Solved

cannot ssh on my router using putty.exe

Posted on 2011-09-16
7
450 Views
Last Modified: 2012-05-12
here is the config of the router

what i am doing wrong. It works when i use securecrt from another computer.
interface is up / up                                                                                                                                                                                                                                                                                                             Building configuration...


Current configuration : 5158 bytes
!
! Last configuration change at 23:09:20 GMT Fri Sep 16 2011
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$aS3g$cPuJnlly2KEbgx8L/HjIW1
!
aaa new-model
!
!
!
!
 --More--         !
!
!
aaa session-id common
!
!
!
clock timezone GMT 0
!
!
crypto pki trustpoint TP-self-signed-1807191529
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1807191529
 revocation-check none
 rsakeypair TP-self-signed-1807191529
!
!
crypto pki certificate chain TP-self-signed-1807191529
 certificate self-signed 01
 
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip domain name abc.com
ip name-server 172.20.3.21
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
!
!
!
license udi pid CISCO2811 sn FTX1536AHBF
username root password 0 abc!
redundancy
 --More--         !
!

!
!
interface FastEthernet0/0
 description --- internal ---
 ip address 172.19.232.12 255.255.255.0
 duplex full
 speed 100
 !
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 !
!
 --More--         !
router eigrp 100
 network 10.200.157.0 0.0.0.255
 network 172.19.232.0 0.0.0.255
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
ip access-list standard SNMP
 permit 172.18.193.30
 permit 172.20.9.50
 permit 172.20.2.36
 permit 172.24.1.30
 permit 172.21.1.95
 permit 172.20.1.87
 permit 172.20.1.86
 deny   any log
 --More--         !
access-list 23 permit 10.10.10.0 0.0.0.7
!

!
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 transport input telnet ssh
 --More--         line vty 5 15
 access-class 23 in
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

0
Comment
Question by:c_hockland
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 9

Expert Comment

by:parparov
ID: 36552578
Did you mean you can connect from one computer with SecureCRT and you cannot from another one with PuTTY?
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 36552618
Hi,

Does your access list 23 include the device that you are trying to putty from?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36558600
I'm with rochey2009 here. The access list 23 shown here only allows 10.0.0.0-10.0.0.7 (which I don't see as a directly connected network b.t.w.).
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Author Comment

by:c_hockland
ID: 36567803
similar issue with the 3550 switch

Switch#sh run
Building configuration...

Current configuration : 9336 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
aaa new-model
enable secret 5 $1$Qah9$K0glHFImPlvbUcI6a/W/T.
!
username root password 0 cisco
clock timezone GMT 0
ip subnet-zero
no ip source-route
ip routing
!
ip domain-name global.com
ip name-server 172.20.3.21
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
spanning-tree extend system-id
!

interface FastEthernet0/1
 switchport access vlan 100
 switchport mode access
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 storm-control broadcast level 2.00
 spanning-tree portfast
 spanning-tree bpduguard enable

interface Vlan1
 description clients
 ip address 172.17.100.1 255.255.255.0
 shutdown
!
ip classless
no ip http server
!
ip access-list standard SNMP
 permit 172.18.193.30
 permit 172.20.9.50
 permit 172.20.2.36
 permit 172.24.1.30
 permit 172.21.1.95
 permit 172.20.1.87
!
!
line con 0
 exec-timeout 35700 0
 logging synchronous
line vty 0 4
 exec-timeout 35700 0
 logging synchronous
 transport input ssh
 transport output ssh
line vty 5 15
 exec-timeout 35700 0
 logging synchronous
 transport input ssh
 transport output ssh
!
!
end
0
 
LVL 17

Accepted Solution

by:
rochey2009 earned 500 total points
ID: 36568296

Can you ping the switch from the device you're trying to SSH from?

Is VLAN 1 supposed to be disable in this case?

Is the device you're trying to SSH from, on the same subnet as the switch? Is the switch doing any L3 routing. If not does it have a ip default-gateway defined.
0
 
LVL 2

Expert Comment

by:Paktusjet
ID: 36575416
I think rochey2009 nit the issue right on the head. If Vlan 1 is shutdown your not going to be able to ssh to the IP address specified. The port will still show up up. Either put an IP address for Vlan 100 or create a localloopback that vlan 100 can reach.
0
 

Author Closing Comment

by:c_hockland
ID: 36590738
vlan 1 was disabled.
I did no shut and worked.
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question