Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1104
Views
0
Helpful
6
Replies

After Upgrading to iosxe 17.XX.XX - Telnet no longer works

Go to solution
FUHSD-589
Level 1
Level 1

‎06-03-2021 09:24 AM

Question - Is this an expected action?  I have attempted to reestablish Telnet access using the "line vty 0 4" commands.  The CLI commands indicated that they executed correctly, but the Telnet connections are still being refused. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to FUHSD-589

‎06-03-2021 11:34 AM

There are multiple options for configuring transport input but there are 3 that we should focus on (the other options are possible but rarely used)

- transport input telnet. It appears that this might be configured on some of your devices. The result of this configuration is that telnet is allowed but no other protocol is allowed (specifically ssh is not allowed).

- transport input ssh. This is on the device in your post. The result of this configuration is that ssh is allowed but no other protocol (specifically telnet is not allowed).

- transport input all. This is the default value, and since default values usually do not show up in the output of show run, you would typically not see this command in the show run output. The result of this configuration is that multiple protocols including both telnet and ssh are allowed.

 

On the device in your original post if you want telnet to work then change the line in the vty config from transport input ssh to either transport input telnet or transport input all.

HTH

Rick

View solution in original post

0 Helpful
6 Replies 6

Go to solution
marce1000
VIP
VIP

‎06-03-2021 09:51 AM

 

 - What is the full model of this device as can be seen from show version ? Post current vty-config (from running-config) too.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
FUHSD-589
Level 1
Level 1
In response to marce1000

‎06-03-2021 10:14 AM

I've currently have had this happen on two systems:  Cisco C9200L-24p-4x and Cisco C9200L-48p-4G

This is the output for vty on these systems:

 

From 48P:

line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 15051804517F7872
login
length 0
transport input ssh
line vty 5 15
login
transport input ssh

From 24P:

line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 051C150774191D5F
login
length 0
transport input ssh
line vty 5 10
password 7 08365F465C4C5641
login
transport input ssh
line vty 11 15
password 7 071832441B5C4A53
login
transport input ssh

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to FUHSD-589

‎06-03-2021 10:46 AM

The current behavior of not allowing telnet is easy to explain. From your post showing partial config

transport input ssh

This allows ssh and does not allow telnet. How it got this way is not something that I can explain. I would be very surprised if a code upgrade changed the vty config. Do you have a copy of the config from before the code upgrade? Can you show the vty config from before the code upgrade?

HTH

Rick
0 Helpful

Go to solution
FUHSD-589
Level 1
Level 1
In response to Richard Burts

‎06-03-2021 11:17 AM

Sorry, but no.  I don't have any previous config copies for these systems.   How do I go about making changes to the transport input settings?  Just to test, I ran an upgrade on a Cisco C9200L-24PXE-4X to iosxe17.03.03 - Once completed and the system rebooted.  I was still able to telnet into the system.  The VTY-Config confirmed that the transport input and output were set to Telnet on this system.  I'm trying to understand why I'm not able to get the Telnet to work on the other systems using the previously established CLI commands.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to FUHSD-589

‎06-03-2021 11:34 AM

There are multiple options for configuring transport input but there are 3 that we should focus on (the other options are possible but rarely used)

- transport input telnet. It appears that this might be configured on some of your devices. The result of this configuration is that telnet is allowed but no other protocol is allowed (specifically ssh is not allowed).

- transport input ssh. This is on the device in your post. The result of this configuration is that ssh is allowed but no other protocol (specifically telnet is not allowed).

- transport input all. This is the default value, and since default values usually do not show up in the output of show run, you would typically not see this command in the show run output. The result of this configuration is that multiple protocols including both telnet and ssh are allowed.

 

On the device in your original post if you want telnet to work then change the line in the vty config from transport input ssh to either transport input telnet or transport input all.

HTH

Rick
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎06-03-2021 11:53 AM

I am glad that my explanation and suggestions were helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card