Link to home
Start Free TrialLog in
Avatar of c_hockland
c_hocklandFlag for Greece

asked on

cannot ssh on my router using putty.exe

here is the config of the router

what i am doing wrong. It works when i use securecrt from another computer.
interface is up / up                                                                                                                                                                                                                                                                                                             Building configuration...


Current configuration : 5158 bytes
!
! Last configuration change at 23:09:20 GMT Fri Sep 16 2011
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$aS3g$cPuJnlly2KEbgx8L/HjIW1
!
aaa new-model
!
!
!
!
 --More--         !
!
!
aaa session-id common
!
!
!
clock timezone GMT 0
!
!
crypto pki trustpoint TP-self-signed-1807191529
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1807191529
 revocation-check none
 rsakeypair TP-self-signed-1807191529
!
!
crypto pki certificate chain TP-self-signed-1807191529
 certificate self-signed 01
 
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip domain name abc.com
ip name-server 172.20.3.21
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
!
!
!
license udi pid CISCO2811 sn FTX1536AHBF
username root password 0 abc!
redundancy
 --More--         !
!

!
!
interface FastEthernet0/0
 description --- internal ---
 ip address 172.19.232.12 255.255.255.0
 duplex full
 speed 100
 !
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 !
!
 --More--         !
router eigrp 100
 network 10.200.157.0 0.0.0.255
 network 172.19.232.0 0.0.0.255
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
ip access-list standard SNMP
 permit 172.18.193.30
 permit 172.20.9.50
 permit 172.20.2.36
 permit 172.24.1.30
 permit 172.21.1.95
 permit 172.20.1.87
 permit 172.20.1.86
 deny   any log
 --More--         !
access-list 23 permit 10.10.10.0 0.0.0.7
!

!
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 transport input telnet ssh
 --More--         line vty 5 15
 access-class 23 in
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

Avatar of parparov
parparov
Flag of United States of America image
Did you mean you can connect from one computer with SecureCRT and you cannot from another one with PuTTY?
Avatar of rochey2009
rochey2009
Hi,

Does your access list 23 include the device that you are trying to putty from?
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image
I'm with rochey2009 here. The access list 23 shown here only allows 10.0.0.0-10.0.0.7 (which I don't see as a directly connected network b.t.w.).
Avatar of c_hockland
c_hockland
Flag of Greece image

ASKER

similar issue with the 3550 switch

Switch#sh run
Building configuration...

Current configuration : 9336 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
aaa new-model
enable secret 5 $1$Qah9$K0glHFImPlvbUcI6a/W/T.
!
username root password 0 cisco
clock timezone GMT 0
ip subnet-zero
no ip source-route
ip routing
!
ip domain-name global.com
ip name-server 172.20.3.21
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
spanning-tree extend system-id
!

interface FastEthernet0/1
 switchport access vlan 100
 switchport mode access
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 storm-control broadcast level 2.00
 spanning-tree portfast
 spanning-tree bpduguard enable

interface Vlan1
 description clients
 ip address 172.17.100.1 255.255.255.0
 shutdown
!
ip classless
no ip http server
!
ip access-list standard SNMP
 permit 172.18.193.30
 permit 172.20.9.50
 permit 172.20.2.36
 permit 172.24.1.30
 permit 172.21.1.95
 permit 172.20.1.87
!
!
line con 0
 exec-timeout 35700 0
 logging synchronous
line vty 0 4
 exec-timeout 35700 0
 logging synchronous
 transport input ssh
 transport output ssh
line vty 5 15
 exec-timeout 35700 0
 logging synchronous
 transport input ssh
 transport output ssh
!
!
end
ASKER CERTIFIED SOLUTION
Avatar of rochey2009
rochey2009
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Paktusjet
Paktusjet
I think rochey2009 nit the issue right on the head. If Vlan 1 is shutdown your not going to be able to ssh to the IP address specified. The port will still show up up. Either put an IP address for Vlan 100 or create a localloopback that vlan 100 can reach.
Avatar of c_hockland
c_hockland
Flag of Greece image

ASKER

vlan 1 was disabled.
I did no shut and worked.