Help: Configuring Router

alu408

Hello guys, ran into some trouble today, basically i am trying to get connectivity from my router. I created an ip address which was 192.168.1.20. subnet mask 255.255.255.0. All my lights on the router are on and green. My ethernet cable is connected from my pc to my switch and the lights are on as well. I go on cmd and i ping 192.168.1.20 and i get this.

Pinging 192.168.1.20 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.


Ping statistics for 192.168.1.20:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

alu408

Interesting. I created another address. 192.168.1.35 subnet 255.255.255.0 and i ping with cmd and its giving me a connection. Is there a reason why that ip address worked and not the first one?

Pinging 192.168.1.35 with 32 bytes of data:
Reply from 192.168.1.35: bytes=32 time<1ms TTL=128
Reply from 192.168.1.35: bytes=32 time<1ms TTL=128
Reply from 192.168.1.35: bytes=32 time<1ms TTL=128
Reply from 192.168.1.35: bytes=32 time<1ms TTL=128


Ping statistics for 192.168.1.35:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

alu408

Even though i am getting a connection, once go on putty and try to use SSH it is not working. Network error: Connection refused.

advanex1

What IP did you assign the router and its interface? What are you trying to accomplish? As far as your SSH issue.. what did you do to configure SSH on the router?

Did you place the #transport input ssh command within your line vty 0 4?
Did you create a username and password?
Did you assign it a domain?
Did you run the #crypto key generate rsa command? From there you can use the #ip ssh command to modify what you want.

alu408

advanex1 wrote: »

What IP did you assign the router and its interface? What are you trying to accomplish? As far as your SSH issue.. what did you do to configure SSH on the router?

Did you place the #transport input ssh command within your line vty 0 4?
Did you create a username and password?
Did you assign it a domain?
Did you run the #crypto key generate rsa command? From there you can use the #ip ssh command to modify what you want.

For the router i assigned it 192.168.1.35 255.255.255.0. My Interface for fa0/0 is 192.168.1.30, fa0/1 is 192.168.2.8. I am just trying to get a connection going on putty so i can log into using SSH or telnet, but both giving me no connectivity. And yes i did place the transport input ssh command in the line vty 04. Here it is
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco
logging synchronous
login
transport input ssh

I did create a domain name as well under Aaron.local. And i did #crypto key generate rsa. and i put enable ssh version 2.

alu408

I am able to connect through serial but not telnet or ssh.

advanex1

Set line vty to:
#login local

You have to authenticate your ssh connections, either with a local login or AAA authentication:

Assign user name and password using the #username (username) password (password) command and try it again. If you can, post your #show run and #show ip ssh

Just realized you want to do both as well instead of just one or the other..

Set line vty to:
#transport input telnet ssh or #transport input all (for now)

alu408

advanex1 wrote: »

Set line vty to:
#login local

You have to authenticate your ssh connections, either with a local login or AAA authentication:

Assign user name and password using the #username (username) password (password) command and try it again. If you can, post your #show run and #show ip ssh

Just realized you want to do both as well instead of just one or the other..

Set line vty to:
#transport input telnet ssh or #transport input all (for now)

Current configuration : 3517 bytes
!
! Last configuration change at 05:02:55 UTC Thu Jan 7 2016
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AaronRouter
!
boot-start-marker
boot system flash c1841-adventerprisek9-mz.151-3.T4.bin
boot-end-marker
!
!
enable secret 5 $1$F6PK$m.CEE/qNCpUgZyD2yKWi//
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
no ip domain lookup
ip domain name Aaron.local
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1517657464
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1517657464
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-1517657464
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353137 36353734 3634301E 170D3136 30313036 32333032
35335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35313736
35373436 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C773 80418CFD 47449EFC 9822A007 EE8A2B9B FBD2F48B C6278884 208FFC20
C620307A AA4058A4 A1AEFBB4 D001FFF1 393A7119 7DDEDF85 320BFBD8 FEA49089
24AFAB4B 2B495875 861101C1 9434E6F3 F69EF228 B431CD32 3F297225 ABAF2BC6
6826B9DF 2A46DB92 E11064B0 5319763E DE025A06 DD03BC44 7753FB1C 02D11A1A
A3DD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14C5F40C 7FEB4D92 D967D972 42FD3B25 D9F6D25E E2301D06
03551D0E 04160414 C5F40C7F EB4D92D9 67D97242 FD3B25D9 F6D25EE2 300D0609
2A864886 F70D0101 04050003 81810010 5EC58ACC 0357B1F7 C4BCD5D5 F5172941
66517ED9 E5E4DD0D 1C8C7E43 7060F8A3 0EED2763 AFC492E0 A776121F 6DCE0DCA
26D8F5FB E013C5D4 5735636F 6E8F0056 CF646C4E EDD4DD2C 82F73163 0F09983E
0970C7EC 73C027A4 BF7409E8 81000406 C8FCE098 C159A50D DFE19E30 E65B7587
725E70D4 D65B0626 D9A39A9E 3B4C20
quit
!
!
license udi pid CISCO1841 sn FTX120620CZ
archive
log config
hidekeys
username router123 privilege 15 secret 5 $1$8hsc$YKsLAUEXC9rGsWGE/nw2v.
username Aaron password 0 cisco
username AaronsLab
!
redundancy
!
!
ip ssh version 2
!
!
!
!
!
!
!
interface FastEthernet0/0
description connection to S1 port 2
ip address 192.168.1.30 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description connection to S2 port 8
ip address 192.168.2.8 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
description T1 serial connection to R2 port 0/1
ip address 10.1.1.1 255.255.255.252
encapsulation ppp
service-module t1 clock source internal
!
interface Serial0/1/0
description T1 serial connection to R3 port 0/0
ip address 10.1.3.2 255.255.255.252
encapsulation ppp
!
router rip
version 2
network 10.0.0.0
network 192.168.1.0
network 192.168.2.0
no auto-summary
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
logging esm config
!
!
!
!
!
!
control-plane
!
!
banner login ^C
This is the R1 Router
^C
banner motd ^Cthis router is owned by Aaron.^C
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line aux 0
password cisco
login
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco
logging synchronous
login local
transport input all
!
scheduler allocate 20000 1000
end


#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDHc4BBjP1HRJ78mCKgB+6KK5v70vSLxieIhCCP/CDG
IDB6qkBYpKGu+7TQAf/xOTpxGX3e34UyC/vY/qSQiSSvq0srSVh1hhEBwZQ05vP2nvIotDHNMj8pciWr
ryvGaCa53ypG25LhEGSwUxl2Pt4CWgbdA7xEd1P7HALRGhqj3Q==
AaronRouter#

advanex1

Any luck on either?

alu408

advanex1 wrote: »

Any luck on either?

No luck at all. Tried both and it said Network Error: connection refused.

advanex1

What IP address do you have the host assigned and on what port is the switch connected?

alu408

advanex1 wrote: »

What IP address do you have the host assigned and on what port is the switch connected?

So what im thinking is the IP Address i created in my Local area connection right? I used 192.168.1.35. Subnet 255.255.255.0 The ethernet cable is connected to Switch1 Port 0/9. The light is lighting up as well on the switch and even on my desktop.

advanex1

I'm running out of options, my Jedi is not as strong as it once was. Have you configured the management vlan on the switch? Can you give me a show run of the switch?

alu408

advanex1 wrote: »

I'm running out of options, my Jedi is not as strong as it once was. Have you configured the management vlan on the switch? Can you give me a show run of the switch?

Haha its okay, I did configure the vlan on the switch awhile back. Vlan1 with an ip address of 192.168.1.1

Current configuration : 1857 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SW1
!
enable secret 5 $1$8AX0$HVUdjcQ9hBsRV5tzonZ2d.
enable password 7 045802150C2E
!
username Aaron$ secret 5 $1$fXEb$JhffLwbC8mataPD9Cud3G1
errdisable recovery cause psecure-violation
ip subnet-zero
!
ip domain-name aaronslab.com
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security mac-address sticky 4016.7e77.215e
speed 100
duplex full
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
no ip route-cache
!
ip http server
banner login ^C Unauthorized Access ^C
banner motd ^CWelcome to AaronS Switches^C
!
line con 0
exec-timeout 0 0
password 7 0822455D0A16
logging synchronous
login
line vty 0 4
password 7 0822455D0A16
login
line vty 5 15
password 7 104D000A0618
login
!
!
end

advanex1

ip domain-name aaronslab.com
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2

Can you change the domain name to the same as the router for shits and giggles? Can you also try and ssh from the switch into the router instead of your PC first? If that doesn't work, try and remove the SSH information from your switch and try again.

alu408

advanex1 wrote: »

ip domain-name aaronslab.com
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2

Can you change the domain name to the same as the router for shits and giggles? Can you also try and ssh from the switch into the router instead of your PC first? If that doesn't work, try and remove the SSH information from your switch and try again.

How would i go about using SSH from the switch into the router? And how would i remove the sSH from the switch? Is it #no crypto key generate rsa? Thank you

advanex1

in the enable prompt type:

#ssh 192.168.1.30 - it should prompt you for your user name and password

if not try

#ssh -l (username) 192.168.1.30

If you created crypto keys on the switch, you need to type #crypto key zeroize rsa I believe.

Do me a favor too, run show ssh on your router.

alu408

advanex1 wrote: »

in the enable prompt type:

#ssh 192.168.1.30 - it should prompt you for your user name and password

if not try

#ssh -l (username) 192.168.1.30

If you created crypto keys on the switch, you need to type #crypto key zeroize rsa I believe.

Do me a favor too, run show ssh on your router.

I am Typing in ssh | Aaron$ 192.168.1.35 and its not working, saying invalid input.

alu408

SW1#ssh 192.168.1.35
% No user specified nor available for SSH client

advanex1

try

SW1# ssh 192.168.1.30 - NOT 192.168.1.35 (you assigned 35 as your host IP)

or

SW1# ssh -l (L) Aaron 192.168.1.30 (the -l identifies a user name)

We are trying to troubleshoot connecting through SSH to your router, we are not trying to connect to your host. What I'm really going to laugh about.. is if this whole time you've been trying to SSH into yourself... Not laughing to make fun of you.. but laughing in general because it's an easy thing to look over.

alu408

advanex1 wrote: »

try

SW1# ssh 192.168.1.30 NOT 192.168.1.35 (you assigned 35 as your host IP)

I tried using either of those commands you told me yet it does it work as well. SW1#ssh -| AaronsSwitch 192.168.1.30 ^
% Invalid input detected at '^' marker.



SW1# ssh -l (L) Aaron 192.168.1.30 (the -l identifies a user name)

We are trying to troubleshoot connecting through SSH to your router, we are not trying to connect to your host. What I'm really going to laugh about.. is if this whole time you've been trying to SSH into yourself... Not laughing to make fun of you.. but laughing in general because it's an easy thing to look over.

haha oh my..i think your right i have been trying to SSH into myself this whole time and i didnt realize i am not trying to SSH into another device, but i thought for lab purposes your able to SSH or telnet into your own?. I was just following a youtube video, https://www.youtube.com/watch?v=5JfmP3l62rU&index=9&list=PLhm7TO7Y354QPnO7ePCyiNT6B1jMEUWMp near the end hes able to ping.

alu408

Even after using those commands neither of them work
SW1#ssh -| AaronsSwitch 192.168.1.30
^
% Invalid input detected at '^' marker.

advanex1

You're using -| and not -l (lower case L). SW1# ssh -l (lowercase L) Aaron (not aaronsswitch)192.168.1.30

Copy and paste this into your enable mode on the switch:

ssh -l Aaron 192.168.1.30

If your host (PC) has an IP address of 192.168.1.35, how would you SSH into yourself? You'd have to try and SSH into your router where the SSH authentication is. You assigned the router an IP address of 192.168.1.30, so you'd try and SSH into it there.

Ping your router from your switch and then if you receive a good ping try and telnet into your router from your switch:
SW1# telnet 192.168.1.30

and let me know what happens

alu408

advanex1 wrote: »

You're using -| and not -l (lower case L). SW1# ssh -l (lowercase L) Aaron (not aaronsswitch)192.168.1.30

Copy and paste this into your enable mode on the switch:

ssh -l Aaron 192.168.1.30

If your host (PC) has an IP address of 192.168.1.35, how would you SSH into yourself? You'd have to try and SSH into your router where the SSH authentication is. You assigned the router an IP address of 192.168.1.30, so you'd try and SSH into it there.

Ping your router from your switch and then if you receive a good ping try and telnet into your router from your switch:
SW1# telnet 192.168.1.30

and let me know what happens

I understand now haha wow. The .30 was from router that i have assigned. I telnet into the router and it works.

SW1#telnet 192.168.1.30
Trying 192.168.1.30 ... Open
this router is owned by Aaron.
This is the R1 Router




User Access Verification


Username: cisco
Password:
% Login invalid


Username: ciossk
Password:
% Login invalid


Username: Aaron
Password:
AaronRouter>en
Password:


However when i try to ssh to the router does not work.

SW1#ssh -l Aaron 192.168.1.30
Trying 192.168.1.30...Open


[Connection to 192.168.1.30 aborted: error status 0]
SW1#

advanex1

Okay, try the SSH without the "-l Aaron" this time and let me know what happens. I'm going to look up the error and grab some lunch, I'll be right back. It looks like the session is opening, so I'm not sure why it's aborting.

alu408

advanex1 wrote: »

Okay, try the SSH without the "-l Aaron" this time and let me know what happens. I'm going to look up the error and grab some lunch, I'll be right back. It looks like the session is opening, so I'm not sure why it's aborting.

Tried that as well, SW1#ssh 192.168.1.30% No user specified nor available for SSH client

Take your time, no worries.

alu408

advanex1 wrote: »

Okay, try the SSH without the "-l Aaron" this time and let me know what happens. I'm going to look up the error and grab some lunch, I'll be right back. It looks like the session is opening, so I'm not sure why it's aborting.

I tried that way and it did not work.



SW1#ssh 192.168.1.30
% No user specified nor available for SSH client

advanex1

Interesting, so it opens a session when you place the "-l Aaron" but then it closes due to an abort error... Like I said, I'm not that strong with the force anymore. I'll keep looking for the error.

In the mean time, try and use other usernames and passwords. Create them first, then use them in the "-l (username)" command.

Also, try and zeroize the keys on the router, then run the generate key command again. Then try and login.

alu408

advanex1 wrote: »

Interesting, so it opens a session when you place the "-l Aaron" but then it closes due to an abort error... Like I said, I'm not that strong with the force anymore. I'll keep looking for the error.

In the mean time, try and use other usernames and passwords. Create them first, then use them in the "-l (username)" command.

Also, try and zeroize the keys on the router, then run the generate key command again. Then try and login.

It worked when i open up putty and tried using SSH. It did not say no connection this time. It told me to login, however i put in my information which is right it does not let me log in. I plan to reset the whole config and do it again for more practice but i think i got it.

advanex1

Okay, good deal. Hopefully I was helpful and not hindering, heh. Take it easy.

ebohlman

One thing to watch out for is an SSH version mismatch between devices; if you're trying to SSH from a device using Version 2 to a device using Version 1, for example, you'll get a refused connection.