Solved

Unable to access, via telnet, Serial IP on MPLS network

Posted on 2012-03-21
13
832 Views
Last Modified: 2012-07-16
I have an MPLS network with 40 locations.  I can telnet to any Cisco router at the sub locations via internal ip address.  However, I'm unable to telnet to the public serial IP address of the routers (which as you know is extremely handy when making vlan changes remotely).

Any ideas on how to correct this?
0
Comment
Question by:sstire
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 

Author Comment

by:sstire
ID: 37748608
These are Cisco 2800 series routers.
0
 
LVL 2

Expert Comment

by:BDC-Net
ID: 37749196
Do you have routes to those subnets? Can you ping them? You might try telneting from the host router (the one connected to the MPLS cloud).

There could also me an ACL limiting what IP addresses can be connected to via telnet on the routers.
0
 

Author Comment

by:sstire
ID: 37765959
I'm using vlans and I can ping anything internally such as connected VLANS on those routers.  There are not any ACL's affecting this.  I cant telnet to the serial address from the router that I'm trying to access though...
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:sstire
ID: 38175597
Anybody have any experience with MPLS that can help in this?  It'd be nice to be able to telnet to the serial interface of the router and complete the configuration changes from there.  

I used to be able to do this on a standard data t1, but since switching to MPLS circuits, I can only telnet to internal private IP's.  

I know there must be a way to do this, because AT&T can telnet to the serial interface of our router from their demarc, and make changes in an emergency.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 38180418
Please post router configuration, especially the serial interfaces and the line vty sections. Also, can you actually ping the serial interface? I can imagine configurations where you wouldn't have any access to that interface.

If you add loopback interfaces to the routers, you should be able to ssh to the loopback interface and still maintain access even if you shut down or break the Ethernet interfaces, as long as you still have a route through the serial interface.

FWIW, you should not use telnet, nor allow AT&T to use telnet (get it in the contract). Use SSH, as telnet in insecure, can be sniffed for passwords, commands can be modified in transit, etc.
0
 

Author Comment

by:sstire
ID: 38180615
!
controller T1 0/2/0
 channel-group 0 timeslots 1-24
!

interface Serial0/2/0:0
 ip address 12.11.5.234 255.255.255.252 (not actual IP address-obviously)
 encapsulation ppp
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 authorization exec local_authen
 login authentication local_authen
 transport input telnet ssh
line vty 5 15
 privilege level 15
 authorization exec local_authen
 login authentication local_authen
 transport input telnet ssh
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 38180730
Okay, can you PING the serial IP? I agree that there appears to be no access-list on either the serial interface or the vty interface. That doesn't mean that you have a route to the serial interface, nor does it mean that AT&T isn't filtering the traffic anyway.
0
 

Author Comment

by:sstire
ID: 38180841
I can ping the serial ip and also telnet/ssh when I'm ON the local network.  However, remotely or from any other location-I'm unable to.  This is also an MPLS meshed network.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 38180913
I believe that you need to talk to your MPLS provider. They may (and probably should) be filtering the traffic.
0
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
ID: 38182183
The problem must be that the network (above 12.11.5.234/30 ) is not being advertised in the MPLS network.

To solve it we need to know what routing you have set up. Possibly, you just run static routing, with a default route on each Cisco towards the MPLS cloud, and your provider has a static route to each site with its local network.

If that is the case, then your provider needs to include the local/connected networks in your "vrf routing table".

If you have a protocol running (like OSPF or BGP) then you may be able to do that advertising yourself.
0
 

Author Closing Comment

by:sstire
ID: 38191222
I added the serial interface IP address in the advertised bgp networks on that router, and then added a static route on the core router to AT&T's router.  When that was done, I could ping the serial interface and ssh into it.  It works! No more burnt bridges!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
URL question - What is port 8888? 5 112
ICT security firms and audit/assurance offerings 3 39
Unable to enable HWIC 2FE 2 31
PCAP file format 4 36
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question