We have a cisco 2911 router configured with password for telnet login, but I always failed to login use telnet, does any one know any place need to be modify?
View 6 RepliesI am planning on having a contractor in to configure some new routers and would like for him to login using the local account on the routers while company personal continues to use radius is this possible.
View 6 Replies View RelatedWe are running in our DC one of the CISCO 2911 terminal server which is connected with HP ARC sight logger.
it is possible to capture user who execute ‘Telnet” or “show line” in the log, I mean all the command entries by user.
How to enable any config on 2911.
We have a Cisco 2911 router in our company. I didn't set it up myself nor I was involved. I only started working here recently, bit over 3 months ago. I have been given ongoing task which other IT Technicians been struggling for almost a year with a idea that maybe because I'm fresh person in the company I will find a original idea why could this thing not work.
Our router have a problem with blocking a single IP address, but not completely It's hard to explain but I will try my best. Company is hosting their website externally and accessing the host and FTP on the host on daily bases. It is important for the website to work on the internal network in company. It does work sometimes, but from time-to-time the website showing time-out error 118 on any point before Cisco router using both http and https, have tried putting just the IP address( doesn't matter is it on the general network or last ISA server on DMZ ). I am able to connect to the website using any of proxy gates but not directly to the website. I have also tested the connection past the router and I was able to connect to the website without any problems. I am also able to ping the host's address from the router and internal network.
I have eliminated the possibility of not correctly setup proxy or firewall on the network as problem also occur on the DMZ. I have also checked access-lists on the router and firewall rules for Any possibilities and I can't really see a way why would the router do this.
My Setup / I've been lurking on here a while, working hard to understand the basic networking concepts and eventually pursue the CISCO certs. I bought a lab and have since managed to setup a four router config (2610XM-DTE, 2621-DTE, 2501-DCE, and a linksys E1000 with routing, DHCP, and NAT turned off to make it a wirelss access point) with three switches (2@2950 and a 2924XL).
So far, I have managed to bring in my public IP using DHCP, and setup PAT. The network is fully functional, I can ping every interface, and reach the web on host PCs from any switchport. I am also able to telnet into the FastEthernet interface IPd with my public address.
My Issue : My concern right now is in feature support. I recently read on here that CISCO does not support UPnP, and due to my limited resources, I am using the only public IP I have to allow remote testing/learning on my lab. The issue is that I also have a PS3 and XBox 360 on this network that is requiring UPnP for certain online games and features.
The only solution I can see to this problem is to return my public IP back to the E1000 router, which is running RIP Version 2 (white papers said version 1, but a debup ip rip showed that updates were being ignored due to illegal version), and then poing my other three routers to it for outside access.
The questions I have in this scenario:
1. Will NAT still function if I use the E1000 and set the interfaces connecting to it as ip nat inside? I'm assuming that PAT is already hardcoded onto the router to allow for multiple connections to public IP space.
2. If my IP is 68.X.X.X, I set the E1000 to an IP of 192.168.1.1 and the FastEthernet it connects to is on my 2621 with an IP of 192.168.1.2, would it be possible to telnet into 192.168.1.2? If I were to forward port 23 out of the E1000 to the 192.168.1.2 address. Will my login and password for line vty 0 4 understand the request if the original telnet was to my public IP?
3. If all of that is just non-sense, is there another work-around that allows me to acheive UPnP through my E1000, while retaining telnet ability to my lab so I can try things in different scenarios or while I'm away from home?
We have several routers that can only be accessed on telnet port 6066 (vice 23). I have no global exec privilege so I can not provide config.So my question is: how do you configure the router to accept port 6066 for telnet and deny port 23?
View 4 Replies View RelatedWe have some Cisco 2911's that we are configuring 2 VPN's ( second is for redundancy) We are pretty confident on the failover VPN setup using SLA monitoring.
One thing we are stuck on is the redundant VPN will be setup over a 3G connection provided by verizon. Verizon issues a Private IP ( 192.168.100.X) the far end device terminating the VPN has a public ip of 183.172.22.XX , what kind of NAT translation do I need to make this work ? Also does Cisco have any good configuration examples for VPN Failover setups for Cisco 2911's?
We have a new 2911 that needs to be configured, unfortunately it's at a remote site. I had installed the following config: [code]
Now, I do get a dhcp ip on the G0/0 interface and I can ping it from my remote network and the local router as well as the local lan. The hands and eye guy is able to telnet from the local lan but I am unable to telnet from either my remote lan or the local router.The only error I receive is "connection refused by remote host". All lines are clear so I have no conflicts with multiple telnet sessions.
1) KA-AGR-DEP-C1941#telnet 74.125.236.133 /source-interface gigabitEthernet 0/1
% telnet connections not permitted from this terminal
How can we enable telnet for the above for testing
2) KA-AGR-DEP-C1941#sh caller
Active Idle
Line User Service Time Time
vty 132 agri VTY 00:02:24 00:00:00
Here we are getting the time of our vty login and not the serial link uptime. How can we enable to check the serial link uptime.
3) CGHSULSOR#traceroute google.com
Translating "google.com"...domain server (164.100.3.1) [OK]
Type escape sequence to abort.
Tracing the route to google.com (74.125.236.129)
1 10.161.20.69 4 msec 4 msec 4 msec
2 10.255.232.38 4 msec 4 msec 4 msec
3 10.255.238.237 40 msec 40 msec 40 msec
4 10.255.221.225 40 msec 40 msec 40 msec
5 * *
CGHSULSOR#telnet 74.125.236.129 80
Trying 74.125.236.129, 80 ...
% Connection refused by remote host
In the above case it's showing refused by remote host. If the port 80 is opened in firewall also if we get this error what will be the issue. As i understood when firewall port is opened we wil get as OPEN
I was logged in to this device in monday normally and in tuesday when i trying to
Cisco SW#telnet 172.17.1.1
Trying 172.17.1.1 ...
% Connection refused by remote hos
And i compare the current configuration with last configuration in monday i found no change, this device in live network also cpu is normally and memory.
I have some issues with router configuration. I cannot open any external web pages, but ping or telnet is just fine. Im using router-on-a-stick scenario. Router connected to LAN trough EtherSwitch module. Config attached.
View 8 Replies View RelatedI have installed a cisco 2911 router and the cisco usb console drivers on my pc, win 7 64 bit.however when I use putty and open the com port assigned it just goes blank, I am using the usb port on my laptop to connect and using the cisco usb console cable provided
View 1 Replies View RelatedI'm trying to make a setup on my Cisco 881 router, but I'm having some trouble.I've managed to configure logging in with a Public-Private key pair over SSH, but it's also still possible to log in over SSH with just a username and password. I'd like to prevent this, if possible. I imagine I might have manually configured this to be allowed at some point, but I can't quite figure out how I did this, as no matter what I've tried to remove, it keeps allowing this option. I still need to be able to log in with a username, because I want users to have different privileges.
Once I've logged in using the Public-Private key, I don't automatically go into privilege mode, even though the user is configured with a privilege level. I'd like to configure that users that I've configured to use a certain privilege mode, automatically go into privilege mode without a password prompt. I know it did this before I started using the Public-Private key (or before I used AAA, which was configured around the same time), so I wondered if it's possible to do this still.
how can we login into the private network from Remotely in Switches and firewall or Routers,
View 5 Replies View RelatedWe have purchased a number of 2911 routers.We got Base & security license as we wanted to enable encryption. However we probably wont use the security.We are replacing 2811 routers.Unfortunately the 2811 routers have FXS ports with 2 - 4 POTS handsets - I completely forgot about these ports when I was ordering.Now I have VIC3-FXS cards which are ok in the 2911 but unfortunately I cant get them to work.I am missing PVDMs (well adapters anyway), and even if I got them the router wont take any commands relating to voice due to the license.Is is possible to 'rehost' the security and turn it into a UC ?I am new to these 2911 and Licensing.
View 1 Replies View RelatedI have a 2801 router that I am replacing with a 2911. I know the ports on the 2911 are Gigabits and the 2801 are Fe. I read where the IOS would not support backup and restore on each other . I am attaching a show ver on both routers. I need to know if backup and restore would work and or what other changes would need to get done.
View 1 Replies View RelatedI have a Cisco 2911 router that I will like to use it for setting up a site to site VPN but the router does not support VPN commands. When I issue crypto isakmp command, it says command no recognized. When I issue ipsec transform-set command, it says command not recognized. The IOS running on my router is c2900-universalk9-mz.SPA.151-2.T1.bin. Also see the output of my show licences features command: [code]
what can be done on this router to enable use it for setting up a VPN connection.
I have a 2911 router with 15.1(4) Ios Version. I need to enable the evaluation sna feature but when I try to enter the command "license feature snasw" but I get an error, the command "License feature" does not exist.
View 3 Replies View RelatedMy engineer onsite can't get into enable mode on his 2911 router. I've seen this before but I can't find out how I fixed it.
He gets an error saying : no password set
Here is the config:
Router#sh run
Building configuration...
Current configuration : 1784 bytes
!
[Code]....
I am trying to connect my Cisco 2911 router to my community in CNA. I can see the routers on the topology map, but when I try to add to community I get an error message stating that the router is unreachable (Unable to connect). I can ping device from ame client. I can view Device Properties for map (Device type: CISCO2911/K9). Telenet attempt to connect but we only use SSH for connectivity (the same as all of my switches that are connected to community). 2911 is listed as a supported router on Cisco site.
View 3 Replies View Relatedwhether a Cisco Router 2911 would work on images other than universal image. This is the question raised by one of our customer. He has 2811 Router where-in he has configured T1/E1 configuration, terminated to Zyxel Modem and working fine. Now he wants to replace this 2811 router with 2911 router. Since the universal image in 2911 router is not working with the present configuration in 2811 router, he wants to know, what options are there for him to configure this in 2911.
View 2 Replies View RelatedI am having 2911 router running with C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)IOS and i have configured the following commands for eigrp
-router eigrp 100
-network 10.20.0.0
-no auto-summary
It takes all 3 commands but when i check through show run command i am not seeing no auto-summary command.
how this switch module works in 2911 router? I have two 2911 routers in HSRP configuration for redundancy with crossover cable between switch modules. OSPF running on routers.If active router loses its power and then comes back again, it boots first, its internal link to switch module comes up and it starts to forward packets to switch module. The switch module starts to boot only after router is ready. So I have outage of about 3-4 minutes. For our real-time applications it is way too long.
any way to start booting of the switch module before router gets ready?I understand I can boot it manually, but it is only after router is ready. Only way to get around it I found is to disable internal link and use router interface to connect to the switch module.
I have a brand new 1921 router that I can't login to using cisco/cisco. Is there a new password?
[URL]
I don't have physical access so I can't reboot it until Monday. Just wanted to get it working today.
i have router 2911
pub ip: 121.97.65.61-74
interface gigabitethernet 0/1
ip address 121.97.65.61/28
[Code].....
and other ip will drop/kick/disconnected automatically
how to implement this on access list
I have a strange issue that I am having an issue figuring out. I am trying to login to the 1941 router through the console port. When I enter the username and password, which I just set, it fails. I am able to login under a different login but when I try to enter the enable mode the enable password doesn't work, which I just set as well. I can login with the TACACS+ login from a SSH session. Here is the line config:
line con 0
exec-timeout 15 0
logging synchronous
[Code].....
I have a Cisco 3750 with private VLANS configured.. VLAN 2 is the "primary", VLAN 3 is "isolated" and VLAN 4 is "community". This is all working correctly, however I now have the need to another VLAN called "production". I need the production VLAN to be able to reach all the private VLAN hosts (community and Isolated), and vice versa
View 2 Replies View RelatedI have aaa new model configured on a number of isr's(1800, 1900, 2900, 3800 etc). When i have aaa configured, the telnet logins use that authentication and not the password in the line vty portion. Is this by design. would disabling aaa enable both telnet and aaa authentications, essentially making it a dual login.
View 3 Replies View RelatedWhy I got below error message when config Private VLAN?
Error: while enabling/disabling service: private-vlan, err: Private-vlan is not allowed in F2 VDC (0x40e4005d)
#sh run | inc user
!
username USER0 secret 5 $1$passwordusername USER1 privilege 15 secret 5 $1$passwordusername USER2 privilege 15 secret 5 $1$password
!
#sh run | inc aaa
!
aaa new-modelaaa authentication login local_authen localaaa authentication login radius_authen group radius localaaa authorization consoleaaa authorization exec local_author localaaa authorization exec radius_author group radius localaaa session-id common
!
#sh run | begin line vty
!
line vty 0 4access-class 3 inexec-timeout 15 0authorization exec radius_authorlogging synchronouslogin authentication radius_authentransport input sshline vty 5 15!sh verCisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1)
the intent of the above is that management connections will only be accepted via SSH, and all of those will be authenticated via RADIUS, unless it's down, then it will use the local username/pw combinations, most of which are given Privledge level 15. Telnet should never work.SSH works as expected (authenticates via RADIUS), but the problem is that Telnet also works, will ONLY use the local database (never RADIUS), and, for some reason, leaves the users at Privledge level 1, instead of the configured 15.Essentially, it seems that at every point I have told it to do something that isn't the default with regards to telnet, it ignores me.Prior to a recent IOS upgrade, the switch didn't support SSH, so the previous config was Telnet with RADIUS, and that worked fine.
I have set up a newly switch, cisco 3570C. Its in v15 and the only configuration i did is:
-set up interface ip add. 10.132.16.111
-set up telnet
I am able to telnet within LAN environment. I cant ping or telnet the switch in a WAN enviornment. Is there any setting i should confgure on the switch?
I have a Cisco 2960-S Switch, It is connected to a jack in the building to check the settings, Interface VLAN 1 has an ip, there is a default gateway, Any host connected to switch can access the network resources. But the problem is that I have to use Serial Cable to configure it. I cant ping or telnet into it from any other device. PC's are on different subnets/VLANS.
Basically this switch is connected to a port in a different switch, Do i have to make a trunk?
I am trying to Disable Telnet and enable SSH in CatOS for 6500 .
View 12 Replies View Related