Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15001
Views
0
Helpful
32
Replies

Basic Router SSH Access

Go to solution
Michael Reyes
Level 1
Level 1

‎06-18-2012 04:10 PM - edited ‎03-07-2019 07:19 AM

Hello Cisco Experts,

I need to configure a 2921 ISR.  Basic config below.  Nothing elaborate as far as config goes.  Inside traffic routing outside.  GE0/0 - External IP and GE0/1 - Internap IP.  I'm trying to telnet to the GE0/0 interface, but it's not working.  Did I miss something?  This is a brand new router I received this afternoon.  Ultimately I need to enable SSH and restrict access to two remote IP addresses (x.x.x.244 & x.x.x.246)

Any assistance would be greatly appreciated.

Thanks,

Michael

Basic Configuration Below

*************************************************************************************************

Current configuration : 5325 bytes
!
! Last configuration change at 22:47:28 UTC Mon Jun 18 2012 by root
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cv_router_2921
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 *******.
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!        
!
!
!
!
ip domain name corp.local
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3184049427
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3184049427
revocation-check none
rsakeypair TP-self-signed-3184049427
!
!
crypto pki certificate chain TP-self-signed-3184049427
certificate self-signed 01

Current configuration : 5325 bytes
!
! Last configuration change at 22:47:28 UTC Mon Jun 18 2012 by root
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cv_router_2921
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 *******.
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!        
!
!
!
!
ip domain name corp.local
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3184049427
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3184049427
revocation-check none
rsakeypair TP-self-signed-3184049427
!
!
crypto pki certificate chain TP-self-signed-3184049427
certificate self-signed 01
          quit
license udi pid CISCO2921/K9 sn FGL161612S2
!
!
username my_username privilege 15 secret 4 *******
!
redundancy
!
!
!        
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Transit Network
ip address x.x.x.134 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Internal Transit Network
ip address x.x.x.225 255.255.255.224
duplex auto
speed auto
!        
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 x.x.x.133
!
access-list 23 permit 10.10.10.0 0.0.0.7
!
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Removed

-----------------------------------------------------------------------
^C
!        
line con 0
exec-timeout 0 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
password 7 *******
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 *******
login local
transport input telnet ssh
!        
scheduler allocate 20000 1000
end

cv_router_2921#

        quit
license udi pid CISCO2921/K9 sn FGL161612S2
!
!
username username privilege 15 secret 4 *******
!
redundancy
!
!
!        
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Transit Network
ip address x.x.x.134 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Internal Transit Network
ip address x.x.x.225 255.255.255.224
duplex auto
speed auto
!        
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 x.x.x.133
!
access-list 23 permit 10.10.10.0 0.0.0.7
!
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Removed

-----------------------------------------------------------------------
^C
!        
line con 0
exec-timeout 0 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
password 7 *******
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 *******
login local
transport input telnet ssh
!        
scheduler allocate 20000 1000
end

cv_router_2921#

Labels:
0 Helpful
32 Replies 32

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Michael Reyes

‎06-25-2012 04:31 PM

Michael

Thanks for the additional explanation. That does help.

Am I correct that the ping problem was just a transposition of octets in the address? Or is there still some problem with pinging?

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Michael Reyes
Level 1
Level 1
In response to Richard Burts

‎06-26-2012 11:16 PM

Hi Rick,

Sorry for the delay in responding.  Looks like I have been transposing numbers.  I need to slow myself down sometimes.  I have confirmed the following:

  • Router can ping locally assigned IP addresses
  • Router can ping each connected device IP address
  • Each connected device can ping the router IP address
  • Each connected device can ping the other connected device IP address

All appears to be working as it should be.

Thank you for all your assistance.  Sometimes it just takes someone from the outside to help resolve the issue.

Much appreciated.

Best Regards,

Michael

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Michael Reyes

‎06-27-2012 04:09 AM

Michael

I am glad that the problem is resolved and that our suggestions were helpful. You are right that sometimes it is very helpful to have another pair of eyes looking at the issue. Thank you for using the rating system to mark the question as answered. It makes the forum more useful when people can read about a problem and can know that a solution was found. Your rating has contributed to this process.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card