Can't telnet on WAN interface, ping is ok
Hi all,
I'm not able to telnet to cisco1841 on WAN interface...( Connection timed out; remote host not responding )
telnet from inside network to LAN interface is fine
I can ping the WAN interface
port 23 appears to be closed ( nmap )
Does anyone have an idea why telnet is not working??
part of my config ( 2 wan links for redundancy, can't telnet to none of them):
interface FastEthernet0/0
description ##### LINE TO LAN #####
ip address 192.168.8.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
duplex auto
speed auto
interface FastEthernet0/1
description ##### TO CABLE MODEM #####
ip address dhcp client-id FastEthernet0/1
duplex auto
speed auto
no cdp enable
interface ATM0/0/0
no ip address
load-interval 30
atm restart timer 300
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Virtual-PPP1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
no cdp enable
no ppp chap wait
ppp pap sent-username user password pass
pseudowire 212.25.127.15 1 pw-class dialer_to_bezeqint
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
dialer idle-timeout 200000
no cdp enable
ppp pap sent-username user password pass
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 0.0.0.0 0.0.0.0 Dialer0 50
ip route 212.25.127.15 255.255.255.255 FastEthernet0/1 dhcp
no ip http server
no ip http secure-server
ip nat inside source route-map ADSL_NAT interface Dialer0 overload
ip nat inside source route-map CABLE_NAT interface Virtual-PPP1 overload
route-map ADSL_NAT permit 10
match interface Dialer0
route-map CABLE_NAT permit 10
match interface Virtual-PPP1
control-plane
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
logging synchronous
login local
transport input telnet
end
Friend, I recommend you use the settings below, I'm doing like this below I have no problem, look no free access telnet use SSH,
An ace
access-list 10 permit you ip
access-list 10 deny any
line con 0
password you password
login local
length 0
line aux 0
password you password
login local
line vty 0 4
access-class 10 in
exec-timeout 0 0
privilege level 15
password you password
login local
length 0
transport input telnet ssh
line vty 5 15
access-class 10 in
privilege level 15
password you password
login local
length 0
transport input telnet ssh
Similar Messages
-
For whatever reason I can telnet from another switch to the SG300 switch but not directly to the switch. I also can't access the web interface or ping the switch. Any help would be appreciated. Here is the running config
config-file-header
WasteWaterSG30010MPP
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode switch
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end xxxxxxxxxxxxxxxxxxxxxxxx
vlan database
default-vlan vlan 2
exit
vlan database
vlan 2,75,200,999
exit
voice vlan id 200
voice vlan oui-table add ________
voice vlan oui-table add _phone_____________
voice vlan oui-table add ___________________
voice vlan oui-table add ______________
voice vlan oui-table add
voice vlan oui-table add ___________
voice vlan oui-table add ___
voice vlan oui-table add ______________
hostname WasteWaterSG30010MPP
line console
exec-timeout 0
exit
line telnet
password 382fda4a4a26e6637edac0eb8b8ba4581087d32d encrypted
exit
line console
password 382fda4a4a26e6637edac0eb8b8ba4581087d32d encrypted
exit
enable password level 15 encrypted 382fda4a4a26e6637edac0eb8b8ba4581087d32d
username admin password encrypted 382fda4a4a26e6637edac0eb8b8ba4581087d32d privi
lege 15
snmp-server location XXXXXXXX
snmp-server community String1 ro view Default
sntp server 172.16.2.1
ip telnet server
interface vlan 2
ip address 172.16.2.23 255.255.255.0
no ip address dhcp
interface gigabitethernet1
storm-control broadcast enable
storm-control broadcast level 10
storm-control include-multicast
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
switchport mode access
switchport access vlan 999
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type unknown
interface gigabitethernet2
spanning-tree portfast
switchport mode access
switchport access vlan 999
interface gigabitethernet3
spanning-tree portfast
switchport mode access
switchport access vlan 999
interface gigabitethernet4
storm-control broadcast enable
storm-control broadcast level 10
storm-control include-multicast
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
switchport mode access
switchport access vlan 999
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type unknown
interface gigabitethernet5
spanning-tree portfast
switchport mode access
switchport access vlan 999
interface gigabitethernet6
spanning-tree portfast
switchport mode access
interface gigabitethernet7
spanning-tree portfast
switchport mode access
switchport access vlan 999
interface gigabitethernet8
spanning-tree portfast
switchport mode access
switchport access vlan 999
interface gigabitethernet9
spanning-tree link-type point-to-point
switchport trunk allowed vlan add 75,200,999
switchport trunk native vlan 2
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
interface gigabitethernet10
spanning-tree link-type point-to-point
switchport trunk allowed vlan add 75,200,999
switchport trunk native vlan 2
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
exitA member of which VLAN ID is that device from which you trying to reach that switch?
Is that device directly connected to switch WasteWaterSG30010MPP? If yes, to which port?
If you are connecting from different VLAN than VLAN2, are you using routing between VLANs? Where is that routing device connected to?
> I also have another switch that connects to the network through this switch and am able to telnet to it.
that second switch member of same VLAN 2? Or management is part of different VLAN?
..too few information to be able to give you final answer. -
HH3::Enable ping response on WAN interface- there ...
HH3::Enable ping response on WAN interface- there must be an easier way!!
only way I've managed to get this working is to connect an old Buffalo Airstation via Ethernet, enable Ping response on its WAN interface and then assign the Buffalos WAN IP to the DMZ in the HH3
DISCLAIMER: although I work in the industry I do not work for BT and any opinions given are purely my own.Apple's website is acting up.
Open AirPort Utility on your Mac
Click on the Time Capsule icon, then click Edit
Click the Base Station tab at the top of the window
Enter a check mark in the box next to Allow Setup over WAN
Click Update
If you do not see this option, the Time Capsule is not acting as the router for the network....another device is performing routing duties. -
Cisco RV180 VLAN tagging WAN interface
Is there by any chance in the future firmware update that this product (RV180) will be able to support VLAN tagging on WAN interface like the Cisco's RV315W router? ISP in Singapore (Singtel) and Malaysia(Unifi) (http://klseet.com/index.php/mikrotik/mikrotik-rb750-750g/setup-for-unifi) requires certain type of vlan tagging on the WAN interface for it to work.
Is there any workaround to this?I tried with only two vlans and set the DHCP active only for the office "vlan2". Computers receive the correct ip but some of them won't register on the network, i tried to set the ip manualy on the computers but that computer will still be isolated.
Ex: computer A receives ip 192.168.10.25, Subnet 255.255.255.0, Gateway 192.168.10.1, for 2-3 minutes i can access the router on 192.168.10.1 and the internet, after a random time interval the gateway won't even respond to ping.It's not from firewall related issues as i set to accept all both incoming and outgoing. If i set a manual ip corresponding to vlan1 "default" everything works.It's like that computer is isolated so i believe it has to do with the asignment of Tagged, untagged and Excluded settings on the vlans. -
Multiple DMVPN Instances on Same WAN Interface
Hi Folks,
Is it possible to run Multiple DMVPN Instances on a single WAN Interface ? Can we for example configure 3 Tunnels on a Router using one same WAN Interface but running separate EIGRP Instances for each Tunnel ? Kindly let me know , AliouneHi Alioune,
Yes you can create DMVPN as you said with one WAN interface that is possible..... you can have multiple tunnel interfaces pointed to a WAN interface as the source interface which resides in public zone..... with different public ip's as the destination tunnel...
interface Tunnel1
description ** A-VPN Tunnel **
bandwidth 100000
ip vrf forwarding red
ip address 10.0.252.2 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1500
load-interval 60
tunnel source GigabitEthernet0/0 (WAN Interface)
tunnel destination 1.1.1.1
tunnel protection ipsec profile dmvpn
interface Tunnel1
description ** B-VPN Tunnel **
bandwidth 100000
ip vrf forwarding red
ip address 10.0.252.5 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1500
load-interval 60
tunnel source GigabitEthernet0/0 (WAN Interface)
tunnel destination 2.1.1.1
tunnel protection ipsec profile dmvpn
like the above..... shown sample...
Please rate if the given information helps!!! -
Can't configure both WAN ports on 1811 with SDM
Hi,
We recently procured an 1811 router to replace a SOHO linksys at a store we service. We needed redundant WAN interfaces to use the DSL as a backup to the main cable connection, and a Linksys RV082, while doing the job when it actually worked, died repeatedly. We decided after looking at the 1811's feature set to just get the Cisco and be done with it and not monkey with SOHO gear anymore.
Where I'm having difficulty is SDM won't let me configure both WAN interfaces from the GUI, it only allows me to configure one. I have it configured, and the router is working nicely in the test lab but I need to get that other interface configured and failover enabled before I can put this thing into production.
What am I doing wrong? Do I need to suck it up and learn IOS?
Thanks,
Todd Phipps
Certco, Inc.I ended up figuring out the IOS commands to enable one fastethernet port as a primary and the other one as a backup (running both cable and DSL for redundancy; it's a grocery store that runs electronic transactions over IP so 100% availability is a must).
The trouble I was running into in SDM is that while it would allow me to configure one WAN port through the GUI, the config options for the second one were grayed out. Now that both are configured through IOS the edit buttons for both WAN interfaces appear normally in SDM. It's almost as if Cisco didn't want users to be able to configure both interfaces graphically for initial setup.
Now just to test it at the site before the store opens to see if the failover works...
Todd -
Advice on constructing a test engine and formatting a spreadsheet test file to perform command line interface testing on a range of products through telnet or serial interface and output pass/fail results.
Hello j. smith,
TestStand gives you the ability to create "sequence files" which are lists of tests to be run sequentially or in parallel. These tests can be written in any language: LabVIEW VIs, C/C++ DLLs, EXEs, ActiveX objects, .NET Assemblies, etc.
You can run your TestStand sequence files from a command-line prompt using the following syntax:
\bin\SeqEdit.exe" /quit -run
This will launch the TestStand Sequence Editor (and optionally prompt you for TestStand login information if you have this configured), run your sequence file, then exit.
If you're using the TestStand process model, it can output your results to a report file or database if you configure this. To use a TestStand process mo
del to execute your sequence file, use the following syntax:
\bin\SeqEdit.exe" /quit -runEntryPoint
Here's an example:
C:\>"C:\Program Files\National Instruments\TestStand 3.0\bin\SeqEdit.exe" /quit -runEntryPoint "Single Pass" "C:\Program Files\National Instruments\TestStand 3.0\Examples\Demo\C\computer.seq"
Note that multiple sequences and sequence files can be specified on the command line.
TestStand supports remote sequence execution using DCOM (Distributed COM), which is an east way to remotely execute tests. But as for running tests or commands through a telnet or serial interface, you would have need to check Windows documentation on how to execute command-line remotely like this.
David Mc.
NI Applications Engineer -
Add Additional IP Addresses to WAN Interface on SRP527W
Hi,
Can anyone tell me how to add an additional IP addresses to the WAN interface on a SRP527W.
We are connecting to an ISP which assigns us a static IP address with our ADSL account. We also have another 2 additional WAN IP addresses that we have purchased from out ISP and wish to add them as Aliases to the WAN interface and use for other services. I would also like to use those additional IP addresses to create port forwards to our internal network.
I cannot find how to do this in the manual any where and any help would be much appreciated.
Regards
CraigHi Craig,
Unfortunately, this is not possible with the SRP520.
[For others reading this thread, this is possible with the SRP540]
Regards,
Andy -
RV120W WAN interface doesn't automatically re-enable after WAN connection is restored
I found that RV120W WAN interface doesn't automatically re-enable after a cable pull and re-plug. I have to go into the Status->System Summary and click the "Enable" button. Is this normal on this router? Can I prevent that from happening? I would hope this is NOT normal as this would mean that I would have to be on-site and login to the web interface to re-enable it after a power failure or WAN link loss.
Tekliu,
Thanks for the response. But, as I mentioned in my prior post, this is, unfortunately, the designed behavior for this device, at least with a static IP and no ISP login. Cisco Small Business Customer Support was clear on this and didn't even open a ticket. I asked that they submit a feature request to change this behavior in a future release. Of course, they couldn't make any promises.
One possible source of confusion is the different circumstances that can occur. In my testing, the interface does come back up automatically on a soft reboot. It also comes back up automatically if both the RV120W and the upstream (WAN) device are power cycled together. I believe this is because the upstream device comes up much faster and is up before the RV120W. The case we are talking about is when the upstream device is cycled or the cable is pulled while the RV120W stays up. In this case, the WAN port remains disabled until you manually select the button on the status page.
Thanks again for following up on this. -
Hello,
I have a cisco router 1721, IOS 12.4(25a)
I enabled dhcp server for my local LAN, and I setup my WAN interface as dhcp interface.
My ISP told me that my router is acting as dhcp server on WAN interface...and is not good for them. Can I stop my cisco router from sending dhcp offers on WAN interface, but send dhcp offers for my local LAN ?
ip dhcp pool LOCAL
import all
network 192.168.1.0 255.255.255.0
dns-server 193.x.x.x
default-router 192.168.1.222
domain-name appt.ro
lease infinite
ip dhcp pool host1
host 192.168.1.11 255.255.255.0
client-identifier 0100.0ee8.e23d.94
interface FastEthernet0
mac-address 0019.66b3.d689
ip address dhcp
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
FastEthernet0 is my WAN interface.
Thanks!I imagine that clients on the WAN side are sending requests with a GIADDR field that matches your DHCP pool's scope. In that case, the router would handout an address. You could add an ACL to the WAN interface to block incoming udp/68 packets:
access-list 101 deny udp any any eq 68access-list 101 permit ip any any!interface FastEthernet0 ip access-group 101 in
That should prevent the router from seeing the client requests while still being able to get server responses. -
Can not access ASAs inside interface via VPN tunnels
Hi there,
I have a funny problem.
I build up a hub and spoke VPN, with RAS Client VPN access for the central location.
All tunnels and the RAS VPN access are working fine.
I use the tunnels for Voip, terminal server access and a few other services.
The only problem I have is, that I could not access the inside IP address of any of my ASAs, neither via tunnels nor via RAS VPN access. No telnet access and no ping reach the inside interfaces.
No problem when I connect to the interface via a host inside the network.
All telnet statments in the config are ending with the INSIDE command.
On most of the ASAs the 8.2 IOS is running on one or two ASAs the 8.0(4).
For the RAS client access I use the Cisco 5.1 VPN client.
Did anybody have any suggestions?
Regards
MarcelMarcel,
Simply add on the asas you want to administer through the tunnels
management-access
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2027985
for asa5505
management-access inside
for all others if you have management interface management0/0 defined then:
management-access management
then you may need to allow the source , for example if RA VPN pool network is 10.20.20.0/24 then you tell asa that network cann administer asa and point access to inside, but sounds you have this part already.
telnet 10.20.20.0 255.255.255.0 inside
http 10.20.20.0 255.255.255.0 inside
same principle for l2l vpns
Regards -
Waas Expresss need to be supported on 2 Wan Interfaces
Dear Team,
We have 1941 Router on our branch side currently its not supporting to enable the WAAS on our two wan interfaces.
Current Image: 15.1
Planning to upgrade to 15.2
My current IOS is c1900-universalk9-mz.SPA.151-4.M3.bin and Kindly suggest whether c1900-universalk9-mz.SPA.152-4.M1.bin image will support to enable the waas on 2 wan interfaces?
Thanks in advance
Regards,
RanjithHi,
We can enable Waasfeture on 2 two interfaces in 15.2 3T cisco ios.
Regards,
Ranjith -
RV180 DHCP IPv4 client working on WAN interface?
Hi,
Does the Cisco RV180 firewall/router support DHCP client on the WAN interface? This is specifically mentioned on the DHCPv6 client, however, it is not mentioned for the IPv4 client. I'd like to set it up using my cable modem in bridged mode connecting it to the WAN interface on the RV180? So I'd get the IP address from my ISP.
Thanks,
Niels
Sent from Cisco Technical Support iPad AppHello Niels,
The RV180W certainly can pick up a DHCP address from your ISP on the WAN interface, through a bridged modem. In fact, this is the default configuration. Of course, you can also change your connection type to a static IP address or PPPoE connection profile (DSL).
All of our Small Business routers are definately capable of this confiugartion. Personally, I currently use a RV180W with a cable connection. The RV180W picked up the public IP address from my ISP just fine.
All the best,
-David Aguilar
Cisco Small Business Support Center
1-866-606-1866 -
Does the RV042 have IP Aliases for WAN interface?
Hi All
We have a Small Business RV042 router, and have many Internet servers in our Internal and DMZ networks behind the router.
In our old GTA firewall, we were able to add IP aliases to our external (WAN) interface. That is, our WAN interface can have many IP addresses besides the main IP address, e.g., 209.118.52.226, 209.118.52.227, 209.118.52.228, 209.118.52.229, etc.
209.118.52.226 is the main IP for the WAN interface.
209.118.52.227 is for our web server 1, e.g., www.example.com
209.118.52.228 is for our web server 2, e.g. support.example.com
209.118.52.229 is for our sftp server, e.g. sftp.example.com
And then we create 'tunnels' to forward incoming traffic for 209.118.52.227 to our www.example.com residing in our DMZ or Internal network, etc.
Now, is this possible with the RV042 router? The only thing we found in RV042 is Forwarding (port range forward) but that does allow us to have IP aliases for the WAN interface. It seems that we can only route service defined traffic or port defined traffic meant for only 1 WAN IP to our internal servers behind the router.
Actually, we had bought the RVS4000 earlier and then upgraded to the RV042 hoping that it will have what we want.
If the RV042 does not have IP alias for WAN interface, what is the lowest Cisco router model that has it?
Thank you very much in anticipation.
cmguiThank you tekliu
Yes, 1-to-NAT can do most of what we want. But it is not able to direct only certain port traffic from the external WAN IP to the internal LAN IP?
For example, if we create a 1-to-1 NAT 192.168.41.50 =>
209.118.52.227, it basically opens all the traffic allowed in the Firewall to go from
209.118.52.227 to 192.168.168.41.50.
If we only want to allow say https, ie. tcp port 443, traffic to go from
209.118.52.227 to 192.168.41.50, it is not possible. Or is it? -
How can I have an english interface to labview if the package is in german
Hi ,
I'm a student that makes a project in Germany using labview ... the problem is that my german is not that good , and the labview is in german so here is my question :
how can I have an english interface to labview if the package is in german (labview 7 )
Any help would be apprecieted.The only way to really have everything in English is to install an English version of LabVIEW. You may want to talk to your local NI sales representative about the possibility of getting a different version.
Doug M
Applications Engineer
National Instruments
For those unfamiliar with NBC's The Office, my icon is NOT a picture of me
Maybe you are looking for
-
My mac book pro does not connect but shows an error message with a question mark on the screen.I took it to a retailer that said it was not reconizing the hard drive.He said i needed a new hard drive but it may be something else as well but he was su
-
My MacBook Pro won't start after I forced quit because Safari stopped shutdown
I was deleting items of my external drive through MacBook keeper and when I went to shut down Safari (which was open) stopped the shutdown process. So in the end I force quit the computer. When it came to restarting I get the usula apple symbol and s
-
Message not working since IOS X 10.9.2 update
Message is not sending from my MacBook Pro and no longer is synced with my phone and ipad. The icloud account is incorrect to sync with the other units but on my MAC when I try to sign out, it tells me it will delete all my contacts. Any ideas?
-
BPM - Viewing Container Elements
I have a small BPM Scenario, in which I receive a message and Transform it and send it to the Receiver. It ran OK. I am trying to see the content of Container Element! To do the above taks I did the following So from MONI I clicked the PE in the INBo
-
Hi, My application is a Pro C / Oracle 8i based application. I was using hardcoded user ids and passwords which we removed thru externally authenticated user. Now my application is stable in production but users are complaining of very slow performan