Telnet on a 2821

Discussion in 'Cisco' started by timbrigham@gmail.com, Nov 10, 2006.

  1. Guest

    I recently purchased a few new Cisco 2821s, and I'm having a really
    hard time setting up my telnet access. The standard "config terminal,
    line vty 0 4, password my_password , login" described in my CCNA book
    isn't doing the trick. I can ping to and through any of the ports that
    I have assigned IP addresses, but I can't get in via telnet by either
    ip address assigned, receiving
    "Connecting To XXX.XXX.XXX.XXX ..Could not open connection to the host,
    on port 23: Connect failed. " What do I need to do in order to get this
    working?
    , Nov 10, 2006
    #1
    1. Advertising

  2. Merv Guest

    Merv, Nov 11, 2006
    #2
    1. Advertising

  3. Guest

    Merv wrote:
    > try
    >
    > config t
    > line vty 0 4
    > transport input telnet
    > transport output telnet
    > passsword <secret>
    > login
    > exit
    >
    > wri mem
    >
    >
    > also see
    >
    > http://www.ciscotaccc.com/kaidara-advisor/core/showcase?case=K45386163


    You also must have an enable password set before telnet
    is permitted.

    Obviously enable secret is preferred.

    If you are still having difficulty post the config with passwords
    removed and internet addresses fudged (say change the first octet).

    Can you ping the addresses that you are trying to telnet to?
    , Nov 11, 2006
    #3
  4. Guest

    Here's the config changes I just applied, which are basically identical
    to the original set up I had:

    (config)#line vty 0 4
    (config-line)#transport input telnet
    (config-line)#transport output telnet
    (config-line)#password <new password>
    (config-line)#login
    (config-line)#exit
    #write memory

    I do have an enable password set as well.

    I would have loved to make changes on this earlier in the week, but
    this turned into a production unit and I couldn't afford to mess
    anything up.


    Current configuration : 2619 bytes
    !
    version 12.4
    service tcp-keepalives-in
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname <HOST>
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    enable secret 5 <SECRET>
    !
    no aaa new-model
    !
    resource policy
    !
    ip subnet-zero
    !
    !
    ip cef
    !
    !
    ip domain name yourdomain.com
    !
    username sunbridge privilege 15 password 7 <PASSWORD>
    !
    !
    !

    <Fast Ethernet settings>
    <VLAN settings>
    <OSPF settings - not in active use, and I should remove>
    <RIP settings>

    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.251.2
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http timeout-policy idle 60 life 86400 requests 10000
    !
    access-list 23 permit 10.10.10.0 0.0.0.7
    access-list 101 permit ip 192.168.0.0 0.0.255.255 any
    !
    control-plane
    !
    banner login ^C
    <Banner>
    !
    line con 0
    password 7 <Password>
    login
    transport preferred none
    line aux 0
    line vty 0 4
    access-class 23 in
    privilege level 15
    password 7 <Password>
    login
    transport preferred none
    transport input telnet
    transport output telnet
    !
    scheduler allocate 20000 1000
    !
    end

    wrote:
    > Merv wrote:
    > > try
    > >
    > > config t
    > > line vty 0 4
    > > transport input telnet
    > > transport output telnet
    > > passsword <secret>
    > > login
    > > exit
    > >
    > > wri mem
    > >
    > >
    > > also see
    > >
    > > http://www.ciscotaccc.com/kaidara-advisor/core/showcase?case=K45386163

    >
    > You also must have an enable password set before telnet
    > is permitted.
    >
    > Obviously enable secret is preferred.
    >
    > If you are still having difficulty post the config with passwords
    > removed and internet addresses fudged (say change the first octet).
    >
    > Can you ping the addresses that you are trying to telnet to?
    , Nov 17, 2006
    #4
  5. enigmamick

    Joined:
    Jul 24, 2007
    Messages:
    2
    I had this problem, think it may be becuse we ordered the high security IOS
    needed to add an access list to the vty lines. This is what I did but you could have a basic access list as well I think.

    i.e

    conf t
    access-list 101 permit ip <IP Range or Host> <Inverse Subnet Mask> any
    line vty 0 4
    access-class 101 in

    plus the normal password and login lines.
    enigmamick, Aug 10, 2010
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. RSI

    2821 Router Config

    RSI, May 20, 2005, in forum: Cisco
    Replies:
    1
    Views:
    3,058
    Erik Tamminga
    May 21, 2005
  2. Fax with Cisco 2821

    , Jul 25, 2005, in forum: Cisco
    Replies:
    0
    Views:
    550
  3. Megane
    Replies:
    0
    Views:
    1,541
    Megane
    Aug 9, 2005
  4. Merv
    Replies:
    25
    Views:
    7,540
  5. Jack B. Pollack
    Replies:
    4
    Views:
    1,229
    Zaltor
    Jul 24, 2003
Loading...

Share This Page