cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3671
Views
45
Helpful
46
Replies

Telnet connection from home network

sany98
Level 1
Level 1

Hi

I'm trying to setup my first home lab but I'm having an issue with telnet from my home network. I have successful connected an router 2811, switch 3560v2 and an pc1. 2811 gets internet access form my home router (netgear) and switch and pc1 gets access through 2811. I can ping 2811 from pc1(192.168.2.2) and have access through telnet. When I try to telnet from pc2(192.168.1.2) to 2811 it doesn't work, however I can ping 2811 and I get answer but no telnet connection. Thank you in advance!

Here is config print:

R3#show running-config
Building configuration...
 
Current configuration : 1129 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$lC3V$eShhVLFZQqb2inIdLkRDF0
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool labuser
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
   dns-server 8.8.8.8
!
!
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address dhcp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 clockrate 2000000
!
interface Serial0/0/1
 no ip address
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler allocate 20000 1000
!
end
 
R3#telnet.png

 

 

 

1 Accepted Solution

Accepted Solutions

Richard Burts
Hall of Fame
Hall of Fame

I believe that the drawing is pretty clear that the router is learning an IP address in the 192.168.1 network via dhcp. So the default route should be ok.

 

I suspect that the issue with telnet is that the 2811 is configured to do address translation for EVERY packet with source address in 192.168.2 to any destination and is therefore translating the telnet traffic. You probably want to change the ACL so that it does not translate traffic to the 192.168.1 network.

 

HTH

 

Rick

HTH

Rick

View solution in original post

46 Replies 46

Hello,

 

the default route looks odd, since you don't have a local interface in the same segment:

 

ip route 0.0.0.0 0.0.0.0 192.168.1.254

 

There needs to be an interface in the 192.168.1.0/24 range on your 2811 in order for the default route to work.

 

On the VTYlines, configure the line in bold:

 

line vty 0 4
password cisco
login

transport input telnet

Richard Burts
Hall of Fame
Hall of Fame

I believe that the drawing is pretty clear that the router is learning an IP address in the 192.168.1 network via dhcp. So the default route should be ok.

 

I suspect that the issue with telnet is that the 2811 is configured to do address translation for EVERY packet with source address in 192.168.2 to any destination and is therefore translating the telnet traffic. You probably want to change the ACL so that it does not translate traffic to the 192.168.1 network.

 

HTH

 

Rick

HTH

Rick

Thank you Richard! Your suggestion worked! Here is how:
Router(config)#access-list 1 permit 192.168.1.2 0.0.0.0
Router(config)#line vty 0 4
Router(config-line)#access-class 1 in

Thanks again!

You are welcome. I am glad that my suggestions were helpful.

 

HTH

 

Rick

HTH

Rick

Hi again

Now I have another issue. Telnet works now from pc 192.168.1.2 but pc 192.168.2.2 lost the internet access. It works with permit any, but when I change back to permit 192.168.1.2 it doesn't. 

The issue here is that you are now using the same access list for two different purposes. In the original post you used access list 1 for the purpose of controlling address translation. There was no access class on your vty lines.

 

I suggested that the problem was that access list 1 used permit any and this results in translating the attempt to telnet. You then made several changes in the config. You added access class on the vty and you have access class use the same ACL as address translation and you changed access list 1 to remove permit any and replace it with a permit for pc1. The result of this is that traffic from 192.168.2.2 is no longer translated and therefore no longer has Internet access.

 

I am not sure why you added access class. But using the same access list for both purposes creates this problem. If you want to keep using access class then it needs an ACL different from what nat uses.

 

HTH

 

Rick

HTH

Rick

So, If I remove access class, can I simply add new access list 2 with permit any and keep access list 1. Sorry for so many questions but I 've just started my cisco journey :).

To respond to your question we need to understand what you will use the access lists for. When an access list is configured it does not do anything on its own. The access list must be applied to something. In the original post you have access list 1 and applied it to address translation. Then you changed the access list and applied the access list to access class. It appears that you were using the same access list for two purposes, which might be all right if the logic in the access list was appropriate for both purposes. But the logic that you need for address translation is probably not the same logic that you need for access class.

 

The simple answer to your question is that yes you can add access list 2 and keep access list 1. But the really correct answer to the question depends on how you will apply each of the ACL.

 

HTH

 

Rick

HTH

Rick

Here is my next challenge 

I have added two more of each to my lab setup: routers, switches an pc/laptops, and here is what i have done so far. All routers/pc have internet access, R2 and R3 using ip nat inside on serial ports to get access from R1. Everything works like it should, telnet, ping (from pc 1,2 and 3 to all switches and routers). However from my HomePC i can only telnet into R1 (192.168.1.88) and ping works also. What do i have to do to get the access to 192.168.2, 192.168.3 and 192.168.4 from my HomePC?

 

here is my static routing setup and the acl on R1:

 

ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 11.0.0.0 255.0.0.0 11.0.0.1
ip route 12.0.0.0 255.0.0.0 12.0.0.2
ip route 192.168.4.0 255.255.255.0 11.0.0.1
ip route 192.168.3.0 255.255.255.0 12.0.0.2
!
access-list 1 permit any

upp.png

 

Is there anyone who can help me? I have tried back and forward with ip route and acl but I'm probably doing it wrong.  

Hello,

 

is this a Packet Tracer project ? If so, post the project (pkt) file (rename the .pkt to .jpg first, otherwise the system won't let you upload)...