1. Home
  2. Cisco Systems
  3. 851w management access via telnet / sdm

851w management access via telnet / sdm

Hi

Please forgive me, i am new to Cisco routers and I am slowly losing my hair...

I have added a Vlan and a couple of wireless interfaces using a template provided by the kind people at techrepulic.com.

formatting link
However, whenever I do this I lose the ability to connect via telnet and SDM. I have spent two days trying to resolve this, I need some help now.

Would someone mind taking a look at the following config?

Thanks

ciscobox#show config Using 5974 out of 131072 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ciscobox ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings enable secret 5 enable password 7 ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local ! ! aaa session-id common ! crypto pki trustpoint TP-self-signed-821777187 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-821777187 revocation-check none rsakeypair TP-self-signed-821777187 ! ! crypto pki certificate chain TP-self-signed-821777187 certificate self-signed 01 nvram:IOS-Self-Sig#1B.cer dot11 syslog ! dot11 ssid ABCGuestWLAN vlan 20 authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 03257928211A245F5A3A1C0605171F ! dot11 ssid ABCInternalWLAN vlan 1 authentication open authentication key-management wpa wpa-psk ascii 7 106F2B3A323B33253F012939213C ! no ip dhcp use vrf connected ip dhcp excluded-address 10.10.10.1 ip dhcp excluded-address 192.168.1.1 192.168.1.99 ip dhcp excluded-address 192.168.2.1 192.168.2.99 ! ip dhcp pool sdm-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2 ! ip dhcp pool Internal-net import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 domain-name ajbates.co.uk lease 4 ! ip dhcp pool VLAN20 import all network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 domain-name ajbates.co.uk lease 4 ! ! ip cef ip inspect name MYFW tcp ip inspect name MYFW udp no ip domain lookup ip domain name ajbates.co.uk ! ! ! username alex privilege 15 password 7 ! ! archive log config hidekeys ! ! ! bridge irb ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ip address dhcp ip access-group Internet-inbound-ACL in ip inspect MYFW out ip nat outside ip virtual-reassembly ip tcp adjust-mss 1460 duplex auto speed auto no cdp enable ! interface Dot11Radio0 no ip address no dot11 extension aironet ! encryption vlan 1 mode ciphers tkip ! encryption vlan 20 mode ciphers tkip ! ssid ABCGuestWLAN ! ssid ABCInternalWLAN ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0

36.0 48.0 54.0 channel 2462 station-role root no cdp enable ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio0.20 description Guest wireless LAN - routed WLAN encapsulation dot1Q 20 ip address 192.168.2.1 255.255.255.0 ip access-group Guest-ACL in ip inspect MYFW out ip nat inside ip virtual-reassembly no cdp enable ! interface Vlan1 description Internal Network ip address 10.10.10.1 255.255.255.248 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 bridge-group 1 bridge-group 1 spanning-disabled ! interface BVI1 description Bridge to Internal Network ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 dhcp ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet4 overload ! ip access-list extended Guest-ACL deny ip any 192.168.1.0 0.0.0.255 permit ip any any ip access-list extended Internet-inbound-ACL permit udp any eq bootps any eq bootpc permit icmp any any echo permit icmp any any echo-reply permit icmp any any traceroute permit gre any any permit esp any any ! access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 permit 192.168.2.0 0.0.0.255 access-list 23 permit 10.10.10.0 0.0.0.7 no cdp run ! control-plane ! bridge 1 route ip banner exec ^C % Password expiration warning.

-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and it provides the default username "cisco" for one-time use. If you have already

used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be

able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you want to use.

----------------------------------------------------------------------- ^C banner login ^C

----------------------------------------------------------------------- Cisco Router and Security Device Manager (SDM) is installed on this device. This feature requires the one-time use of the username "cisco" with the password "cisco". The default username and password have a privilege le vel of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username privilege 15 secret 0 no username cisco

Replace and with the username and password you want to use .

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to

formatting link
^C ! line con 0 password 7 no modem enable line aux 0 line vty 0 4 access-class 23 in privilege level 15 password 7 transport input telnet ssh ! scheduler max-task-time 5000 end

ciscobox#

Reply to
thedude
Loading thread data ...

I wrote the #FISTLY# bit below first, however it seems that you have network design issues too.

You have:-

interface Dot11Radio0.1 bridge group 1

interface Vlan1 bridge group 1 ip address 10.10.10.1 255.255.255.248

interface BVI1 ip address 192.168.1.1 255.255.255.0 ! this is the IP interface for brodge group 1

This means that you have a single boradcast domain with two interfaces and two IP addresses.

How many internal subnets do you want?

At a guess maybe you want

interface Vlan1 no ip address

no access-list 23

access-list 23 permit 192.168.1.0 0.0.0.255 ! allow management from 192.168.1.x

line vty 0 4 login local no pass ! you wont need this

## FIRSTLY ##

try adding

line vty 0 4 login local no pass ! you wont need this

Then try telnet and ssh.

I ASSUME that you are accessing it from VLAN 1. i.e. compatible with access-list 23 permit 10.10.10.0 0.0.0.7

Otherwise you have to add the subnet to access-list 23.

If that does not do the job then from my working one:-

xxx#sh run | inc aaa no aaa new-model ! I have no other lines with aaa

So you should:- no aaa new-model no aaa session-id common ! never seen that before

no aaa authentication login default local no aaa authorization exec default local

If you fancy aaa new-model then maybe

aaa new-model aaa authentication login default local

could be added once you get it going.

I have never used "aaa auth exec".

I don't use the web interface so can't really help with that. I can't see why your's might not be working unless you are not using the 10.x.x.x subnet. In that case fix acl 23.

You will not be able to access the internet from the 10 network unless you add say:-

access-list 1 permit 10.10.10.0 0.0.0.7

Reply to
bod43

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.