Block Telnet/SSH

Applying the below to a Catalyst 3560 switch, I can only telnet/ssh using 10.1.0.1. Host 10.1.0.50 telnet/ssh is blocked.
Please advise.
access-list 101 permit host 10.1.0.1 any eg 22
access-list 101 permit host 10.1.0.1 any eg 23
access-list 101 permit host 10.1.0.50 any eg 22
access-list 101 permit host 10.1.0.50 any eg 22
line vty 0 4
access-class 101 in

Colm
If the first two lines work then I would expect the second two lines to also work. My first thought is that there may be some difference in what is actually configured and what you posted (especially since it is obvious that you just typed in the access list and did not copy it from the device config - the missing TCP parameter in the access list shows that. So copy the access list exactly from the device and post it.
Other possibilities that occur to me:
- is it possible that there is some IP connectivity issue which prevents 10.1.0.50 from connecting (or prevents responses from going back)?
- is it possible that there are interface access lists which prevent the connection?
Collin
While I agree with you that it is generally better to use standard access lists with access-class, I do not believe that changing from extended to standard access list will solve this problem. If the problem were the extended access list then how does 10.1.0.1 work?
HTH
Rick

Similar Messages

  • Root login is blocked from telnet ssh pam_unix_session: Can't write lastlog: uid 0: I/O error

    Root login is blocked from telnet ,ssh  error : pam_unix_session: Can't write lastlog: uid 0: I/O error
    sshd[1969]: pam_unix_session: Can't write lastlog: uid 0: I/O error
    sshd[1970]: pam_unix_session: Can't write lastlog: uid 0: I/O error
    sshd[1983]: pam_unix_session: Can't write lastlog: uid 0: I/O error
    sshd[1984]: pam_unix_session: Can't write lastlog: uid 0: I/O error
    sshd[2023]: pam_unix_session: Can't write lastlog: uid 0: I/O error
    sshd[2021]: pam_unix_session: Can't write lastlog: uid 0: I/O error
    genunix: vn_rdwr failed with error 0x6
    genunix: kobj_load_module: smp read header failed
    genunix: vn_rdwr failed with error 0x6
    genunix: kobj_load_module: ses read header failed
    sshd[2037]: pam_unix_session: Can't write lastlog: uid 0: I/O error
    sshd[2035]: pam_unix_session: Can't write lastlog: uid 0: I/O error
    please suggest for the issue , occurs frequently in solaris 10

    please verify your underlying hardware

  • Unable to Telnet / SSH to a particular cisco switch

    Hello,
    I have an unusual issue that I just can't seem to track down.  We have a Windows Server 2008 R2 box that is unable to telnet or ssh to one switch in our network.
    Server IP:  10.0.0.74
    Cisco Switch IP:  10.1.0.7
    I am able to access all other switches/routers on the 10.1.0.x network, but not this one.  I ping and tracert by ip address and name.
    We have a number other servers on our network and they all can access this switch
    Example:  
    a.  10.0.0.73 can telnet/ssh to 10.1.0.7
    b.  10.0.0.72  can telnet/ssh to 10.1.0.7
    c.  10.0.0.50  can telnet/ssh to 10.1.0.7
    d.  My workstation (10.0.250.213) can telnet/ssh to 10.1.0.7
    If anyone can help with troubleshooting further, I would greatly appreciate it.

    Thanks for the reply Philippe!  Here is the route print
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0         10.0.0.2        10.0.0.74    266
             10.0.0.0      255.255.0.0         On-link         10.0.0.74    266
            10.0.0.74  255.255.255.255         On-link         10.0.0.74    266
         10.0.255.255  255.255.255.255         On-link         10.0.0.74    266
            10.10.0.0      255.255.0.0         On-link         10.0.0.74    266
           10.10.0.74  255.255.255.255         On-link         10.0.0.74    266
        10.10.255.255  255.255.255.255         On-link         10.0.0.74    266
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link         10.0.0.74    266
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link         10.0.0.74    266
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
              0.0.0.0          0.0.0.0         10.0.0.2  Default
    ===========================================================================
    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
      1    306 ::1/128                  On-link
      1    306 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
    Firewall is disabled and there is no active antivirus.  Im pretty sure port blocking is not the issue.  I am able to ssh and telnet from this box to every other switch/router in our network.
    This server has Solarwinds on it and tracks the health of our network (servers, routers, switches, ups, ect.).  The only reason we noticed an issue is because it stopped backing up the config for this particular switch.  All other switchs/routers
    config is backed up to this server every morning at 2:00AM.  
    With solarwinds, this server is also able to communicate with this switch via snmp / icmp and ping.
    Thanks again for the help!

  • Can't ping, telnet, SSH or find APs in ARP, but associated to WLC & has clients

    Hi All,
    I have an interesting problem. I have a Cisco 2504 WLC, and six Access Points that are associated to it.  I can reach 4 of the access points, which are connected to Cisco 300 POE switches, but the other 2 I cannot ping, telnet, SSH or find in the ARP table on the network.  However, they are both associated to the WLC and as far as I can tell, they have clients associated to them.  If I reboot them from the WLC, they find their way back to the correct WLC, and the WLC sees them in CDP, but I still can't access them in any way.
    The two problem APs appear to be connected to ports 3 & 4 on the WLC, which are the POE ports. I read some documentation that says that those ports don't support Access Points but basically that you can still connect them and have it work, but don't expect any help from Cisco if you run into problems.  I've confirmed that POE is being supplied in the port configs, and I have other sites with WLC's that are configured identically with APs on ports 3 & 4 that are up and not having any issues.
    Wondering if anyone has had similar issues and if so, can you shed any light on this strange behavior?
    Thanks.

    please
    https://supportforums.cisco.com/discussion/11288621/2500-wlc-attach-ap

  • Prime 4.2 Telnet/ SSH Connections to Switches

    Hi everybody,
    I have a problem with LMS 4.2 and use Telnet/ SSH tool to open network devices.
    If I start the tool telnet/ssh, always starts a telnet session and no ssh session.
    But telnet is disabled on all devices in my network. Can I change something to open automatically a ssh session with putty?
    regards Bjoern

    Hi Bjoern,
    I am assuming you refer to the Device Center > Tools > Telnet/SSH option.
    The problem is not on LMS actually. What happens is that in the background, a telnet:// is being called.
    What will happen is that your system will launch whatever application has been assigned to the telnet protocol, typically the Windows CMD, which will open a telnet session automatically.
    In order to change this to use Putty for example, which would allow you to change to SSH connectivity (manually though) you can do the following:
    1) BACKUP YOUR REGISTRY.
    Go to Start > Run > Regedit > File > Export.
    2) Locate the following key:
    HKEY_CLASSES_ROOT > Telnet > shell > Open > command > (default)
    3) Modify the key value to point to the location of your "putty.exe" file (make sure to include the double quotes).
    Default value:
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l
    New value (will open putty automatically to the selected IP):
    "D:\Tools\putty.exe" %l
    New value (will open putty normally, you will need to type the IP but can change the connection protocol/port if desired):
    "D:\Tools\putty.exe"
    This should make your system open Putty for any "telnet://" links, including the Telnet/SSH link in the Tools section of Device Center.
    Best regards,
    Luis
    Message was edited by: Luis Jimenez
    Message was edited by: Luis Jimenez

  • Cisco prime 2.2.0 "Telnet/SSH : Unreachable"

    Hi,
    I've installed the Cisco Prime 2.2.0 OVA (VMware) and ran discovery with a Credential Profile.
    some of the device has discovered with complete state and some with Partial Collection Failure state.
    when trying to edit the device (under network inventory) and verify credentials i'm getting the above error "Telnet/SSH : Unreachable", but when SSH from the Cisco Prime CLI with the same credentials all works just fine.
    %SSH-5-SSH2_SESSION: SSH2 Session request from X.X.X.X (tty = 1) using crypto cipher '', hmac '' Failed
    please help...
    10x
    Eyal

    Hi Afroz,
    All of my net devices use AAA for login.
    I'm using credentials profile to discover my devices and some of them has discovered as they should and some of them are partialy discover with the Cisco Prime log it with CLI/ssh issue.
    But when I'm SSH to the partialy discovered device via the Cisco Prime CLI with the same credentials as configured at the credential profile, I'm able to login with no issue.
    Please note - while I'm editing the partialy discovered device and testing the credential via the Prime GUI, it display the error message "Telnet/SSH : Unreachable" - and the device log meeage is %SSH-5-SSH2_SESSION: SSH2 Session request from X.X.X.X (tty = 1) using crypto cipher '', hmac '' Failed.
    What does it mean?
    10x
    Eyal

  • Telnet/SSH as root not working

    I have freshly installed Solaris10 U5 through network installation method.
    After installation is over, i am not able to login as "root" over the network through Telnet/SSH
    What file we need to edit to disable this rule ?

    Telnet is disabled by default.
    So is root login via SSH.
    To enable root login, edit /etc/ssh/sshd_config and change the line:
    PermitRootLogin no
    to
    PermitRootLogin yes
    Then restart sshd.
    if you really want to enable telnet, use the svcadmin command.

  • Transport input telnet ssh help

    Hello,
    I had two questions about remotely login to switch or router :
    1. What is the default setting on switch or router to accept remote login (i.e., telnet or ssh)
    2. If i configure...TRANSPORT INPUT TELNET SSH... which one is default and accepted first by switch or router. I mean I know that it will accept both but I want to know that If I configure both to accept then which one has the first priority or by default which one is accepted first, tenet or ssh.
    Thanks

    1) Default settings on all VTYs are "transport input all" --> all the supported protocols, that includes both telnet and ssh.
    2) There is no priority level on which one is accepted first. Basically it just listens on both protocols (telnet - tcp/23 and ssh - tcp/22) for remote management.
    Here is the command description for your reference:
    http://www.cisco.com/en/US/docs/ios/termserv/command/reference/tsv_s1.html#wp1069219
    Hope that helps.

  • Telnet / SSH Software options?

    Hello...
    After 20 years of using PCs I switched and I'm very happy. I'm figuring most things out easily but cannot find graphical SSH client software.
    I can use terminal but what I need is a software package that will store all my server accounts and passwords. Or am I missing something, some way I can do that with the built in terminal combined with the keychain?
    On a PC I would use something like SecureCRT.
    To reiterate, my main need here is the ability to store a list of servers, ids, and passwords that I connect to telnet (SSH). So I can pick a server and connect without having to lookup the id and password for each server.
    Thanks for any guidance..

    I'm not sure this is exactly what you're looking for, but I use a program called sshkeychain to store these passwords:
    www.sshkeychain.org/

  • ASA5520 - Management0/0 Telnet/SSH/Ping Access

    hey all, hope this is an easy one.
    - how can i setup the management interface so that we can ping to the mgmt interface from a subnet that is on a different subnet than the Management0/0 interface (source ip would be 192.168.100.0/24 which may conflict with the inside interface)
    - i am able to telnet/ssh from the 192.168.100.0/24 subnet connected to a router behind the mgmt interface
    - i am not able to ping the mgmt interface from the 192.168.100.0/24 subnet connected to a router behind the mgmt interface
    - is a security level required on the mgmt interface? it does not  work unless we put one. if so, what are you guys setting it to?
    interface Ethernet0/0.101
    description Outside
    vlan 101
    nameif outside
    security-level 0
    ip address 101.1.1.100 255.255.255.0
    interface Ethernet0/1.102
    description Inside Cat3750-VM G1/0/24 (PRI) G2/0/24 (STB)
    vlan 102
    nameif inside
    security-level 100
    ip address 192.168.100.100 255.255.252.0
    interface Management0/0
    nameif mgmt
    security-level 90
    ip address 192.168.253.100 255.255.255.0
    management-only
    ssh 192.168.100.0 255.255.255.0 mgmt
    telnet 192.168.100.0 255.255.255.0 mgmt
    I try to add a static route but get an error:
    ASA5520(config)# route mgmt 192.168.0.0 255.255.252.0 192.168.253.1
    ERROR: Cannot add route, connected route exists

    Hello Robert,
    by default the Managment interface of an ASA is going to be used just for managment traffic only.
    Now in order to be able to use it as any other interface you will need to use the following command:
         -     Interface managment 0/0
         -     no managment-only
    And just to let you know it is imposible to ping a distant interface as an example from a inside subnet to the outside interface ip .This as security measure.
    Regards,
    Julio

  • Telnet/ssh client for mac

    My company uses a telnet/ssh client for windows called putty and since they only make it for windows i need something like it. They use the putty client to access the companies wireless internet system on that has an assigned ip. Actually they only use the ssh part of the client so i guess that woudl be fine for me too. If my mac will do it itself that would be great too. I just am completely lost anything would be great.

    and if you need to create ssh tunnels, have a look at SSH Tunnel Manager
    tunnel manager is not really necessary if your already using the terminal.
    ssh -L 5901:localhost:5902 serverip.
    The above is an example of creating a listing port making a tunnel for the above port this what people use for tunneling to initiate a vnc session for example.

  • WCS Global Telnet/SSH Parameter Change

    I have almost 700 Wireless LAN Controllers in my environment, and due to security compliance, I need to update the local administrator account for each one of them. My concern is that when I push a template with a new admin password, WCS will lose Telnet/SSH access to all 700 controllers, because the Telnet/SSH Parameters for each controller are currently set as the local administrator.
    Is it possible to update the Telnet/SSH parameters for every WLC? I know it is possible to update them one at a time through Configure > Controller and updating it via the Properties tab, but there doesn't seem to be a way to push a template to WCS itself which would update the telnet/ssh access globally.
    The closest thing I can think of is re-adding every single controller via CSV file and changing the Telnet/SSH Parameters that way, but I would need to remove every controller from WCS first, and that's not really an acceptable solution.

    I  don't know is it right answer for u or not:)
    1. Choose Configure > Controller Template Launch Pad.
    2. Click Local Management Users or choose Management > Local Management Users from the left sidebar menu. 
    Here create a new template with new username and password (with RW or RO) and apply to all controllers and if you want then delete old user from wlc.
    Regards
    Dont forget to rate helpful posts

  • LAN Switches cannot be accessed by Telnet, SSH or console in native vlan

    Hi to all of you:
    I do have a question about tagging the native vlan.
    In our network we do have about 90 L2 and L3 switches, 2950 the oldest, 2960, 2960S, 3560 PoE, 3750 and 4503E, and we are running VTP, and 43 vlans within the entire network.
    our Native VLAN is still vlan 1, and there are many corporative applications running in this vlan.
    We have upgraded the IOS for the switches to the latest IOS version about 6 months ago, and after that we started to have issues on the switches, related to accessing the switch, either by telnet, ssh, or even console. However, the switch is still working fine, I mean, doing all bridging and switching traffic.
    I have to reset or reload (power cycle) if I want to access the switch.
    I have read that having the native vlan can be a problem.
    Could you please let me know if you have gone through this problem?
    Thanks in advance for your help.
    Javier F. Berthin H.

    Hi Karhtick:
    I guess you have the best answer, you suggested the memory command and I am attaching you as result.
    Next step should be to downgrade the IOS?, because we did the upgrade just in order to have the latest IOS published by Cisco.
    If you need the config please let me know, for complementary comments.
    Thanks for your help.
    Javier
    Core_Toldos#
    Core_Toldos#
    Core_Toldos#sh processes memory sorted
    Processor Pool Total:   57114592 Used:   42061488 Free:   15053104
          I/O Pool Total:   12582912 Used:    9397428 Free:    3185484
    Driver te Pool Total:    1048576 Used:         40 Free:    1048536
    PID TTY  Allocated      Freed    Holding    Getbufs    Retbufs Process
       0   0   56706116   14325484   38372056          0          0 *Init*
    197   0    4506712    2363500    1463652          0          0 Auth Manager
       0   0          0          0    1443720          0          0 *MallocLite*
       0   0  577244636  370831296     916016   12457311    3203234 *Dead*
    236   0     532808      46152     507068          0          0 IP ARP Adjacency
    303   0    1335768     890528     450448          0          0 ADJ resolve proc
    230   0   27640244      15996     378344      10152          0 CDP Protocol
      77   0     368260   14413456     377820          0          0 EEM ED ND
    102   0     385848        232     362236          0          0 HLFM address lea
    404   0    3397428    3069392     334928          0          0 hulc running con
    192   0     307492      21604     294808          0          0 HL2MCM
    193   0     356552      70624     294744          0          0 HL2MCM
    357   0     265100          0     275260     100548          0 EEM ED Syslog
    365   0  126849404   86726456     255248          0          0 EEM Server
      87   0     569060     274864     244984          0          0 Stack Mgr Notifi
    203   0     753032     492440     164316          0          0 DTP Protocol
    201   0     737920     526656     159424          0          0 802.1x switch
      13   0  505129716  504972016     156620          0          0 ARP Input
    Core_Toldos#

  • Block telnet from External

    Hi,
    After installing Exchange 2013 with SSL certificate with OWA, Active Sync and outlook anywhere. I observed that if someone from external network can telnet to my server is able to connect. I checked it and find that port 25 and 587 is open and bypass my
    Fortinet firewall.
    I would like to know how can I block these ports and don't allow anyone can telnet on my Exchange server from externally. Please assist.

    Hi,
    As Hinte mentioned, we cannot block telnet on port 25. It’s the way SMTP works. If you want to mitigate Spoofed Senders, then implement SPF/Sender ID and have your SMTP gateway anti-spam solution check for that and block or mark unauthenticated messages.
    Exchange Network Port Reference and Exchange 2010 Security Guide, for your reference:
    https://technet.microsoft.com/en-us/library/bb331973(v=exchg.141).aspx
    https://technet.microsoft.com/en-us/library/bb691338(v=exchg.141).aspx#NetworkPortandFirewall
    Additional, I find an similar thread about your question, please refer to:
    https://social.technet.microsoft.com/Forums/office/en-US/551abe70-cadf-40c4-8f3b-46983e1858a3/how-to-block-send-email-by-telnet-using-exchange-2010?forum=exchange2010
    Thanks
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Allen Wang
    TechNet Community Support

  • Telnet/SSH Connection to Switch

    I'm studying for the CCENT, and I have one issue and two general inquiries I'd like to present.  
    First of all, I'm having trouble connecting to my 2950 using Telnet/SSH, though I've applied a VTY password.  As an aside, I'm able to connect through the console.  I applied an IP address to the switch, and I'm wondering if there's a part of the process that I've missed.  When using Putty to connect to the IP, I immediately receive the "Network Error: Connection refused" error; the same basic message happens, using Tera Term.  
    Here's my running config:
    Switch#show running-config
    Building configuration...
    Current configuration : 2416 bytes
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    hostname Switch
    no logging console
    username CCNA password 0 CCIE
    ip subnet-zero
    ip domain-name modeofinquiry.com
    ip ssh time-out 120
    ip ssh authentication-retries 3
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    interface FastEthernet0/1
     switchport mode access
    interface FastEthernet0/2
     switchport mode access
    interface FastEthernet0/24
     switchport access vlan 2
     switchport mode access
    interface FastEthernet0/25
    interface FastEthernet0/26
    interface Vlan1
     no ip address
     no ip route-cache
     shutdown
    interface Vlan2
     ip address 192.168.1.107 255.255.255.0
     no ip route-cache
    ip default-gateway 192.168.1.1
    ip http server
    line con 0
     exec-timeout 0 0
     password CCENT
     logging synchronous
     login
    line vty 0 4
     login local
     transport input telnet ssh
    line vty 5 15
     login local
     transport input telnet ssh
    end
     --More--
    The physical connection I'm using is from my desktop's second NIC, and I've configured the IPv4 connection to the switch's listed IP, which is 192.168.1.107.  Is there anything listed above that would be problematic?
    One of my questions has to do with the IP address that's supposed to be used to receive rsa keys: why is it necessary?  Also, I tried entering the "ip address dhcp" command to grab an address from my WRT54G and received the following:
    Switch#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    Switch(config)#int vlan2
    Switch(config-if)#ip address dhcp
                                 ^
    % Invalid input detected at '^' marker.
    I'm following the directions in Odom's book, and I don't see what I'm missing.  
    My other question has to do with passwords, in general.  Entering the username/password on either the interface-subcommand or the global configuration area seems unimportant, here:
    Switch#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    Switch(config)#line vty 0 15
    Switch(config-line)#login local
    Switch(config-line)#transport input ssh telnet
    Switch(config-line)#username DDDD password EEEE
    Switch(config)#^Z
    ...and...
    Switch#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    Switch(config)#line vty 0 15
    Switch(config-line)#login local
    Switch(config-line)#transport input ssh telnet
    Switch(config-line)#exit
    Switch(config)#username FFFF password GGGG
    Switch(config)#^Z
    Here's the running config, afterwards:
    Switch#show running-config
    Building configuration...
    Current configuration : 2535 bytes
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    hostname Switch
    no logging console
    username CCNA password 0 CCIE
    username BBBB password 0 CCCC
    username DDDD password 0 EEEE
    username FFFF password 0 GGGG
    ip subnet-zero
    ip domain-name modeofinquiry.com
    ip ssh time-out 120
    ip ssh authentication-retries 3
     --More--
    It doesn't appear as though exiting out of config-if mode made any difference for the usernames/passwords.  Then again, I can't connect through Telnet/SSH, so I'm not able to test it, at the moment.  
    I'm really sorry for the huge post, but I didn't want to start multiple threads.  Any help is much appreciated.
    - B 

    First of all, thank you all for the helpful responses!
    My PC is currently connected through the router, from which a straight-through cable is connected to port Fa0/18, and it is indeed on vlan2, which is associated with 1.107.  
    I ran the arp -a command, and here's a portion of it:
    Interface: 192.168.1.105 --- 0xc
      Internet Address      Physical Address      Type
      192.168.1.1           00-0c-41-d4-6d-a1     dynamic
      192.168.1.104         64-a3-cb-3d-07-64     dynamic
      192.168.1.107         00-0a-b7-13-e5-c0     dynamic
    1.105 is one of the NICs on the desktop.  The BIA listed for 1.107 is one of the static "CPU" addresses on the switch.  Here's my current running config:
    Switch#show running-config
    Building configuration...
    Current configuration : 2434 bytes
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    hostname Switch
    no logging console
    username CCNA password 0 CCIE
    ip subnet-zero
    ip domain-name modeofinquiry.com
    ip ssh time-out 120
    ip ssh authentication-retries 3
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    interface FastEthernet0/1
     switchport mode access
    interface FastEthernet0/2
     switchport mode access
    interface FastEthernet0/18
     switchport access vlan 2
     switchport mode access
    interface FastEthernet0/19
     switchport access vlan 2
     switchport mode access
    interface FastEthernet0/20
     switchport access vlan 2
     switchport mode access
    interface FastEthernet0/21
     switchport access vlan 2
     switchport mode access
    interface FastEthernet0/22
     switchport access vlan 2
     switchport mode access
    interface FastEthernet0/23
     switchport access vlan 2
     switchport mode access
    interface FastEthernet0/24
     switchport access vlan 2
     switchport mode access
    interface FastEthernet0/25
    interface FastEthernet0/26
    interface Vlan1
     no ip address
     no ip route-cache
     shutdown
    interface Vlan2
     ip address 192.168.1.107 255.255.255.0
     no ip route-cache
    ip default-gateway 192.168.1.1
    ip http server
    line con 0
     exec-timeout 0 0
     password CCENT
     logging synchronous
     login
    line vty 0 4
     password NICE
     login
     transport input telnet ssh
    line vty 5 15
     password NICE
     login
     transport input telnet ssh
    end
    As you can see, I've added the VTY passwords, though I thought I had already done that.  Actually, to what do the "CCNA" and "CCIE" passwords listed above apply?  I'm assuming those are the local login credentials I added for the VTY lines.  
    I just got through disconnected the switch's straight-through cable from the router and connected it directly to my desktop's second NIC again, and I still can't connect, remotely.  Where should the troubleshooting start, at this point?

Maybe you are looking for