11-24-2017 12:25 PM - edited 03-12-2019 04:46 AM
Hi everyone. DISCLAIMER: I am completely new to networking. I've got a decent shot at a job working on a VOIP project, so I am going for my CCNA Collaboration. Below is the config for my router in my home lab environment. My Router can ping external, it can ping my PC and my PC can ping my router. My firewall in Windows is off. I am using PUTTY to try to telnet into my Router, but when I do, it gives me a "Network: Connection timed out"error. The console opens, but it is blank until the time out.
I am also trying to make this router able to be discovered by my Cisco Configuration Professional application. It too says it cannot reach the router during discovery. This process, as most of you probably will already know, needs HTTP or HTTPS enabled in the config, as well as needs to telnet.
I've tried everything I know of and everything I can find on previous threads similar to my issue but nothing has worked thus far. Any input would be great.
You're probably going to laugh at some of my conifg, its my network noobiness that will be showing unfortunately.
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$S/5m$1R33vDT/CrwhChG8ZcJA0.
enable password cisco1
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.4
!
ip dhcp pool TESTDHCP1
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1759991186
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1759991186
revocation-check none
rsakeypair TP-self-signed-1759991186
!
!
crypto pki certificate chain TP-self-signed-1759991186
certificate self-signed 01 nvram:IOS-Self-Sig#3603.cer
username jnscott privilege 15 secret 5 $1$nIlE$5TLTYwmT2w3UIlF8CD6.J/
username one privilege 15 password 0 one
username three password 0 three
username four privilege 7 password 0 four
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list LAN-Addresses interface FastEthernet0/0 overload
!
ip access-list standard LAN-Addresses
permit 10.0.0.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0
exec-timeout 40 0
logging synchronous
login authentication local
transport input all
line vty 1 4
password cisco
transport input telnet
!
!
end
11-24-2017 01:35 PM
No @nate45scott
Teu to chance this:
!
line vty 0
login local
transport input all
password cisco
!
Delete everything else with vty.
-If I helped you somehow, please, rate it as useful.-
11-24-2017 02:25 PM
It wouldn't let me completely remove those settings, so I did my best to default them. On VTY 1 4, I made transport all because it wouldn't let me remove, would only let me make it transport none, which I thought might not be a good idea. Here's my config after the changes.
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$S/5m$1R33vDT/CrwhChG8ZcJA0.
enable password cisco1
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.4
!
ip dhcp pool TESTDHCP1
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1759991186
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1759991186
revocation-check none
rsakeypair TP-self-signed-1759991186
!
!
crypto pki certificate chain TP-self-signed-1759991186
certificate self-signed 01 nvram:IOS-Self-Sig#3604.cer
username jnscott privilege 15 secret 5 $1$nIlE$5TLTYwmT2w3UIlF8CD6.J/
username one privilege 15 password 0 one
username three password 0 three
username four privilege 7 password 0 four
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list LAN-Addresses interface FastEthernet0/0 overload
!
ip access-list standard LAN-Addresses
permit 10.0.0.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0
exec-timeout 0 0
password cisco
login authentication local
transport input all
line vty 1 4
transport input all
!
!
end
11-24-2017 02:35 PM
Enable telnet debug and lets see what we get.
-If I helped you somehow, please, rate it as useful.-
11-24-2017 03:00 PM
2017-11-24 17:03:09 Connecting to 10.0.0.250 port 23
2017-11-24 17:03:09 client: WILL NAWS
2017-11-24 17:03:09 client: WILL TSPEED
2017-11-24 17:03:09 client: WILL TTYPE
2017-11-24 17:03:09 client: WILL NEW_ENVIRON
2017-11-24 17:03:09 client: DO ECHO
2017-11-24 17:03:09 client: WILL SGA
2017-11-24 17:03:09 client: DO SGA
2017-11-24 17:03:30 Failed to connect to 10.0.0.250: Network error: Connection timed out
2017-11-24 17:03:30 Network error: Connection timed out
Above is the event log from PUTTY. As far as debugging telnet otherwise, I'm not sure how to do that just yet.
11-24-2017 03:46 PM
Just type debug telnet on the router cli.
-If I helped you somehow, please, rate it as useful.-
11-24-2017 03:51 PM
Okay, I have enabled now. I then tried to telnet to the router, but got no output from what I can tell. Is there a command I need to run on the router to see a log of some sort?
11-24-2017 04:00 PM
run "terminal monitor" and might show.
11-24-2017 04:20 PM
Tried that, says its already enabled on my device.
11-24-2017 04:25 PM
Then you are not getting in your router. I mean, the telnet connection is not hitting your router.
How your topology looks like?
-If I helped you somehow, please, rate it as useful.-
11-24-2017 04:38 PM
Xfinity WifiRouter/Modem combo to my Router. I'm then running PUTTY on my PC. I can ping my router from my PC and can ping my PC from my Router, so I don't really know why Telnet wouldn't work.
11-24-2017 04:44 PM
I saw this already and it was windows problem but you said you disables firewall already.
Try enable SSH on router.
-If I helped you somehow, please, rate it as useful.-
11-24-2017 04:55 PM
Okay I think we made some progress. I enabled SSH on both line 0 and 1-4 and now I get connection refused instead of timeout.
11-24-2017 05:17 PM
The Line VTY config currently is as follows:
line vty 0
exec-timeout 0 0
password cisco
login local
transport input ssh
line vty 1 4
password cisco
login local
transport input ssh
11-24-2017 07:59 PM
For ssh some more steps is required
Create a domain
ip domain-name my domain
Then generate a key
crypto key generate rsa
Create a username and password
username XXXX privilege 15 secret XXXX
This should be enough.
-If I helped you somehow, please, rate it as useful.-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide