c_hockland
asked on
cannot ssh on my router using putty.exe
here is the config of the router
what i am doing wrong. It works when i use securecrt from another computer.
interface is up / up Building configuration...
Current configuration : 5158 bytes
!
! Last configuration change at 23:09:20 GMT Fri Sep 16 2011
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$aS3g$cPuJnlly2KEbgx8L/H jIW1
!
aaa new-model
!
!
!
!
--More-- !
!
!
aaa session-id common
!
!
!
clock timezone GMT 0
!
!
crypto pki trustpoint TP-self-signed-1807191529
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-18071 91529
revocation-check none
rsakeypair TP-self-signed-1807191529
!
!
crypto pki certificate chain TP-self-signed-1807191529
certificate self-signed 01
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip domain name abc.com
ip name-server 172.20.3.21
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
!
!
!
license udi pid CISCO2811 sn FTX1536AHBF
username root password 0 abc!
redundancy
--More-- !
!
!
!
interface FastEthernet0/0
description --- internal ---
ip address 172.19.232.12 255.255.255.0
duplex full
speed 100
!
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
!
--More-- !
router eigrp 100
network 10.200.157.0 0.0.0.255
network 172.19.232.0 0.0.0.255
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
ip access-list standard SNMP
permit 172.18.193.30
permit 172.20.9.50
permit 172.20.2.36
permit 172.24.1.30
permit 172.21.1.95
permit 172.20.1.87
permit 172.20.1.86
deny any log
--More-- !
access-list 23 permit 10.10.10.0 0.0.0.7
!
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
--More-- line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
end
what i am doing wrong. It works when i use securecrt from another computer.
interface is up / up Building configuration...
Current configuration : 5158 bytes
!
! Last configuration change at 23:09:20 GMT Fri Sep 16 2011
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$aS3g$cPuJnlly2KEbgx8L/H
!
aaa new-model
!
!
!
!
--More-- !
!
!
aaa session-id common
!
!
!
clock timezone GMT 0
!
!
crypto pki trustpoint TP-self-signed-1807191529
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-1807191529
!
!
crypto pki certificate chain TP-self-signed-1807191529
certificate self-signed 01
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip domain name abc.com
ip name-server 172.20.3.21
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
!
!
!
license udi pid CISCO2811 sn FTX1536AHBF
username root password 0 abc!
redundancy
--More-- !
!
!
!
interface FastEthernet0/0
description --- internal ---
ip address 172.19.232.12 255.255.255.0
duplex full
speed 100
!
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
!
--More-- !
router eigrp 100
network 10.200.157.0 0.0.0.255
network 172.19.232.0 0.0.0.255
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
ip access-list standard SNMP
permit 172.18.193.30
permit 172.20.9.50
permit 172.20.2.36
permit 172.24.1.30
permit 172.21.1.95
permit 172.20.1.87
permit 172.20.1.86
deny any log
--More-- !
access-list 23 permit 10.10.10.0 0.0.0.7
!
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
--More-- line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Did you mean you can connect from one computer with SecureCRT and you cannot from another one with PuTTY?
Hi,
Does your access list 23 include the device that you are trying to putty from?
Does your access list 23 include the device that you are trying to putty from?
I'm with rochey2009 here. The access list 23 shown here only allows 10.0.0.0-10.0.0.7 (which I don't see as a directly connected network b.t.w.).
ASKER
similar issue with the 3550 switch
Switch#sh run
Building configuration...
Current configuration : 9336 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
aaa new-model
enable secret 5 $1$Qah9$K0glHFImPlvbUcI6a/ W/T.
!
username root password 0 cisco
clock timezone GMT 0
ip subnet-zero
no ip source-route
ip routing
!
ip domain-name global.com
ip name-server 172.20.3.21
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 100
switchport mode access
switchport port-security maximum 2
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
storm-control broadcast level 2.00
spanning-tree portfast
spanning-tree bpduguard enable
interface Vlan1
description clients
ip address 172.17.100.1 255.255.255.0
shutdown
!
ip classless
no ip http server
!
ip access-list standard SNMP
permit 172.18.193.30
permit 172.20.9.50
permit 172.20.2.36
permit 172.24.1.30
permit 172.21.1.95
permit 172.20.1.87
!
!
line con 0
exec-timeout 35700 0
logging synchronous
line vty 0 4
exec-timeout 35700 0
logging synchronous
transport input ssh
transport output ssh
line vty 5 15
exec-timeout 35700 0
logging synchronous
transport input ssh
transport output ssh
!
!
end
Switch#sh run
Building configuration...
Current configuration : 9336 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
aaa new-model
enable secret 5 $1$Qah9$K0glHFImPlvbUcI6a/
!
username root password 0 cisco
clock timezone GMT 0
ip subnet-zero
no ip source-route
ip routing
!
ip domain-name global.com
ip name-server 172.20.3.21
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 100
switchport mode access
switchport port-security maximum 2
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
storm-control broadcast level 2.00
spanning-tree portfast
spanning-tree bpduguard enable
interface Vlan1
description clients
ip address 172.17.100.1 255.255.255.0
shutdown
!
ip classless
no ip http server
!
ip access-list standard SNMP
permit 172.18.193.30
permit 172.20.9.50
permit 172.20.2.36
permit 172.24.1.30
permit 172.21.1.95
permit 172.20.1.87
!
!
line con 0
exec-timeout 35700 0
logging synchronous
line vty 0 4
exec-timeout 35700 0
logging synchronous
transport input ssh
transport output ssh
line vty 5 15
exec-timeout 35700 0
logging synchronous
transport input ssh
transport output ssh
!
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think rochey2009 nit the issue right on the head. If Vlan 1 is shutdown your not going to be able to ssh to the IP address specified. The port will still show up up. Either put an IP address for Vlan 100 or create a localloopback that vlan 100 can reach.
ASKER
vlan 1 was disabled.
I did no shut and worked.
I did no shut and worked.