1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HELP! Can't Telnet from inside to 891

Discussion in 'Networking' started by eddysamson, Jan 27, 2012.

Thread Status:
Not open for further replies.
  1. eddysamson

    eddysamson Thread Starter

    Joined:
    Jan 26, 2012
    Messages:
    11
    I have a 891 router I have been testing some things on. I have been able to successfully telnet to it in the past with no problems. Just yesterday I was trying to set an interface to have an IP of 10.10.10.2 which I realized was an IP I had forgot to exlcude from DHCP and it was handed out to the computer I was using to telnet in. So I wrote in the exlcude commands and did an ipconfig -release ipconfig -renew on my PC that had the 10.10.10.2 IP. After the renew I was given 10.10.10.7 (put in a few more excludes).

    However the release dropped my telnet connection and afterwards I was completely unable to telnet in, getting the error that says I cannot open the connection on port 23. I had made some changes to my entire config beforehand which had it switch to use a new public IP. I never saved the changes and did a hard reset by unplugging the router to get my old config back and see if I could telnet after that. Still could not get in, same error. Well I went through and remade my entire config to use the new public IP. My 10.10.10.7 PC can access the internet, DNS, ping the router, all just fine. Still can't telnet. I remade my line/vty config and made sure it matched up with a config I had on another router. Still can't telnet.

    Last thing I did was go in and manually clear all open line connections. All that is left is an idle 0 con 0 line that it wont let me close. Still can't telnet.
    What the heck is going on with this thing? I am completely at a loss to explain why I cant telnet. It must be something in my ACLs that I am misisng? Please help, I was just about to move this to an environment where I HAVE to access it by telnet!


    attached is my config, maybe someone can find out what is wrong?
     

    Attached Files:

  2. eddysamson

    eddysamson Thread Starter

    Joined:
    Jan 26, 2012
    Messages:
    11
    Fixed this by doing:

    ip access-list standard 17
    permit 10.10.10.0 0.0.0.255

    line vty 0 4
    access-class 17

    Does anyone know why I did not need this in before my ipconfig -renew/release or why I still dont need it on my 1921 router?
     
  3. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    5,965
    This was your original access list to control CLI access to the router:

    access-list 23 permit 10.10.10.0 0.0.0.7

    line vty 0 4
    access-class 23 in

    Your wildcard mask for the standard access list 23 of 0.0.0.7 would prevent an IP address of 10.10.10.7 to be a valid IP for access. Because your subnet mask will be 255.255.255.248. Based on your IP scheme 10.10.10.0, ACL 23 would only allow IPs in the range of 10.10.10.1 through .6. The router is thinking .7 is the broadcast address. Your change to a wildcard mask of 0.0.0.255 meant you are using a subnet mask of 255.255.255.0 which allowed IP addresses in the range of 10.10.10.1 through .254. Hence why your change allowed your IP of 10.10.10.7 to work.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1038371

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice