Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1284
Views
0
Helpful
3
Replies

Can't telnet in from one VLAN

spj2019
Level 1
Level 1

‎05-08-2019 11:29 PM

Hi,

I'm using a 3650 with routing, IOS 15.3. Up to now we've only needed console access, but new requirements have led us to setup remote access. After setting up the vty configuration and user, we get a Connection Refused message when attempting to telnet in from a directly connected PC on the same network segment. We also defined the snmp server but when we tried accessing it we get no response. Ping works fine. If I telnet in from the console connection, we get a user name prompt. 

Since we have two VLANs defined (vlan1 and vlan799) , we redefined the switch port and set it to vlan1 (it was on vlan799 before), changed the IP address on the PC and bingo! both telnet and snmp were responding and working properly. Still can't get it to work on vlan799 though. Any ideas about what could be the problem? could it possibly be the high vlan number? sounds weird. 

Thanks for any advice!  

Labels:
0 Helpful
3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

‎05-08-2019 11:38 PM - edited ‎05-09-2019 12:44 AM

Hi there,

Do you have MPP configured on the switch:

https://www.cisco.com/c/en/us/td/docs/ios/security/configuration/guide/sec_mgmt_plane_prot.html

 

...what is the output of :

show management-interface

sh run | beg control-plane host

 

 

Also check for ACLs applied to the vty line config:

sh run | beg line vty

 

...and also the snmp-server statements:

sh run | inc snmp

 

...in both cases you may have an ACL which only permits traffic sourced from VLAN1 and not VLAN799 .

 

 

cheers,

Seb.

0 Helpful

paul driver
VIP
VIP

‎05-09-2019 01:50 AM

Hello

@spj2019 wrote:

Hi,

I'm using a 3650 with routing, IOS 15.3. Up to now we've only needed console access, but new requirements have led us to setup remote access. After setting up the vty configuration and user, we get a Connection Refused message when attempting to telnet in from a directly connected PC on the same network segment. We also defined the snmp server but when we tried accessing it we get no response. Ping works fine. If I telnet in from the console connection, we get a user name prompt. 

Do you have any access list, management plane policing, or specifying any telnet/ssh source interface applied to the switch

Would you be able to post the configuration of your switch please?

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

spj2019
Level 1
Level 1
In response to paul driver

‎05-09-2019 10:26 PM

Hi, thanks for your reply. There are no Acls defined yet. I won't be at the site for a few days, so I only have a part of the config...

Preview file
3 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card