Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Unable to access, via telnet, Serial IP on MPLS network

Posted on 2012-03-21
13
823 Views
Last Modified: 2012-07-16
I have an MPLS network with 40 locations.  I can telnet to any Cisco router at the sub locations via internal ip address.  However, I'm unable to telnet to the public serial IP address of the routers (which as you know is extremely handy when making vlan changes remotely).

Any ideas on how to correct this?
0
Comment
Question by:sstire
13 Comments
 

Author Comment

by:sstire
ID: 37748608
These are Cisco 2800 series routers.
0
 
LVL 2

Expert Comment

by:BDC-Net
ID: 37749196
Do you have routes to those subnets? Can you ping them? You might try telneting from the host router (the one connected to the MPLS cloud).

There could also me an ACL limiting what IP addresses can be connected to via telnet on the routers.
0
 

Author Comment

by:sstire
ID: 37765959
I'm using vlans and I can ping anything internally such as connected VLANS on those routers.  There are not any ACL's affecting this.  I cant telnet to the serial address from the router that I'm trying to access though...
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:sstire
ID: 38175597
Anybody have any experience with MPLS that can help in this?  It'd be nice to be able to telnet to the serial interface of the router and complete the configuration changes from there.  

I used to be able to do this on a standard data t1, but since switching to MPLS circuits, I can only telnet to internal private IP's.  

I know there must be a way to do this, because AT&T can telnet to the serial interface of our router from their demarc, and make changes in an emergency.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 38180418
Please post router configuration, especially the serial interfaces and the line vty sections. Also, can you actually ping the serial interface? I can imagine configurations where you wouldn't have any access to that interface.

If you add loopback interfaces to the routers, you should be able to ssh to the loopback interface and still maintain access even if you shut down or break the Ethernet interfaces, as long as you still have a route through the serial interface.

FWIW, you should not use telnet, nor allow AT&T to use telnet (get it in the contract). Use SSH, as telnet in insecure, can be sniffed for passwords, commands can be modified in transit, etc.
0
 

Author Comment

by:sstire
ID: 38180615
!
controller T1 0/2/0
 channel-group 0 timeslots 1-24
!

interface Serial0/2/0:0
 ip address 12.11.5.234 255.255.255.252 (not actual IP address-obviously)
 encapsulation ppp
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 authorization exec local_authen
 login authentication local_authen
 transport input telnet ssh
line vty 5 15
 privilege level 15
 authorization exec local_authen
 login authentication local_authen
 transport input telnet ssh
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 38180730
Okay, can you PING the serial IP? I agree that there appears to be no access-list on either the serial interface or the vty interface. That doesn't mean that you have a route to the serial interface, nor does it mean that AT&T isn't filtering the traffic anyway.
0
 

Author Comment

by:sstire
ID: 38180841
I can ping the serial ip and also telnet/ssh when I'm ON the local network.  However, remotely or from any other location-I'm unable to.  This is also an MPLS meshed network.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 38180913
I believe that you need to talk to your MPLS provider. They may (and probably should) be filtering the traffic.
0
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
ID: 38182183
The problem must be that the network (above 12.11.5.234/30 ) is not being advertised in the MPLS network.

To solve it we need to know what routing you have set up. Possibly, you just run static routing, with a default route on each Cisco towards the MPLS cloud, and your provider has a static route to each site with its local network.

If that is the case, then your provider needs to include the local/connected networks in your "vrf routing table".

If you have a protocol running (like OSPF or BGP) then you may be able to do that advertising yourself.
0
 

Author Closing Comment

by:sstire
ID: 38191222
I added the serial interface IP address in the advertised bgp networks on that router, and then added a static route on the core router to AT&T's router.  When that was done, I could ping the serial interface and ssh into it.  It works! No more burnt bridges!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question