Solved

Unable to access, via telnet, Serial IP on MPLS network

Posted on 2012-03-21
13
844 Views
Last Modified: 2012-07-16
I have an MPLS network with 40 locations.  I can telnet to any Cisco router at the sub locations via internal ip address.  However, I'm unable to telnet to the public serial IP address of the routers (which as you know is extremely handy when making vlan changes remotely).

Any ideas on how to correct this?
0
Comment
Question by:sstire
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 

Author Comment

by:sstire
ID: 37748608
These are Cisco 2800 series routers.
0
 
LVL 2

Expert Comment

by:BDC-Net
ID: 37749196
Do you have routes to those subnets? Can you ping them? You might try telneting from the host router (the one connected to the MPLS cloud).

There could also me an ACL limiting what IP addresses can be connected to via telnet on the routers.
0
 

Author Comment

by:sstire
ID: 37765959
I'm using vlans and I can ping anything internally such as connected VLANS on those routers.  There are not any ACL's affecting this.  I cant telnet to the serial address from the router that I'm trying to access though...
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 

Author Comment

by:sstire
ID: 38175597
Anybody have any experience with MPLS that can help in this?  It'd be nice to be able to telnet to the serial interface of the router and complete the configuration changes from there.  

I used to be able to do this on a standard data t1, but since switching to MPLS circuits, I can only telnet to internal private IP's.  

I know there must be a way to do this, because AT&T can telnet to the serial interface of our router from their demarc, and make changes in an emergency.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 38180418
Please post router configuration, especially the serial interfaces and the line vty sections. Also, can you actually ping the serial interface? I can imagine configurations where you wouldn't have any access to that interface.

If you add loopback interfaces to the routers, you should be able to ssh to the loopback interface and still maintain access even if you shut down or break the Ethernet interfaces, as long as you still have a route through the serial interface.

FWIW, you should not use telnet, nor allow AT&T to use telnet (get it in the contract). Use SSH, as telnet in insecure, can be sniffed for passwords, commands can be modified in transit, etc.
0
 

Author Comment

by:sstire
ID: 38180615
!
controller T1 0/2/0
 channel-group 0 timeslots 1-24
!

interface Serial0/2/0:0
 ip address 12.11.5.234 255.255.255.252 (not actual IP address-obviously)
 encapsulation ppp
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 authorization exec local_authen
 login authentication local_authen
 transport input telnet ssh
line vty 5 15
 privilege level 15
 authorization exec local_authen
 login authentication local_authen
 transport input telnet ssh
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 38180730
Okay, can you PING the serial IP? I agree that there appears to be no access-list on either the serial interface or the vty interface. That doesn't mean that you have a route to the serial interface, nor does it mean that AT&T isn't filtering the traffic anyway.
0
 

Author Comment

by:sstire
ID: 38180841
I can ping the serial ip and also telnet/ssh when I'm ON the local network.  However, remotely or from any other location-I'm unable to.  This is also an MPLS meshed network.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 38180913
I believe that you need to talk to your MPLS provider. They may (and probably should) be filtering the traffic.
0
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
ID: 38182183
The problem must be that the network (above 12.11.5.234/30 ) is not being advertised in the MPLS network.

To solve it we need to know what routing you have set up. Possibly, you just run static routing, with a default route on each Cisco towards the MPLS cloud, and your provider has a static route to each site with its local network.

If that is the case, then your provider needs to include the local/connected networks in your "vrf routing table".

If you have a protocol running (like OSPF or BGP) then you may be able to do that advertising yourself.
0
 

Author Closing Comment

by:sstire
ID: 38191222
I added the serial interface IP address in the advertised bgp networks on that router, and then added a static route on the core router to AT&T's router.  When that was done, I could ping the serial interface and ssh into it.  It works! No more burnt bridges!
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question