Solved

cannot ssh on my router using putty.exe

Posted on 2011-09-16
7
444 Views
Last Modified: 2012-05-12
here is the config of the router

what i am doing wrong. It works when i use securecrt from another computer.
interface is up / up                                                                                                                                                                                                                                                                                                             Building configuration...


Current configuration : 5158 bytes
!
! Last configuration change at 23:09:20 GMT Fri Sep 16 2011
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$aS3g$cPuJnlly2KEbgx8L/HjIW1
!
aaa new-model
!
!
!
!
 --More--         !
!
!
aaa session-id common
!
!
!
clock timezone GMT 0
!
!
crypto pki trustpoint TP-self-signed-1807191529
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1807191529
 revocation-check none
 rsakeypair TP-self-signed-1807191529
!
!
crypto pki certificate chain TP-self-signed-1807191529
 certificate self-signed 01
 
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip domain name abc.com
ip name-server 172.20.3.21
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
!
!
!
license udi pid CISCO2811 sn FTX1536AHBF
username root password 0 abc!
redundancy
 --More--         !
!

!
!
interface FastEthernet0/0
 description --- internal ---
 ip address 172.19.232.12 255.255.255.0
 duplex full
 speed 100
 !
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 !
!
 --More--         !
router eigrp 100
 network 10.200.157.0 0.0.0.255
 network 172.19.232.0 0.0.0.255
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
ip access-list standard SNMP
 permit 172.18.193.30
 permit 172.20.9.50
 permit 172.20.2.36
 permit 172.24.1.30
 permit 172.21.1.95
 permit 172.20.1.87
 permit 172.20.1.86
 deny   any log
 --More--         !
access-list 23 permit 10.10.10.0 0.0.0.7
!

!
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 transport input telnet ssh
 --More--         line vty 5 15
 access-class 23 in
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

0
Comment
Question by:c_hockland
7 Comments
 
LVL 9

Expert Comment

by:parparov
Comment Utility
Did you mean you can connect from one computer with SecureCRT and you cannot from another one with PuTTY?
0
 
LVL 17

Expert Comment

by:rochey2009
Comment Utility
Hi,

Does your access list 23 include the device that you are trying to putty from?
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
I'm with rochey2009 here. The access list 23 shown here only allows 10.0.0.0-10.0.0.7 (which I don't see as a directly connected network b.t.w.).
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:c_hockland
Comment Utility
similar issue with the 3550 switch

Switch#sh run
Building configuration...

Current configuration : 9336 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
aaa new-model
enable secret 5 $1$Qah9$K0glHFImPlvbUcI6a/W/T.
!
username root password 0 cisco
clock timezone GMT 0
ip subnet-zero
no ip source-route
ip routing
!
ip domain-name global.com
ip name-server 172.20.3.21
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
spanning-tree extend system-id
!

interface FastEthernet0/1
 switchport access vlan 100
 switchport mode access
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 storm-control broadcast level 2.00
 spanning-tree portfast
 spanning-tree bpduguard enable

interface Vlan1
 description clients
 ip address 172.17.100.1 255.255.255.0
 shutdown
!
ip classless
no ip http server
!
ip access-list standard SNMP
 permit 172.18.193.30
 permit 172.20.9.50
 permit 172.20.2.36
 permit 172.24.1.30
 permit 172.21.1.95
 permit 172.20.1.87
!
!
line con 0
 exec-timeout 35700 0
 logging synchronous
line vty 0 4
 exec-timeout 35700 0
 logging synchronous
 transport input ssh
 transport output ssh
line vty 5 15
 exec-timeout 35700 0
 logging synchronous
 transport input ssh
 transport output ssh
!
!
end
0
 
LVL 17

Accepted Solution

by:
rochey2009 earned 500 total points
Comment Utility

Can you ping the switch from the device you're trying to SSH from?

Is VLAN 1 supposed to be disable in this case?

Is the device you're trying to SSH from, on the same subnet as the switch? Is the switch doing any L3 routing. If not does it have a ip default-gateway defined.
0
 
LVL 2

Expert Comment

by:Paktusjet
Comment Utility
I think rochey2009 nit the issue right on the head. If Vlan 1 is shutdown your not going to be able to ssh to the IP address specified. The port will still show up up. Either put an IP address for Vlan 100 or create a localloopback that vlan 100 can reach.
0
 

Author Closing Comment

by:c_hockland
Comment Utility
vlan 1 was disabled.
I did no shut and worked.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now