Why is connection refused by other device with telnet configured similarly

S

scharfshutze009

2[H]4U
Joined
May 22, 2010
Messages
2,079
I configured three cisco routers that are using IOS 15.4 with the following configuration, but when I attempt to remotely connect with telnet I get the error message connection refused and don't know why:


security passwords min-length 10
enable secret class12345
line con 0
password ciscoconpass
exec-timeout 5 0
login
logging synchronous
exit
line vty 0 4
password ciscovtypass
exec-timeout 5 0
login
exit
line aux 0
no exec
exit
service password-encryption
username JR-ADMIN secret class12345
username ADMIN secret class54321
line console 0
login local
exit
line vty 0 4
login local
exit

Also, why can't I copy and paste this into each router if I'm already in the proper configuration mode. As for why it doesn't work do I need a banner or is something else the problem?
 
IP address set for the correct interfaces? IP routes setup for where they need to be? Any ACLs in the way? Check your running-config for anything that looks strange.
 
arkamw said:
IP address set for the correct interfaces? IP routes setup for where they need to be? Any ACLs in the way? Check your running-config for anything that looks strange.
Click to expand...

No there were no ACL's or Prefix Lists at the time I attempted to telnet to the remote device. I would post running configs, but now they do have have Prefix Lists and route maps as well as PBR. Therefore, if you want me to post my running-configs please let me know. If you must know even after redistribution I still could not reach R1, which was in OSPF area 0 and had two loopbacks in OSPF area 10 while R3 was in the EIGRP area and R2 was doing the redistribution.
 
scharfshutze009 said:
I configured three cisco routers that are using IOS 15.4 with the following configuration, but when I attempt to remotely connect with telnet I get the error message connection refused and don't know why:


security passwords min-length 10
enable secret class12345
line con 0
password ciscoconpass
exec-timeout 5 0
login
logging synchronous
exit
line vty 0 4
password ciscovtypass
exec-timeout 5 0
login
exit
line aux 0
no exec
exit
service password-encryption
username JR-ADMIN secret class12345
username ADMIN secret class54321
line console 0
login local
exit
line vty 0 4
login local
exit

Also, why can't I copy and paste this into each router if I'm already in the proper configuration mode. As for why it doesn't work do I need a banner or is something else the problem?
Click to expand...

I've been told by a reliable source that this works really well for them, but might be too complicated. Therefore, I don't know what to say or do about this except switch to ssh configuration as suggested instead.
 
arkamw said:
IP address set for the correct interfaces? IP routes setup for where they need to be? Any ACLs in the way? Check your running-config for anything that looks strange.
Click to expand...

Also, that's the thing though I'm not sure what looks strange beyond the initial conifgs, some of the eigrp and ospf configuration. The route map and PBR configurations are a little hazy to me because I'm just learning them, so I'm not sure and you probably need me to post running configs to help me.
 
Easius said:
Can you post full sanitized configs?
Click to expand...

Here are my configs and as Perilous said in the link they provided "It's better not to change anything when santizing because something could get messed up" and I don't have anything I really need to hide because this is a Lab much, like those found in the Cisco lab manuals, so it doesn't contain real public IP addresses or real configurations. Also it's not connected to the internet, so it's isolated to an internal lab network. Here are the R1's configs as folllows:


R1#sh run
Building configuration...

Current configuration : 2128 bytes
!
! Last configuration change at 22:12:59 UTC Thu Apr 28 2016 by ADMIN
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
security passwords min-length 10
enable secret 5 $1$tVNZ$nbaPmKEoGR6UzaCPY.Mmr.
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FGL194523UB
!
!
username JR-ADMIN secret 5 $1$tu0T$SaxiswVPb5oFUFHVK/9Ox1
username ADMIN secret 5 $1$TCG2$64XZ6xkvYzRADyZeb6fD1.
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description R1 -> Internet
ip address 130.100.100.100 255.255.255.0
!
interface Loopback1
description R1 -> WS1
ip address 192.168.10.1 255.255.255.128
ip ospf network point-to-point
!
interface Loopback2
description R1 -> WS2
ip address 192.168.20.1 255.255.255.128
ip ospf network point-to-point
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description R1 -> R2
ip address 172.16.0.1 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
description R1 -> R3
ip address 172.16.4.1 255.255.255.252
duplex auto
speed auto
!
router ospf 1
area 10 range 192.168.0.0 255.255.224.0
network 172.16.0.0 0.0.0.3 area 0
network 192.16.10.0 0.0.0.127 area 10
network 192.16.20.0 0.0.0.127 area 10
network 192.168.0.0 0.0.0.127 area 10
default-information originate
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.70.1
ip route 192.168.70.0 255.255.255.0 GigabitEthernet0/1 150
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 5 0
password 7 104D000A0618110402142B3837
logging synchronous
login local
line aux 0
no exec
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 5 0
password 7 05080F1C2243581D0015160118
login local
transport input none
!
scheduler allocate 20000 1000
!
end

R1#
 
Easius said:
Can you post full sanitized configs?
Click to expand...

Here's R2 configs because putting them all in one post was to long:


R2#sh run
Building configuration...

Current configuration : 2144 bytes
!
! Last configuration change at 22:06:31 UTC Thu Apr 28 2016 by ADMIN
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
security passwords min-length 10
enable secret 5 $1$8Mq0$jKB.wmjxHjNTppn7IaC.y/
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FGL193421PT
!
!
username JR-ADMIN secret 5 $1$nsMS$oMt0HtSzvMLz/QOsLQgiO0
username ADMIN secret 5 $1$HAcV$ZYif3Xjyz99pP2SccwNXn.
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback5
description R2 -> WS5
ip address 192.168.50.1 255.255.255.192
!
interface Loopback6
description R2 -> WS6
ip address 192.168.60.1 255.255.255.192
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description R2 -> R1
ip address 172.16.0.2 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
description R2 -> R3
ip address 10.0.0.2 255.255.255.252
duplex auto
speed auto
!
!
router eigrp 1
network 10.0.0.0
network 192.168.50.0
redistribute ospf 1 metric 10000 100 255 1 1500 route-map FILTER-ROUTES
!
router ospf 1
summary-address 192.168.0.0 255.255.224.0
redistribute static subnets
redistribute eigrp 1 subnets route-map FILTER-ROUTES
network 172.16.0.0 0.0.0.63 area 0
network 192.168.60.0 0.0.0.63 area 0
distribute-list prefix FILTER-ROUTES out eigrp 1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
ip prefix-list FILTER-ROUTES seq 5 permit 172.16.0.0/30
ip prefix-list FILTER-ROUTES seq 10 permit 10.0.0.0/30
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 5 0
password 7 05080F1C22434D061715160118
logging synchronous
login local
line aux 0
no exec
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 5 0
password 7 01100F175804101B385C4F1A0A
login local
transport input none
!
scheduler allocate 20000 1000
!
end

R2#
 
Easius said:
Can you post full sanitized configs?
Click to expand...

Finally Here's R3 because it was to long to put with R1 and R2's configs:


R3#sh run
Building configuration...

Current configuration : 2204 bytes
!
! Last configuration change at 21:58:58 UTC Thu Apr 28 2016 by ADMIN
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
security passwords min-length 10
enable secret 5 $1$fqyf$vBmTLP6O7RbdRmC/hYUxI0
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FGL193421PV
!
!
username JR-ADMIN secret 5 $1$1roH$088KJPsEMsa.ojA47hYMj.
username ADMIN secret 5 $1$WC/4$54.ZHw4FJqv7KJBYHk5Iy0
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface Loopback3
description R3 -> WS3
ip address 192.168.30.1 255.255.255.192
!
interface Loopback4
description R3 -> WS4
ip address 192.168.40.1 255.255.255.192
!
interface Loopback7
description R3 -> WS7
ip address 192.168.70.1 255.255.255.192
ip policy route-map PBR-PL
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description R3 -> R2
ip address 10.0.0.1 255.255.255.252
ip summary-address eigrp 1 192.168.0.0 255.255.192.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
description R3 -> R1
ip address 172.16.4.2 255.255.255.252
duplex auto
speed auto
!
!
router eigrp 1
network 10.0.0.0
network 192.168.30.0
network 192.168.40.0
network 192.168.70.0
!
router ospf 1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 192.168.10.0 255.255.255.0 GigabitEthernet0/1 150
!
!
ip prefix-list PBR-PL seq 5 permit 172.16.0.0/30
!
route-map R3-to-R1 permit 10
description RM to forward traffic to R1
match ip address prefix-list PBR-PL
set ip next-hop 172.16.4.0
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 5 0
password 7 070C285F4D061A0A19020A1F17
logging synchronous
login local
line aux 0
no exec
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 5 0
password 7 05080F1C2243581D0015160118
login local
transport input none
!
scheduler allocate 20000 1000
!
end

R3#
 
By putting be command "transport input none" you are effectively shutting down telnet and SSH access.

edit: this is under the vty lines to be specific.
 
Last edited:
Raekwon said:
By putting be command "transport input none" you are effectively shutting down telnet and SSH access.

edit: this is under the vty lines to be specific.
Click to expand...

I didn't intentionally put that in if I did because it was either part of the configuration I borrowed from Lab 8.2 in the CCNP Route lab manual or it was already part of the configuration. Either way though I'm guessing I remove it by entering "no transport input none".
 
I'm not sure if that will set it default or not. You could alternatively enter "transport input all" to leave it wide open to all available protocols. Or just "transport input telnet" if you are really only going to be testing with telnet.

Are you working on your CCNP:RS now? I just got done doing some studying with the FLG book. I took SWITCH a few months ago and am trying to get back into the swing of studying.
 
Raekwon said:
I'm not sure if that will set it default or not. You could alternatively enter "transport input all" to leave it wide open to all available protocols. Or just "transport input telnet" if you are really only going to be testing with telnet.

Are you working on your CCNP:RS now? I just got done doing some studying with the FLG book. I took SWITCH a few months ago and am trying to get back into the swing of studying.
Click to expand...

I don't know and I erase my configs too. Now I'm doing it with SSH, but it's not working either.
 
SSH needs a domain name and crypto keys. I don't see either of those in your configs.
 
You need to have "transport input telnet" on your vty lines.

switch#en
switch#conf t
switch(config)line vty 0 4
switch(config-line)transport input telnet

If you do "transport input telnet ssh" you will enable both, but like above poster said you need to create domain name, and also generate crypto key. It's a little bit more involved, but nothing crazy.
 
You must log in or register to reply here.
Back
Top