connection refused in telnet! need help.:(

[ambotanoni]

need help badly.. just got my 851w router and just started configuring so sory if this is a noob question. hehe anyway, for some reason i cant seem to telnet into my router... i have alredy configured the console and VTY ports and passwords but whenever i try and telnet into it, it just sez connection refused! heres a copy of my running config... help would be GREATLY apreciated.

**************************************************************
Building configuration...

Current configuration : 4933 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-3526141414
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3526141414
revocation-check none
rsakeypair TP-self-signed-3526141414
!
!
crypto pki certificate chain TP-self-signed-3526141414
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33353236 31343134 3134301E 170D3032 30333031 30303139
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35323631
34313431 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DFB7 B76BDF0C 1CBC85CA 148C9DBD B79C1F3D E7970B48 970DEAFA 2D58EDE7
C615DA09 7581DBFE 3F04B5BD 413EE8FC 297DA752 F157C629 CA2CE826 DC55C72A
E3F7A756 27264D9D E494E444 80974B99 9F849DB4 3C02EF46 29FCF162 0657433E
1F1F4799 F4F00992 3E63F365 6F919FC5 72E5518A 1C01D3BA ACF11877 E87886AA
96F70203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 147BD132 0BFC8834 887EC4FF 2A0BDB5F A84F1694
F7301D06 03551D0E 04160414 7BD1320B FC883488 7EC4FF2A 0BDB5FA8 4F1694F7
300D0609 2A864886 F70D0101 04050003 8181001B 99D6A619 634F4EBE BE9C65F6
2ADD065F 08312A2F 7C0EDF43 6AB89D8A 2099FA56 45F74C35 111A76F1 21D7717E
9E803FAC 55A692D1 13578382 BE72E6BD 6990A8A3 51B31D10 44BD4258 E0EC05A1
65F7B29B 41E397E1 ECD04DC1 8DA83591 D530F09D 9BCED1A2 E0DD67A6 3EDE1940
9E05AC87 35200F2C 2C4EFCF2 3ECFB4B5 54C4CC
quit
username cisco privilege 15 secret 5 $1$ANwC$o3/xVCQbhdYBQCvCmIQzw/
username mykei privilege 15 secret 5 $1$lDL1$66ALRODb5AY/266aN1kVp0
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.1 255.255.255.0
ip tcp adjust-mss 1452
!
ip classless
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use
.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to

http://www.cisco.com/go/sdm

-----------------------------------------------------------------------
^C
banner motd ^C test ^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password fossil
login
transport input telnet ssh
!
scheduler max-task-time 5000
end

 

[MrOyvind]

Try to: router#(config)enable secret *password*
You must use the secret for login.

 

[NetRx]

The enable secret command still won't get passed a 'connection refused' message. Although you will need one configured to get into the router ultimately.

Are you trying to connect from an IP address in this range:

10.10.10.1 - 10.10.10.6?

The commands below restrict telnet access to the IPs referenced above:

line vty 0 4
 access-class 23 in
access-list 23 permit 10.10.10.0 0.0.0.7

 

[Almin]

Hi

I see that you have SSH installed as well, why don't you disable tenet and use SSH.. it's more secure anyway..

use transport input ssh to enable ssh and disable telnet

if you still wish to use telnet do the following

Router> en
Router# conf t
Router(config)# username admin privilege 15 secret blablablabal
Router(config)# line vty 0 4
Router(config-line)# login local
Router(config-line)# exec-timeout 5 30
Router(config-line)# access-class 23 in
Router(config-line)# transport input telnet
Router(config-line)# end
Router# wr

I copied your config into my router and applied the above configuration to the vty lines and it worked for me, the PC was able to telnet to it. But anyone here would suggest to use SSh instead because of security reasons. Download PuTTy and try it out, if not apply those lines and see what happens.. it should work.

 

[Quadratic]

He doesn't need to change any of that to get in. NetRx has it right. The access class statement is almost certainly the cause of the Connection Refused message.

While it should be a secret, a password statement will work. Also with privilege 15 added to the VTY lines, you don't need to have an enable password or secret to get privilege level 15 as long as you authenticate with the line password. The configuration as-written will work fine as long as he can match that ACL, and you certainly don't have to change exec-t settings.

Yes SSH is better, but he doesn't need it to solve this problem. All these things are good but irrelevant to what he's trying to do.

CCNP, CCDP