bbresslin
asked on
Cisco 2960 Telnet Issue
I recently installed (4) cisco 2960 switches at a remote site sitting behind a checkpoint firewall...I am able to telnet to my 3 LAN switches, but am unable to telnet to the core switch below? I get connection failed. Traffic is passing through all of the network. Do you see any issue with the below config that would not allow telnet?
Current configuration : 2759 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname RootSwitch
!
enable secret
enable password
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
switchport access vlan 2
!
interface GigabitEthernet0/2
switchport access vlan 2
!
interface GigabitEthernet0/3
switchport access vlan 2
!
interface GigabitEthernet0/4
switchport access vlan 2
!
interface GigabitEthernet0/5
switchport access vlan 2
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
switchport access vlan 3
!
interface GigabitEthernet0/12
switchport access vlan 3
!
interface GigabitEthernet0/13
switchport access vlan 4
!
interface GigabitEthernet0/14
switchport access vlan 4
!
interface GigabitEthernet0/15
switchport access vlan 5
!
interface GigabitEthernet0/16
switchport access vlan 5
!
interface GigabitEthernet0/17
switchport access vlan 6
!
interface GigabitEthernet0/18
switchport access vlan 6
!
interface GigabitEthernet0/19
switchport access vlan 7
!
interface GigabitEthernet0/20
switchport access vlan 7
!
interface GigabitEthernet0/21
switchport access vlan 8
!
interface GigabitEthernet0/22
switchport access vlan 8
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
!
interface GigabitEthernet0/46
!
interface GigabitEthernet0/47
!
interface GigabitEthernet0/48
!
interface Vlan1
description Management
ip address 192.168.110.10 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.110.254
ip http server
snmp-server community RootSwitch RO
!
control-plane
!
!
line con 0
line vty 0 4
password
login
line vty 5 15
password
login
!
end
Current configuration : 2759 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname RootSwitch
!
enable secret
enable password
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
switchport access vlan 2
!
interface GigabitEthernet0/2
switchport access vlan 2
!
interface GigabitEthernet0/3
switchport access vlan 2
!
interface GigabitEthernet0/4
switchport access vlan 2
!
interface GigabitEthernet0/5
switchport access vlan 2
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
switchport access vlan 3
!
interface GigabitEthernet0/12
switchport access vlan 3
!
interface GigabitEthernet0/13
switchport access vlan 4
!
interface GigabitEthernet0/14
switchport access vlan 4
!
interface GigabitEthernet0/15
switchport access vlan 5
!
interface GigabitEthernet0/16
switchport access vlan 5
!
interface GigabitEthernet0/17
switchport access vlan 6
!
interface GigabitEthernet0/18
switchport access vlan 6
!
interface GigabitEthernet0/19
switchport access vlan 7
!
interface GigabitEthernet0/20
switchport access vlan 7
!
interface GigabitEthernet0/21
switchport access vlan 8
!
interface GigabitEthernet0/22
switchport access vlan 8
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
!
interface GigabitEthernet0/46
!
interface GigabitEthernet0/47
!
interface GigabitEthernet0/48
!
interface Vlan1
description Management
ip address 192.168.110.10 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.110.254
ip http server
snmp-server community RootSwitch RO
!
control-plane
!
!
line con 0
line vty 0 4
password
login
line vty 5 15
password
login
!
end
ASKER
I can ping 192.168.110.10 from the other switches....I just can't telnet to it....I can't open console session...its 7 hours away...
Once again, how are the other 3 switches connected to this switch? Are they all in the same location? What are the IP addresses of the other switches?
I could be a rule on the firewall that is blocking access to this one switch.
I could be a rule on the firewall that is blocking access to this one switch.
ASKER
The other 3 switches come off ports on the main switch...direct connect..
192.168.110.10 is the root..... .11 .12 and .13 are the other 3 switches...
192.168.110.10 is the root..... .11 .12 and .13 are the other 3 switches...
Then if you can't telnet to the .10 switch from outside, but you can telnet to 11, 12 and 13 and you can ping .10, it's the firewall.
You can test this by telnetting to the .11 switch and then try to telnet to the .10 switch. If that works, it's the firewall.
BTW, you DO have a vty password defined, right? Your posted config doesn't show one.
You can test this by telnetting to the .11 switch and then try to telnet to the .10 switch. If that works, it's the firewall.
BTW, you DO have a vty password defined, right? Your posted config doesn't show one.
ASKER
I do have one defined....I removed it from the config...I telnetted from the firewall to the .11 switch then tried to telnet to the .10..
Password:
switch1>en
Password:
switch1#telnet 192.168.110.10
Trying 192.168.110.10 ...
% Connection refused by remote host
Password:
switch1>en
Password:
switch1#telnet 192.168.110.10
Trying 192.168.110.10 ...
% Connection refused by remote host
Do you have a vty password defined on the .10 switch?
Do you have a privileged mode password on the .10 switch? Either one of these will prevent you from telnetting to the switch.
Do you have a privileged mode password on the .10 switch? Either one of these will prevent you from telnetting to the switch.
ASKER
!
hostname RootSwitch
enable secret 5 $1$.f.Z$4RRZBmWLOK8BcIIl0Z W6Z1
enable password 7 110D13001A1F595D06
line vty 0 4
password 7 104A031C081A405A4F
login
line vty 5 15
password 7 104A031C081A405A4F
login
hostname RootSwitch
enable secret 5 $1$.f.Z$4RRZBmWLOK8BcIIl0Z
enable password 7 110D13001A1F595D06
line vty 0 4
password 7 104A031C081A405A4F
login
line vty 5 15
password 7 104A031C081A405A4F
login
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I would almost bet it's number 3....I was given these IP addresses to use from a client....from an active subnet on their LAN...I will follow up to see if it is or has been previously used...
ASKER
it was number 3....IP address was changed...
Can you ping 192.168.110.10? If so, do you see any interesting information when you do a "show log" on that switch from console?