Can't telnet to remote router-why? 1

[hinesjrh]

OK, what did I do wrong? I just configured a 2811 router and I sent it out to a new remote site to be installed. The router is installed, running fine, and providing connectivity to this remote site. I can ping the router, I can tracert to it but I can't telnet into it. "Connecting To 10.73.0.1...Could not open connection to the host, on port 23: Connect failed" is all I get.

I believe I have the vty configured correctly to allow for remote telnet access.

line vty 0 4
privilege level 15
password 7 014211540T03530993
login local
transport input telnet
line vty 5 15
privilege level 15
password 7 065718711Q465C1F00
login local
transport input telnet

 

[chipk]

You've got login set to local. If you're trying to use the password you have set in vty, you want to do a "no login local" on line vty 0 4 and then just do "login". So, your config will look like this:

line vty 0 4
privilege level 15
password xxxxxxx
login
transport input telnet
line vty 5 15
privilege level 15
password xxxxxxxx
login
transport input telnet

 

[hinesjrh]

chipk - so to fix this I will have to get on the router (console port) locally? Or is there another way to fix this remotely?

 

[chipk]

p.s. level 7 passwords are easily decrypted, so you shouldn't include them in your questions.

 

[chipk]

Oh, well basically what you have is authentication set to a local user. If you know that you have a local user set up on the router, you may be able to use it to log in. It would look like this in the config:

username exec privilege 15 password

 

[hinesjrh]

chipk - I believe I do have a local user set up on this router in question. How do I use that to get into this router remotely via telnet? What would the login look like?

Currently when attempting to get to it via telnet, I can't even get the session to ask for a login ID or password.

 

[chipk]

Ah, right, sorry. I was focused on your config and didn't realize from the error that you weren't even getting connected. Let me try to set something up similar to what you have and see if I get connected at all.

 

[chipk]

In the meantime, can you connect to any other devices via telnet at this remote location? I know I can telnet to most of my HP printers that have JetDirect. You could also telnet to a server out there. If you can telnet to anything else, that would at least tell you that it's not a problem with an ACL or something.

 

[chipk]

Ok, I had never set it up this way before (I've used AAA to do the prompting in the past), but it appears (at least on a 3660 IOS 12.3) that when you set login to local, it knows enough to prompt you for a username and password. So, if you have a local login setup, once you actually get connected, this should work for you.

Another thing you may want to try is telnet to your core router that this remote router connects back to, and try initiating a telnet session directly from this router instead of initiating from an end station.

 

[hinesjrh]

chipk - Yes, I can telnet to a switch at this same location. I will look into my ACL's a bit deeper too. I appreciate all your feedback!