Cisco 2509 denys access to line/console connections

[ClimbingColorado]

Hello,

I've been putting together a home lab this week and I'm having some trouble with my 2509. I've configured it (configuration below) using the advice offered on several sites on the web. My problem is that I can't consistently access the various line/console connections. When I try to connect using telnet in Windows Vista I get the following error message:

C:\Users\Rob>telnet 192.168.1.200 2002
Connecting To 192.168.1.200...Could not open connection to the host, on port 2002: Connect failed

(I normally use Putty but when it fails to connect it simply closes the window without giving any indication as to why it failed)

If I disconnect the octopus cable from an inaccessible console port and plug a laptop into it, everything looks good. I tried power cycling the 2509 twice without fixing the problem.

Here's the output of "show users":

TermServ#show user
    Line       User       Host(s)              Idle       Location
   1 tty 1                idle                 00:00:00 192.168.1.101
   2 tty 2                idle                 00:00:00
   3 tty 3                idle                 00:00:00
   4 tty 4                idle                 00:00:00
   5 tty 5                idle                 00:00:09
   6 tty 6                idle                 00:00:20 192.168.1.101
   7 tty 7                idle                 00:00:16 192.168.1.101
   8 tty 8                idle                 00:00:00
* 10 vty 0     admin      idle                 00:00:00 192.168.1.101

  Interface    User               Mode         Idle     Peer Address

TermServ#

You can see the three good connections I have active. The ports without any connection info are inaccessible to me.

Here's my running config:

TermServ#show run
Building configuration...

Current configuration : 1152 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname TermServ
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$mKYp$HSdUyF.h9ztSmdXCfBnBd1
!
no aaa new-model
ip subnet-zero
no ip domain lookup
ip host router1 2001 10.0.0.1
ip host router2 2002 10.0.0.1
ip host router3 2003 10.0.0.1
ip host router4 2004 10.0.0.1
ip host router5 2005 10.0.0.1
ip host switch1 2006 10.0.0.1
ip host switch2 2007 10.0.0.1
ip host switch3 2008 10.0.0.1
!
username admin privilege 15 secret 5 $1$2ysB$oituc4JAiei3kl6KEJaF01
!
!
!
!
interface Loopback0
 description Interface for Terminal Server Connections
 ip address 10.0.0.1 255.255.255.0
!
interface Ethernet0
 description To Home Network
 ip address 192.168.1.200 255.255.255.0
!
interface Serial0
 ip address 172.16.0.22 255.255.255.252
 encapsulation ppp
!
interface Serial1
 ip address 172.16.0.26 255.255.255.252
 encapsulation ppp
!
no ip http server
ip classless
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous level all
line 1 8
 transport input telnet
line aux 0
 transport input all
line vty 0 4
 login local
!
end

TermServ#

Any thoughts on why I'm having trouble?

Thanks in advance,

Rob

 

[burtsbees]

First off, you need to research reverse telnet. Second, you need to know the purpose of the octopus cable---it is for console connections via reverse telnet. Third, you need to set up a password for the vty lines. Fourth, for straight telnet, it's port 23.

Do you have multiple Cisco devices connected via octopus cable?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[ClimbingColorado]

Hello BurtsBees,

Here are links to some of the references I used while researching this:

http://www.petri.co.il/how-to-configure-cisco-router-as-terminal-server.htm

http://ciscotips.wordpress.com/2006/06/26/configuring-a-cisco-router-as-a-terminal-server/

http://www.tech-recipes.com/rx/719/configuring-a-cisco-router-as-a-terminal-server/

Using these sources, I've created a mostly working configuration. Last night when I powered up my equipment, all eight of the console connections worked during my initial connection attempt. However, I closed all of the connections (thinking I was done with what I was working on) and then tried to re-connect to everything again. On the second connection attempt I was only able to get 5 of the connections to work. The method by which I closed all of my connections was the same, exit out of the router/switch and then close the putty window.

Reverse telnet is briefly explained in these sources as is the purpose of the octopus cable. If I din't know that much already, I wouldn't have been able to get this far. Passwords are a good practice but this lab is not connected to the internet and sitting at my house. I'm not concerned about someone breaking into my equipment.

My home lab is comprised of the following:

2621XM 32/128 w/2x WIC-1DSU-T1 and 1x NM-4A/S
2621XM 32/128 w/2x WIC-1DSU-T1
3x 2505 16/16
2509 16/16
1601 16/16 w/1x WIC-1DSU-T1
2950-12 SI
2950-24 SI
3550-48 SI

I've attached a link to a picture of my equipment.

Thanks in advance,

Rob

 

[burtsbees]

You cannot telnet into a Cisco device without a password on the lines, period. Reverse telnet is a different story...more later...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[ClimbingColorado]

Hello BurtsBees,

I have AAA enabled and I've configured my vty ports to use the local user database (versus a TACACS or Radius server).

If I hadn't configured AAA or a password, which would be clear text, (or at the very best encrypted with the weak Vigenère cipher) the router would reply with "Password required, but none set".

Any thoughts on why my connections are working inconsistently?

Thanks in advance,

Rob
CCNA, CCNA Security, SNAF
Network+, Security+

 

[ClimbingColorado]

Looking over my config, I don't actually have AAA enabled. However, I am still using the local user database which is good enough for my home lab.

-Rob

 

[ISPKing]

Hey burts, just for your fyi, if you type no login on the vty lines...... you dont need a password, drops you right into exec.

mr corlorado. use this link

http://www.thebryantadvantage.com/CCNACCNPHomeLabAccessServerCabling.htm

CCNP

 

[burtsbees]

Whoops, did not notice...

ISP---yup. Maybe I should not have said, "period". So few people ever purposely put "no login", as that would be as dumb as putting 400 hosts on one subnet, like in a tcp/ip forum post here...lol

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[ISPKing]

^^yeah i figured you new, i forgot we had to protect the Innocent here.

CCNP

 

[burtsbees]

Did you see that post in the TCP/IP forum?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[ISPKing]

^^^i looked for it briefly i cant find it?

CCNP

 

[burtsbees]

http://www.tek-tips.com/viewthread.cfm?qid=1595298&page=1

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[ISPKing]

^^^hahahaaha, hall of fame that.

CCNP