Solved: Re: cisco 878 refusing telnet sessions

beheer · ‎03-18-2010

Hi all,

I've made some config changes on one of our routers and after those changes telnet sessions to the router are no longer accepted.

Here's what I did:

I've added a vlan5, gave it a public ip address.

I then gave fastethernet port #3 switchport access vlan5.

That's it.

I've done some debugging.

The telnet sessions still arrive at the router. No nat is taking place for these packets (at first I thought another machine was responding).

Debugging the particular ip packets for these sessions only show syn packets.

Mar 18 13:41:31 <routername> 259185: 3w1d: %SEC-6-IPACCESSLOGP: list 125 permitted tcp <source ip>(4212) -> <dest ip>(23), 1 packet
Mar 18 13:41:32 <routername> 259186: 3w1d: IP: tableid=0, s=<source ip> (Dialer0), d=<dest ip> (Dialer0), routed via RIB
Mar 18 13:41:32 <routername> 259187: 3w1d: IP: s=<source ip> (Dialer0), d=<dest ip> (Dialer0), len 48, rcvd 3
Mar 18 13:41:32 <routername> 259188: 3w1d:     TCP src=4212, dst=23, seq=3819487968, ack=0, win=65535 SYN
Mar 18 13:41:32 <routername> 259189: 3w1d: IP: tableid=0, s=<source ip> (Dialer0), d=<dest ip> (Dialer0), routed via RIB
Mar 18 13:41:32 <routername> 259190: 3w1d: IP: s=<source ip> (Dialer0), d=<dest ip> (Dialer0), len 48, rcvd 3
Mar 18 13:41:32 <routername>259191: 3w1d:     TCP src=4212, dst=23, seq=2955492222, ack=0, win=65535 SYN
Mar 18 13:41:32 <routername> 259192: 3w1d: IP: tableid=0, s=<source ip> (Dialer0), d=<dest ip> (Dialer0), routed via RIB
Mar 18 13:41:32 <routername>259193: 3w1d: IP: s=<source ip> (Dialer0), d=<dest ip> (Dialer0), len 48, rcvd 3
Mar 18 13:41:33 <routername> 259194: 3w1d:     TCP src=4212, dst=23, seq=2853220139, ack=0, win=65535 SYN

Debugging the telnet session itself does not give any results in the logging.

I'm now able to access the router through a machine attached to the console port.

Config is attached.

Any thoughts?

desharm2 · ‎03-18-2010

Hi

1. check show line

2. clear (line no)

3. try telnet

4. If probllem same.

5. Check CPU utilization, Some time Exec and Virtual Exec proccess hanged

6. save the config

7. reload the router and try

May this help you.

Deepak

View solution in original post

Giuseppe Larosa · ‎03-18-2010

Hello,

I don't see the last change you did

there is no trace of new SVI vlan 5 in the attached file.

you should probably try to telnet to private ip address in vlan1 because you allow telnet only from internal ip addresses

access-list 12 permit

line vty 0 4
access-class 12 in
exec-timeout 0 0

you are trying to telnet to dialer0 ip address from log messages

Difficult to say more

Hope to help

Giuseppe

Reza Sharifi · ‎03-18-2010

Hi,

Remove "access-class 12 in" and try again. Also, I did not see vlan 5 in your config.

HTH

Reza

beheer · ‎03-18-2010

Hi folks,

Thanks for the speedy answers so far.

Access-list 12 contains multiple ace's with multiple public ip addresses which our company uses. My ip address falls squarely into those acl's. I have removed the access list from the line, no joy there either.

The config lacks the details for vlan 5, because the attached config it the latest rancid could retrieve. Fortunalely my telnet client has a large buffer, so here is the missing piece:

interface FastEthernet3
switchport access vlan 5

!
interface Vlan5
description Pub Range
ip address 255.255.255.248

no ip redirects
no ip proxy-arp
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 out

The ip address on vlan5 does not overlap with any other addresses on the router.

I haven;t tried connecting to the router from the inside, and at the moment I have no connnection to the machine attached to the console port. I'll try that tomorrow morning.

desharm2 · ‎03-18-2010

Hi

1. check show line

2. clear (line no)

3. try telnet

4. If probllem same.

5. Check CPU utilization, Some time Exec and Virtual Exec proccess hanged

6. save the config

7. reload the router and try

May this help you.

Deepak

beheer · ‎03-19-2010

Hi Deepak,

It did help me.

Clearing the vty lines solved the problem.

Many thanks, enjoy the weekend wherever you are :-)