
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2016 02:44 AM - edited 03-08-2019 07:34 AM
Evening techs,
Can no longer telnet to router again from windows server 192.168.0.102. Was connected 4 days ago OK no problem
C:\Users\Administrator>telnet 192.168.0.12
Can telnet to switch OK on ip of 192.168.0.2
Error of :
Connecting To 192.168.0.12...Could not open connection to the host, on port 23:
Connect failed
Troubleshooting done
Have disabled and re-enabled telnet via services.msc
Have un-installed/re-installed telnet client/server
Firewall is off.
C:\Users\Administrator>tlntadmn \\thebeast config port=23
The settings were successfully updated.
C:\Users\Administrator>ping 192.168.0.12
Pinging 192.168.0.12 with 32 bytes of data:
Reply from 192.168.0.12: bytes=32 time<1ms TTL=64
Reply from 192.168.0.12: bytes=32 time<1ms TTL=64
Reply from 192.168.0.12: bytes=32 time<1ms TTL=64
Reply from 192.168.0.12: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.0.12:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\Administrator>tracert 192.168.0.12
Tracing route to 192.168.0.12 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.0.12
Trace complete.
netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:23 TheBeast:0 LISTENING
Is there a way that we can see what telnet is doing?
Solved! Go to Solution.
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2017 04:21 PM
Will do. Just got NBN connected and no internet for 2 days. Keep you posted
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2017 03:49 AM
Had no power outage last night. Do Wed..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2017 03:25 AM
Evening Richard,
switch output
Switch#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.0.1 - 0002.4b5d.01c0 ARPA VLAN2
Internet 192.168.0.102 0 fcaa.14af.197f ARPA VLAN1
Internet 192.168.0.1 0 18f1.4558.f805 ARPA VLAN1
Internet 192.168.0.2 - 0002.4b5d.01c0 ARPA VLAN1
The router ip 192.168.0.12 doesn't appear until I do a traceroute to 192.168.0.12.
Once that is done. I do sh arp on switch and 192.168.0.12 address appears. I can then telnet to it.
And yes. I do a wr command to save this info but not save. Especially after rebooting.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2017 04:42 AM
My guess is that you have a VLAN mismatch on that interface fast 0/24, and that it occasionally works via proxy-arp, which is presumably enabled by default.
Why is the access set to vlan 24 here?
From a "sh int status" is 0/24 actually coming up in trunk mode (and which vlan is the native one?). Sh cdp neigh fast 0/24 detail might also indicate something.
I'm guessing it occasionally works IF a recent packet has come in from the router; in which case the switch learns it and all is fine until arp cache times out. In that case, the switch/vlan 1 will not know to flood the packet out 0/24, so you have no connectivity. An inbound request from the router on that subnet "brings it to life" temporarily.
If you had set "no ip proxy-arp" on vlan 1, you probably wouldn't have communications on that vlan to the router, at all.
interface FastEthernet0/24 switchport access vlan 24 switchport trunk encapsulation dot1q switchport mode trunk !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2017 10:09 AM
Thanks for the information. It is interesting that the router interface address does not show up in the arp table until you have done a traceroute. And that after doing the traceroute that the address is in the arp table and telnet then works ok.
So if the issue seems to be a missing entry in the arp table then I would suggest this test:
- show arp and verify that the router address is not in the arp table.
- enable debug arp on the switch.
- attempt telnet.
- check the arp table and see if there is an entry for the router address.
- check the debug output and look for arp requests and whether any response was received.
- attempt traceroute.
- check the arp table and see if there is an entry for the router address.
- check the debug output and look for arp requests and whether any response was received.
I am very curious whether the behavior with telnet is any different from the behavior with traceroute.
HTH
Rick
Rick

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2017 01:58 AM
Hi Richard,
Got the same issue recently. I noticed that I can telnet my router after like 1 day even SSH is not accepting my password.
line vty 0 4
password 7 XXXXXXXXXXX
transport input telnet ssh
line vty 5 15
privilege level 15
password 7 XXXXXXXXXX
transport input telnet ssh
Regards,
Jason
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2017 08:00 AM
Jason
This is a duplicate of the post of yours in the Remote Access forum. I have responded there and suggest that any further discussion take place in that forum.
HTH
Rick
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2018 04:08 PM
Hi Richard,
Has been quite some time since I updated on this incident.
Unfortunately I still have no telnet access to this device.
ISP router is 192.168.20.1
Switch IP is 192.168.10.2
Router IP is 192.168.20.2
Below is out from switch..
switch..cant telnet router
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2018 06:02 PM
I have also included a diagram to make it easier
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2017 03:07 AM
Hi Richard,
As requested...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2017 09:00 AM
Thanks for posting the config and the show version. The router has been up for a day (and probably less than that when you did the show line output) so the fact that there had been no successful connections is not so surprising. I have looked through the config. I can not tell from the config whether SSH is enabled or not. That may not matter but I note it mainly because the config of vty does specify SSH as one of the permitted access methods. What we have been focusing on is telnet and I do not see any thing in the config that would prevent telnet. So I would encourage you to enable logging buffered (preferably at level debug) and then check the logs after an attempt to telnet.
It also occurs to me to wonder if there is any possibility that some device in the path toward the router might have a security policy that denies telnet traffic passing through.
It is not related to the telnet problem but I did note several odd things in the config. You have these excluded addresses in the config
ip dhcp excluded-address 192.168.0.12
ip dhcp excluded-address 192.168.0.1 192.168.0.102
ip dhcp excluded-address 192.168.0.105 192.168.0.254
But there is no dhcp pool with those addresses.
Also you have this exclude
ip dhcp excluded-address 192.168.1.2 192.168.1.254
I am a bit surprised that you did not exclude 192.168.2.1 since that is the router address and you really do not want that address assigned to a client. And then you exclude all other addresses in the pool. So this dhcp is basically not working.
There are two strange static routes.
ip route 192.168.2.1 255.255.255.255 192.168.0.1
I do not understand why you would have a route for the router's interface address pointed out a different interface. There is also a route for 192.168.3.1. Since I do not know what that is or where it is I can not know whether this route makes sense or not. But it strikes me as odd.
HTH
Rick
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2017 06:18 PM
Hi Richard,
Thanks for the "detailed thoughts"
I did have SSH installed but removed to not complicate matters.
ip dhcp excluded-address 192.168.0.12 (is the router IP address) which is the same network I have home PC's on.
ip dhcp excluded-address 192.168.1.2 192.168.1.254 (Data dhcp range)
ip route 192.168.2.1 (IP phones) 255.255.255.255 192.168.0.1(internet gateway to ISP)
HTH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2016 04:26 AM
Hi Deepak,
Output is
Switch#sh running-config | be vty
line vty 0 4
exec-timeout 0 0
password xxxxxxxxxx
login local
line vty 5
exec-timeout 0 0
password xxxxxxxxxxx
login local
line vty 6 15
password xxxxxxxxxxx
login local
!
end
Switch#
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2016 05:15 AM
And ...
C:\Users\Administrator>tlntadmn
The following are the settings on localhost
Alt Key Mapped to 'CTRL+A' : YES
Idle session timeout : 1 hours
Max connections : 2
Telnet port : 23
Max failed login attempts : 3
End tasks on disconnect : YES
Mode of Operation : Console
Authentication Mechanism : NTLM, Password
Default Domain : JECLAFAMILIA
State : Running
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2016 04:34 AM
