Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2903
Views
0
Helpful
9
Replies

can't access switch per Telnet or SSH

BorislavPenchev0962
Level 3
Level 3

‎06-12-2020 05:45 AM

Hello,

I have a problem.

 

I lost connection with switch via SSH and Telnet, but Web GUI still works Ok;

I can connect via console as well;

 

Someone known what happened


Line-Line con 0
line con 0
logging synchronous
login local
stopbits 1

Line-Line aux 0
line aux 0
stopbits 1

Line-Line vty 0 4
line vty 0 4
logging synchronous
login local
length 0

Line-Line vty 5 15
line vty 5 15
logging synchronous
login local


Labels:
0 Helpful
9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

‎06-12-2020 05:56 AM

add below line to VTY lines:

 

transport input ssh and telnet

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎06-12-2020 08:58 AM

Hi,

What is an error on the screen and what is the switch model number? It is very important. try as:

 

Line-Line vty 0 4
line vty 0 4

transport input all
logging synchronous
login local
length 0

Line-Line vty 5 15
line vty 5 15

transport input all
logging synchronous
login local

 

If it is Small business switch like 350 or 550 then logins in WebGui and

 

Goto security Tab >TCT/UDP services and tick the telnet service. Save.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

BorislavPenchev0962
Level 3
Level 3
In response to Deepak Kumar

‎06-12-2020 09:48 AM

Hi,

error when trying to connect with Putty is:

connection to 192.x.x.x ... can not connect, error on port 23

 

WS-C3650-24PS-S

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to BorislavPenchev0962

‎06-13-2020 12:06 AM

Hi,

Login using the console cable and trying the below configuration as:

Line-Line vty 0 4
line vty 0 4

transport input all
logging synchronous
login local
length 0

Line-Line vty 5 15
line vty 5 15

transport input all
logging synchronous
login local

 

Also, make sure that there will no ACL under the VTY line or Telnet port is not blocked in the path.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to BorislavPenchev0962

‎06-13-2020 03:04 AM

In this case, we need your complete config to assist better, there may be small information which is missing in this post.

 

if you have this model of switch WS-C3650-24PS-S - also post-show version.

 

if this is standard configuration or verify below document for the config (i would also suggest to post here)

 

https://community.cisco.com/t5/networking-documents/configuring-telnet-console-and-aux-port-passwords/ta-p/3126628

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Georg Pauwen
VIP
VIP

‎06-13-2020 12:15 AM

Hello,

 

have you tried to zeroize the RSA key, reboot the router, and then enter a new key ?

 

1. crypto key zeroize rsa

2. reboot

3. crypto key generate rsa

0 Helpful

paul driver
VIP
VIP

‎06-14-2020 07:19 AM

Hello

@BorislavPenchev0962 wrote:

I have a problem.

I lost connection with switch via SSH and Telnet, but Web GUI still works Ok;

I can connect via console as well;

 

Seems to suggest you once had remote access via 22/23 so what change did you make to negate this access?

Have you tried using a different terminal session client or just a command line from you pc to see if the ports are open
cmd
telnet x.x.x.x - does this work?
telnet x.x.x.x 22 - does this work?
telnet x.x.x.x 80 - this should work as you have stated


Lasty remove any access-lists, AAA config and make sure as others have suggested make you vty lines are allowing telnet/ssh.

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

BorislavPenchev0962
Level 3
Level 3
In response to paul driver

‎06-15-2020 01:25 AM

Hi all,

 

thanks for reply's, we are still under investigation,

 

switch is 300 km from us and there is no way to reboot over GUI or ? - would l be able to login afterwards ?

l can ping the switch; cmd telnet test work on port 80, but not on other ports:

 

C:\Users\rsp>telnet 192.168.x.x 22
Connecting To 192.168.x.x...Could not open connection to the host, on port 80: Connect failed

 

l also tried to connect over ssh/telnet from another core switch:

Core#ssh 192.168.x.x
% Connection refused by remote host

 

we will have to send someone on site to try configure transport input all on the vty lines;

 

 when l try to telnet/ssh on cmd or putty l get the connection drop asap - which makes me think is access list/firewall related...

 

------------------ show version ------------------

Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.06.02aE RELEASE SOFTWARE (fc1)
Compiled Fri 03-Apr-15 14:45 by 

ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 1.2, RELEASE SOFTWARE (P)
Core uptime is 2 years, 12 weeks, 4 days

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to BorislavPenchev0962

‎06-15-2020 10:26 AM

yes, it is worth someone available on the remote site and post full configures here for review.

 

Looks like some VTY line issue for now as per recent post.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card