ethernet interface2/0
no ip address
shutdown
auto
!
Ethernet3/0 interface
ip address 192.168.1.1 255.255.255.0
duplex full
!
Ethernet3/1 interface
ip address 192.168.2.1 255.255.255.0
duplex full
!
Ethernet3/2 interface
ip address 192.168.3.1 255.255.255.0
duplex full
!
Ethernet3/3 interface
no ip address
shutdown
duplex full
!
Ethernet3/4 interface
no ip address
shutdown
duplex full
!
Ethernet3/5 interface
no ip address
shutdown
duplex full
!
Ethernet3/6 interface
no ip address
shutdown
duplex full
!
Ethernet3/7 interface
no ip address
shutdown
duplex full
!
!
eigrp 10 router
network 1.0.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
eigrp router-id 1.1.1.1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0.0.0.0.0 1.1.1.2
!
!
!
!
plane control
!
!
line with 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
local login
!
!
end
Conf Switch Example
SW1#show run
Building configuration...
Current configuration : 1598 bytes
!
! Last configuration change at 20:06:28 UTC Sun Feb 25 2024
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS grave drops 6 msg-body EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
username ciprivilege 15 password 0 cisco
no aaa new-model
no ip icmp rate-limit unreachable
!
ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
Ethernet0/0 interface
auto duplex
!
Ethernet0/1 interface
auto duplex
!
Ethernet0/2 interface
auto duplex
!
Ethernet0/3 interface
auto duplex
!
Ethernet1/0 interface
auto duplex
!
Ethernet1/1 interface
auto duplex
!
Ethernet1/2 interface
auto duplex
!
Ethernet1/3 interface
auto duplex
!
Ethernet2/0 interface
auto duplex
!
Ethernet2/1 interface
auto duplex
!
Ethernet2/2 interface
auto duplex
!
Ethernet2/3 interface
auto duplex
!
Ethernet3/0 interface
auto duplex
!
Ethernet3/1 interface
auto duplex
!
Ethernet3/2 interface
auto duplex
!
Ethernet3/3 interface
auto duplex
!
Vlan1 interface
ip address 192.168.1.10 255.255.255.0
!
!
no ip http server
!
!
!
!
!
plane control
!
!
line with 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
local login
!
end
Another problem is that it does not ping etc. the 1.1.1.1 leg of the SW1 Router. It is a double-sided problem. Please, I am waiting for your help.
!! I'm a bit newbie here, sorry. It will be improved over time, thank you.
02-27-2024 07:57 AM
Hello,
Add "ip default-gateway 192.168.1.1" to the switch. Without it the switch does not know where to go to get off its local subnet.
02-27-2024 09:40 AM
Sw1 should be able to reach R1 since it is on local network/subnet but not beyond; To reach any remote networks, switch needs default gateway as mentioned earlier and routers must know how to reach it back; Ping nd telnet is 2-way communication; aka to and from.
If you have other issues, check routing tables; show ip route x.x.x and cef with show ip cef x.x.x.x
ip default-gateway 192.168.1.1
Regards, ML
**Please Rate All Helpful Responses **
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide