Telnet opens console but sits then times out to 2621XM Router.

nate45scott · ‎11-24-2017

Hi everyone. DISCLAIMER: I am completely new to networking. I've got a decent shot at a job working on a VOIP project, so I am going for my CCNA Collaboration. Below is the config for my router in my home lab environment. My Router can ping external, it can ping my PC and my PC can ping my router. My firewall in Windows is off. I am using PUTTY to try to telnet into my Router, but when I do, it gives me a "Network: Connection timed out"error. The console opens, but it is blank until the time out.

I am also trying to make this router able to be discovered by my Cisco Configuration Professional application. It too says it cannot reach the router during discovery. This process, as most of you probably will already know, needs HTTP or HTTPS enabled in the config, as well as needs to telnet.

I've tried everything I know of and everything I can find on previous threads similar to my issue but nothing has worked thus far. Any input would be great.

You're probably going to laugh at some of my conifg, its my network noobiness that will be showing unfortunately.

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$S/5m$1R33vDT/CrwhChG8ZcJA0.
enable password cisco1
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.4
!
ip dhcp pool TESTDHCP1
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1759991186
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1759991186
revocation-check none
rsakeypair TP-self-signed-1759991186
!
!
crypto pki certificate chain TP-self-signed-1759991186
certificate self-signed 01 nvram:IOS-Self-Sig#3603.cer
username jnscott privilege 15 secret 5 $1$nIlE$5TLTYwmT2w3UIlF8CD6.J/
username one privilege 15 password 0 one
username three password 0 three
username four privilege 7 password 0 four
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list LAN-Addresses interface FastEthernet0/0 overload
!
ip access-list standard LAN-Addresses
permit 10.0.0.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0
exec-timeout 40 0
logging synchronous
login authentication local
transport input all
line vty 1 4
password cisco
transport input telnet
!
!
end

Flavio Miranda · ‎11-24-2017

No @nate45scott

Teu to chance this:

!

line vty 0
login local

transport input all
password cisco
!

Delete everything else with vty.

-If I helped you somehow, please, rate it as useful.-

nate45scott · ‎11-24-2017

It wouldn't let me completely remove those settings, so I did my best to default them. On VTY 1 4, I made transport all because it wouldn't let me remove, would only let me make it transport none, which I thought might not be a good idea. Here's my config after the changes.

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$S/5m$1R33vDT/CrwhChG8ZcJA0.
enable password cisco1
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.4
!
ip dhcp pool TESTDHCP1
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1759991186
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1759991186
revocation-check none
rsakeypair TP-self-signed-1759991186
!
!
crypto pki certificate chain TP-self-signed-1759991186
certificate self-signed 01 nvram:IOS-Self-Sig#3604.cer
username jnscott privilege 15 secret 5 $1$nIlE$5TLTYwmT2w3UIlF8CD6.J/
username one privilege 15 password 0 one
username three password 0 three
username four privilege 7 password 0 four
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list LAN-Addresses interface FastEthernet0/0 overload
!
ip access-list standard LAN-Addresses
permit 10.0.0.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0
exec-timeout 0 0
password cisco
login authentication local
transport input all
line vty 1 4
transport input all
!
!
end

Flavio Miranda · ‎11-24-2017

Enable telnet debug and lets see what we get.

-If I helped you somehow, please, rate it as useful.-

nate45scott · ‎11-24-2017

2017-11-24 17:03:09 Connecting to 10.0.0.250 port 23
2017-11-24 17:03:09 client: WILL NAWS
2017-11-24 17:03:09 client: WILL TSPEED
2017-11-24 17:03:09 client: WILL TTYPE
2017-11-24 17:03:09 client: WILL NEW_ENVIRON
2017-11-24 17:03:09 client: DO ECHO
2017-11-24 17:03:09 client: WILL SGA
2017-11-24 17:03:09 client: DO SGA
2017-11-24 17:03:30 Failed to connect to 10.0.0.250: Network error: Connection timed out
2017-11-24 17:03:30 Network error: Connection timed out

Above is the event log from PUTTY. As far as debugging telnet otherwise, I'm not sure how to do that just yet.

Flavio Miranda · ‎11-24-2017

Just type debug telnet on the router cli.

-If I helped you somehow, please, rate it as useful.-

nate45scott · ‎11-24-2017

Okay, I have enabled now. I then tried to telnet to the router, but got no output from what I can tell. Is there a command I need to run on the router to see a log of some sort?

Flavio Miranda · ‎11-24-2017

run "terminal monitor" and might show.

nate45scott · ‎11-24-2017

Tried that, says its already enabled on my device.

Flavio Miranda · ‎11-24-2017

Then you are not getting in your router. I mean, the telnet connection is not hitting your router.

How your topology looks like?

-If I helped you somehow, please, rate it as useful.-

nate45scott · ‎11-24-2017

Xfinity WifiRouter/Modem combo to my Router. I'm then running PUTTY on my PC. I can ping my router from my PC and can ping my PC from my Router, so I don't really know why Telnet wouldn't work.

Flavio Miranda · ‎11-24-2017

I saw this already and it was windows problem but you said you disables firewall already.

Try enable SSH on router.

-If I helped you somehow, please, rate it as useful.-

nate45scott · ‎11-24-2017

Okay I think we made some progress. I enabled SSH on both line 0 and 1-4 and now I get connection refused instead of timeout.

nate45scott · ‎11-24-2017

The Line VTY config currently is as follows:

line vty 0

exec-timeout 0 0

password cisco

login local

transport input ssh

line vty 1 4

password cisco

login local

transport input ssh

Flavio Miranda · ‎11-24-2017

For ssh some more steps is required

Create a domain

ip domain-name my domain

Then generate a key

crypto key generate rsa

Create a username and password

username XXXX privilege 15 secret XXXX

This should be enough.

-If I helped you somehow, please, rate it as useful.-