Solved

Cisco 2960 Telnet Issue

Posted on 2009-06-29
11
2,253 Views
Last Modified: 2012-05-07
I recently installed (4) cisco 2960 switches at a remote site sitting behind a checkpoint firewall...I am able to telnet to my 3  LAN switches, but am unable to telnet to the core switch below?  I get connection failed.  Traffic is passing through all of the network.  Do you see any issue with the below config that would not allow telnet?

Current configuration : 2759 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname RootSwitch
!
enable secret
enable password
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
 switchport access vlan 2
!
interface GigabitEthernet0/2
 switchport access vlan 2
!
interface GigabitEthernet0/3
 switchport access vlan 2
!
interface GigabitEthernet0/4
 switchport access vlan 2
!
interface GigabitEthernet0/5
 switchport access vlan 2
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
 switchport access vlan 3
!
interface GigabitEthernet0/12
 switchport access vlan 3
!
interface GigabitEthernet0/13
 switchport access vlan 4
!
interface GigabitEthernet0/14
 switchport access vlan 4
!
interface GigabitEthernet0/15
 switchport access vlan 5
!
interface GigabitEthernet0/16
 switchport access vlan 5
!
interface GigabitEthernet0/17
 switchport access vlan 6
!
interface GigabitEthernet0/18
 switchport access vlan 6
!
interface GigabitEthernet0/19
 switchport access vlan 7
!
interface GigabitEthernet0/20
 switchport access vlan 7
!
interface GigabitEthernet0/21
 switchport access vlan 8
!
interface GigabitEthernet0/22
 switchport access vlan 8
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
!
interface GigabitEthernet0/46
!
interface GigabitEthernet0/47
!
interface GigabitEthernet0/48
!
interface Vlan1
 description Management
 ip address 192.168.110.10 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.110.254
ip http server
snmp-server community RootSwitch RO
!
control-plane
!
!
line con 0
line vty 0 4
 password
 login
line vty 5 15
 password
 login
!
end
0
Comment
Question by:bbresslin
  • 6
  • 4
11 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 24736267
How do the other 3 switches connect to this switch?

Can you ping 192.168.110.10?  If so, do you see any interesting information when you do a "show log" on that switch from console?
0
 
LVL 1

Author Comment

by:bbresslin
ID: 24736400
I can ping 192.168.110.10 from the other switches....I just can't telnet to it....I can't open console session...its 7 hours away...
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24736495
Once again, how are the other 3 switches connected to this switch? Are they all in the same location? What are the IP addresses of the other switches?

I could be a rule on the firewall that is blocking access to this one switch.
0
 
LVL 1

Author Comment

by:bbresslin
ID: 24736559
The other 3 switches come off ports on the main switch...direct connect..

192.168.110.10 is the root.....    .11 .12 and .13 are the other 3 switches...
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24736614
Then if you can't telnet to the .10 switch from outside, but you can telnet to 11, 12 and 13 and you can ping .10, it's the firewall.

You can test this by telnetting to the .11 switch and then try to telnet to the .10 switch. If that works, it's the firewall.

BTW, you DO have a vty password defined, right? Your posted config doesn't show one.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:bbresslin
ID: 24736680
I do have one defined....I removed it from the config...I telnetted from the firewall to the .11 switch then tried to telnet to the .10..

Password:
switch1>en
Password:
switch1#telnet 192.168.110.10
Trying 192.168.110.10 ...
% Connection refused by remote host
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24736749
Do you have a vty password defined on the .10 switch?

Do you have a privileged mode password on the .10 switch? Either one of these will prevent you from telnetting to the switch.
0
 
LVL 1

Author Comment

by:bbresslin
ID: 24736802
!
hostname RootSwitch
enable secret 5 $1$.f.Z$4RRZBmWLOK8BcIIl0ZW6Z1
enable password 7 110D13001A1F595D06

line vty 0 4
 password 7 104A031C081A405A4F
 login
line vty 5 15
 password 7 104A031C081A405A4F
 login
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 24736886
So you have these defined before?

If so, then there's only three things that would cause this behavior.

1) There's a VLAN Access-List on a switch that the telnet packets are traveling through which are blocking telnet traffic.

2) The switch that you're telnetting from has an ACL outbound for the vty lines.

3) If you've changed any IP addresses recently, it could be that you have another device with a .10 address. The ARP cache has an incorrect (outdated) entry for this .10 address. The result being that your packets are being delivered to the wrong destination.
0
 
LVL 1

Author Comment

by:bbresslin
ID: 24736931
I would almost bet it's number 3....I was given these IP addresses to use from a client....from an active subnet on their LAN...I will follow up to see if it is or has been previously used...
0
 
LVL 1

Author Closing Comment

by:bbresslin
ID: 31597913
it was number 3....IP address was changed...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now