Solved

cannot ssh on my router using putty.exe

Posted on 2011-09-16
7
451 Views
Last Modified: 2012-05-12
here is the config of the router

what i am doing wrong. It works when i use securecrt from another computer.
interface is up / up                                                                                                                                                                                                                                                                                                             Building configuration...


Current configuration : 5158 bytes
!
! Last configuration change at 23:09:20 GMT Fri Sep 16 2011
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$aS3g$cPuJnlly2KEbgx8L/HjIW1
!
aaa new-model
!
!
!
!
 --More--         !
!
!
aaa session-id common
!
!
!
clock timezone GMT 0
!
!
crypto pki trustpoint TP-self-signed-1807191529
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1807191529
 revocation-check none
 rsakeypair TP-self-signed-1807191529
!
!
crypto pki certificate chain TP-self-signed-1807191529
 certificate self-signed 01
 
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip domain name abc.com
ip name-server 172.20.3.21
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
!
!
!
license udi pid CISCO2811 sn FTX1536AHBF
username root password 0 abc!
redundancy
 --More--         !
!

!
!
interface FastEthernet0/0
 description --- internal ---
 ip address 172.19.232.12 255.255.255.0
 duplex full
 speed 100
 !
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 !
!
 --More--         !
router eigrp 100
 network 10.200.157.0 0.0.0.255
 network 172.19.232.0 0.0.0.255
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
ip access-list standard SNMP
 permit 172.18.193.30
 permit 172.20.9.50
 permit 172.20.2.36
 permit 172.24.1.30
 permit 172.21.1.95
 permit 172.20.1.87
 permit 172.20.1.86
 deny   any log
 --More--         !
access-list 23 permit 10.10.10.0 0.0.0.7
!

!
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 transport input telnet ssh
 --More--         line vty 5 15
 access-class 23 in
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

0
Comment
Question by:c_hockland
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 9

Expert Comment

by:parparov
ID: 36552578
Did you mean you can connect from one computer with SecureCRT and you cannot from another one with PuTTY?
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 36552618
Hi,

Does your access list 23 include the device that you are trying to putty from?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36558600
I'm with rochey2009 here. The access list 23 shown here only allows 10.0.0.0-10.0.0.7 (which I don't see as a directly connected network b.t.w.).
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 

Author Comment

by:c_hockland
ID: 36567803
similar issue with the 3550 switch

Switch#sh run
Building configuration...

Current configuration : 9336 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
aaa new-model
enable secret 5 $1$Qah9$K0glHFImPlvbUcI6a/W/T.
!
username root password 0 cisco
clock timezone GMT 0
ip subnet-zero
no ip source-route
ip routing
!
ip domain-name global.com
ip name-server 172.20.3.21
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
spanning-tree extend system-id
!

interface FastEthernet0/1
 switchport access vlan 100
 switchport mode access
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 storm-control broadcast level 2.00
 spanning-tree portfast
 spanning-tree bpduguard enable

interface Vlan1
 description clients
 ip address 172.17.100.1 255.255.255.0
 shutdown
!
ip classless
no ip http server
!
ip access-list standard SNMP
 permit 172.18.193.30
 permit 172.20.9.50
 permit 172.20.2.36
 permit 172.24.1.30
 permit 172.21.1.95
 permit 172.20.1.87
!
!
line con 0
 exec-timeout 35700 0
 logging synchronous
line vty 0 4
 exec-timeout 35700 0
 logging synchronous
 transport input ssh
 transport output ssh
line vty 5 15
 exec-timeout 35700 0
 logging synchronous
 transport input ssh
 transport output ssh
!
!
end
0
 
LVL 17

Accepted Solution

by:
rochey2009 earned 500 total points
ID: 36568296

Can you ping the switch from the device you're trying to SSH from?

Is VLAN 1 supposed to be disable in this case?

Is the device you're trying to SSH from, on the same subnet as the switch? Is the switch doing any L3 routing. If not does it have a ip default-gateway defined.
0
 
LVL 2

Expert Comment

by:Paktusjet
ID: 36575416
I think rochey2009 nit the issue right on the head. If Vlan 1 is shutdown your not going to be able to ssh to the IP address specified. The port will still show up up. Either put an IP address for Vlan 100 or create a localloopback that vlan 100 can reach.
0
 

Author Closing Comment

by:c_hockland
ID: 36590738
vlan 1 was disabled.
I did no shut and worked.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month8 days, 20 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question