Had no power outage last night. Do Wed..

Evening Richard,

switch output

Switch#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.0.1 - 0002.4b5d.01c0 ARPA VLAN2
Internet 192.168.0.102 0 fcaa.14af.197f ARPA VLAN1
Internet 192.168.0.1 0 18f1.4558.f805 ARPA VLAN1
Internet 192.168.0.2 - 0002.4b5d.01c0 ARPA VLAN1

The router ip 192.168.0.12 doesn't appear until I do a traceroute to 192.168.0.12.

Once that is done. I do sh arp on switch and 192.168.0.12 address appears. I can then telnet to it.

And yes. I do a wr command to save this info but not save. Especially after rebooting. 

My guess is that you have a VLAN mismatch on that interface fast 0/24, and that it occasionally works via proxy-arp, which is presumably enabled by default.

Why is the access set to vlan 24 here?

From a "sh int status" is 0/24 actually coming up in trunk mode (and which vlan is the native one?).   Sh cdp neigh fast 0/24 detail  might also indicate something.

I'm guessing it occasionally works IF a recent packet has come in from the router; in which case the switch learns it and all is fine until arp cache times out.  In that case, the switch/vlan 1 will not know to flood the packet out 0/24, so you have no connectivity.   An inbound request from the router on that subnet "brings it to life" temporarily.

If you had set "no ip proxy-arp" on vlan 1, you probably wouldn't have communications on that vlan to the router, at all.

interface FastEthernet0/24
 switchport access vlan 24
 switchport trunk encapsulation dot1q
 switchport mode trunk
!

Thanks for the information. It is interesting that the router interface address does not show up in the arp table until you have done a traceroute. And that after doing the traceroute that the address is in the arp table and telnet then works ok.

So if the issue seems to be a missing entry in the arp table then I would suggest this test:

- show arp and verify that the router address is not in the arp table.

- enable debug arp on the switch.

- attempt telnet.

- check the arp table and see if there is an entry for the router address.

- check the debug output and look for arp requests and whether any response was received.

- attempt traceroute.

- check the arp table and see if there is an entry for the router address.

- check the debug output and look for arp requests and whether any response was received.

I am very curious whether the behavior with telnet is any different from the behavior with traceroute.

HTH

Rick

Hi Richard,

Got the same issue recently.  I noticed that I can telnet my router after like 1 day even SSH is not accepting my password.

line vty 0 4
password 7 XXXXXXXXXXX
transport input telnet ssh
line vty 5 15
privilege level 15
password 7 XXXXXXXXXX
transport input telnet ssh

Regards,

Jason

Jason

This is a duplicate of the post of yours in the Remote Access forum. I have responded there and suggest that any further discussion take place in that forum.

HTH

Rick

Hi Richard,

Has been quite some time since I updated on this incident.

Unfortunately I still have no telnet access to this device.

ISP router is 192.168.20.1

Switch IP is 192.168.10.2

Router IP is 192.168.20.2

Below is out from switch..

switch..cant telnet router

I have also included a diagram to make it easier

Hi Richard,

 As requested...

Thanks for posting the config and the show version. The router has been up for a day (and probably less than that when you did the show line output) so the fact that there had been no successful connections is not so surprising. I have looked through the config. I can not tell from the config whether SSH is enabled or not. That may not matter but I note it mainly because the config of vty does specify SSH as one of the permitted access methods. What we have been focusing on is telnet and I do not see any thing in the config that would prevent telnet. So I would encourage you to enable logging buffered (preferably at level debug) and then check the logs after an attempt to telnet.

It also occurs to me to wonder if there is any possibility that some device in the path toward the router might have a security policy that denies telnet traffic passing through.

It is not related to the telnet problem but I did note several odd things in the config. You have these excluded addresses in the config

ip dhcp excluded-address 192.168.0.12
ip dhcp excluded-address 192.168.0.1 192.168.0.102
ip dhcp excluded-address 192.168.0.105 192.168.0.254

But there is no dhcp pool with those addresses.

Also you have this exclude

ip dhcp excluded-address 192.168.1.2 192.168.1.254

I am a bit surprised that you did not exclude 192.168.2.1 since that is the router address and you really do not want that address assigned to a client. And then you exclude all other addresses in the pool. So this dhcp is basically not working.

There are two strange static routes.

ip route 192.168.2.1 255.255.255.255 192.168.0.1

I do not understand why you would have a route for the router's interface address pointed out a different interface. There is also a route for 192.168.3.1. Since I do not know what that is or where it is I can not know whether this route makes sense or not. But it strikes me as odd.

HTH

Rick

Hi Richard,

Thanks for the "detailed thoughts"

I did have SSH installed but removed to not complicate matters.

ip dhcp excluded-address 192.168.0.12 (is the router IP address) which is the same network I have home PC's on.

ip dhcp excluded-address 192.168.1.2 192.168.1.254 (Data dhcp range)

ip route 192.168.2.1 (IP phones) 255.255.255.255 192.168.0.1(internet gateway to ISP)

HTH

Hi Deepak,

Output is 

Switch#sh running-config | be vty
line vty 0 4
exec-timeout 0 0
password xxxxxxxxxx
login local
line vty 5
exec-timeout 0 0
password xxxxxxxxxxx
login local
line vty 6 15
password xxxxxxxxxxx
login local
!
end

Switch#

And ...

C:\Users\Administrator>tlntadmn

The following are the settings on localhost

Alt Key Mapped to 'CTRL+A' : YES
Idle session timeout : 1 hours
Max connections : 2
Telnet port : 23
Max failed login attempts : 3
End tasks on disconnect : YES
Mode of Operation : Console
Authentication Mechanism : NTLM, Password
Default Domain : JECLAFAMILIA
State : Running