TELNET - SHOULD BE SIMPLE

[Cundallc]

On a 2900XL, when I telnet to it I get this error message:

es

User Access Verification

Password:
Password:
Password:
% Bad passwords


Does anyone know what the problem is? All other IP services work fine and I can login/set passwords via the serial cable without issue.

 

[routerman]

Check the configuration, you'll find that the VTY password is different to the console password.

 

[Cundallc]

You're right....! but how do I change the VTY password and get them to match up? What is the point of the VTY password?

Cheers

Chris

 

[rcasta]

line vty 0 4 (check on configuration)
password yourpwd
login

cheers,

 

[Cundallc]

SO CLOSE YET SO FAR.....

I have set them all to password password, to no avail:

line con 0
password password
login
transport input none
stopbits 1
line vty 0 4
password password
login
line vty 5 13
password password
login
line vty 14
login
line vty 15
password password
login

It still comes up with %bad password, what could the issue be now?


Full config:
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Snoppy2
!
enable last-resort succeed
enable secret 5 $1$.Hql$HVxY9snIlSpY9rV8raEcD.
enable password level 15
!
!
!
!
!
!
ip subnet-zero
ip telnet source-interface FastEthernet0/21
ip accounting-threshold 100
!
!
!
interface FastEthernet0/1
port network
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface ATM1/1
!
interface VLAN1
ip address 192.168.3.144 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN2
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN55
description Created by Christopher Cundall 5080
ip address 192.168.3.143 255.255.255.0
no ip directed-broadcast
no ip route-cache
shutdown
!
ip default-gateway 192.168.3.1
snmp-server engineID local 0000000902000004C19C6680
snmp-server community private RW
snmp-server community public RO
snmp-server user ccundall public v1
snmp-server location over here
snmp-server enable traps snmp authentication linkdown linkup coldstart
snmp-server enable traps vlan-membership
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps hsrp
snmp-server enable traps c2900
snmp-server enable traps vtp
snmp-server enable traps cluster
snmp-server host 192.168.1.200 trap 255.255.255.0
banner motd ^Ces^C
!
line con 0
password password
login
transport input none
stopbits 1
line vty 0 4
password password
login
line vty 5 13
password password
login
line vty 14
login
line vty 15
password password
login
!
end

 

[rcasta]

Are you telnetting from somewhere leading up to interface FastEthernet0/21 ? (ip telnet source-interface FastEthernet0/21)

 

[Cundallc]

YEP, I am going through a series of dumb hubs and switches and ending up on port 0/21.

I have had it working so I know it should work. Since then I ran the setup command and used the ip telnet options but cannot get telnet working again.

I can get in via the console without a problem so it has to be something related to telnet / ip / password / runnning config.

Cheers

Chris

 

[newmangj]

An outside shot, if you have some method of tracing the LAN port that the logon attempt is coming in on you can assure yourself that the password is coming through as expected - I had a similar case some time ago where the terminal emulator being used to telnet was set to some obscure emulation that was sending control codes with the text thus causing the password verify to fail the password....

Ethereal (a free LAN sniffer) running on a PC connected to a hub connected to the port would be a good start.

 

[routerman]

The problem is down to the login keyword under the VTY, remove that and you should be able to enet the password you configured under the vty part of the configuration.

The VTY section is for Telnet access to the router, this is secured by the password.

If you add the login keyword then you'll need to add a username and password statement into the router, so to fix your problem remover the login keyword.

conf t
line vty 0 15
no login

That should leave config something like:

line vty 0 4
password password

You are getting as far as the router as you get the password prompt from the router, so your basic path is ok.

 

[Cundallc]

You've Solved It

Thanks for all the help much appreciated......

Quick question, I still don't quite understand why having the second password option caused the problem. From having the second password, did it mean that I would have to login twice, which is not an option on the switch? therefore causing the problem?

Cheers

Chris

 

[rcasta]

routerman,

but when configuring, for instance, routers and login command alone is set, telnetting this box will result in a
"password:" prompt. As opposed to when configuring "login local", where a username and password are needed.

Is it just me or what?

cheers,
CCNA

 

[routerman]

Rcasta,

I'm sure I had a similar problem some years ago, but I've just tried this on a 2600 I'm setting up.

line vty 0 4
pass cisco

Use of the login keyword makes no difference, with or without it I get the password prompt and can login with the password cisco.

So its not just you, its the technology fighting back!