Access Server, Connection refused by remote host???

pujan96pujan96 Member Posts: 121 ■■■□□□□□□□
Hi guys, Im trying to set up a terminal/access server for my 2 switches and 2 routers from the 3rd router (access server).

Whenever I try to connect to a device i get the refused by remote host message, my config is attached below:

Current configuration : 722 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Access_Server
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip host sw1 2001 10.10.10.10
ip host r1 2002 10.10.10.10
ip host r2 2003 10.10.10.10
ip host sw2 2004 10.10.10.10
!
!
!
!
interface Loopback0
ip address 10.10.10.10 255.255.255.0
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip http server
ip classless
!
!
!
!
line con 0
line 1 16
exec-timeout 0 0
no exec
transport input all
autohangup
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
!
!
end




any help???

Thanks
Pujan
[X] CCNA R&S

[X] CCNP Route 300-101
[  ] CCNP Switch 300-115
[  ] CCNP T-Shoot 300-135

[  ]  NPDESI 300-550

[  ] CCIE R&S Written
[  ] CCIE R&S LAB

Comments

  • varelgvarelg Banned Posts: 790
    Have you looked at the reason why Ethernet0 doesn't have ip address? Most of the messages you posted are status feedback and "no ip address" seems like an error message, in addition to messages starting with "line", so it might be a typo in some config file.
  • clarsonclarson Member Posts: 903 ■■■■□□□□□□
    looks pretty good.

    I'm not using any of these, so maybe they work, maybe not.
    autohangup
    stopbits 1
    flowcontrol hardware

    and you connect to a to remote piece of equipment by telneting to the access server with the proper port number.
    and you can not telnet to the access server until it has an ip address assigned for eth0
    and the interface is up and up

    I'd divide this into two parts.
    1) be able to telnet to the access server. config vty so you are able telnet into the access server.
    can't telnet to the access server, you are not telneting to anything connected to the access server.
    and, if you ever have issues with the access server it might be nice to log on to it.

    2) once you can telnet to the access server, then you can deal with issues dealing with the reverse telnet connections.
    looks like you have that set up right.
  • DCDDCD Member Posts: 473 ■■■■□□□□□□
    If you are trying to telnet you're missing a IP address. What are the config for the rest of the equipment? What are you using to connect to the other router and switches and what port are you plug in?
  • mikeybinecmikeybinec Member Posts: 484 ■■■□□□□□□□
    clear line (line #)
    clear line vty (#)

    The few times I remote accessed through an access server, sometimes it required the above commands to get it working
    properly
    Cisco NetAcad Cuyamaca College
    A.S. LAN Management 2010 Grossmont College
    B.S. I.T. Management 2013 National University
  • rob42rob42 Member Posts: 423
    On the back of this question, could someone answer this for me?

    The back story is that I’m studying for my CCNA and I’m just about to cover this very topic: Securing Access with External Authentication Servers.

    As part of my studies, I use Cisco Packet Tracer to reconstruct the examples shown in the book, and I’m about to set up a server running the AAA service.

    I don’t really understand much of the config file that pujan96 has posted or which device it relates too (R3 is the assumption), but my reading only refers to the AAA service with relation to an external AAA server using the RADIUS or TACACS+ protocols, rather than a ‘Router’ running the AAA service, and none of the Routers in C.P.T seem to offer AAA as a service.

    Q1: In the real world, is this something that I’m likely to come across (that is, Routers running the AAA service)?

    Q2: Under what circumstance would you configure a Loopback Interface with anything other than 127.0.0.1 (I see that pujan96 has interface Loopback0 as 10.10.10.10/24)

    My intention is not to hijack this post, but to learn from it.

    Cheers.
    No longer an active member
  • DCDDCD Member Posts: 473 ■■■■□□□□□□
    rob42 wrote: »

    I don’t really understand much of the config file that pujan96 has posted or which device it relates too (R3 is the assumption), but my reading only refers to the AAA service with relation to an external AAA server using the RADIUS or TACACS+ protocols, rather than a ‘Router’ running the AAA service, and none of the Routers in C.P.T seem to offer AAA as a service.

    Q1: In the real world, is this something that I’m likely to come across (that is, Routers running the AAA service)?

    Q2: Under what circumstance would you configure a Loopback Interface with anything other than 127.0.0.1 (I see that pujan96 has interface Loopback0 as 10.10.10.10/24)


    Cheers.

    It is router 3. You can run AAA service local or to a external server. Q1 yes you will see it very often. It easier to manage passwords and authorization[FONT=arial, sans-serif] to devices. Q2 You use a IP address to identify and make reachable through the network.[/FONT]
  • rob42rob42 Member Posts: 423
    DCD wrote: »
    It is router 3. You can run AAA service local or to a external server. Q1 yes you will see it very often. It easier to manage passwords and authorization to devices. Q2 You use a IP address to identify and make reachable through the network.


    Thanks for the reply.

    I understand the advantages of using the AAA service and the fact that the service doesn't need to be local i.e it can be configured on an external server, but when you say "local", just to be clear, do you mean that the service can be run on a local Router?

    Also, I understand the basics of IP Addressing and what an IP Address is, what I don't understand is why you'd assign a Loopback Interface a external IP address, as is the case here.

    My understanding is that any traffic that a computer program sends on the loopback network is addressed to the same computer, the most commonly used IP address on the loopback network being 127.0.0.1/8 for IPv4. So why would you want to change it, as pujan96 has done, here?

    Sorry to be such a 'noob', but as I said, I'd like to learn from this as I have huge gaps in my knowledge.

    Thanks.
    No longer an active member
  • clarsonclarson Member Posts: 903 ■■■■□□□□□□
    your aaa server is run on a server and not a router or a switch. And, the server has redundancy. but, should a router or switch not be able to reach the aaa server, you configure a way to get in locally.

    And, you don't want the aaa service running on your router or switch. you want your routers and switches busy routing and switching. not serving up passwords.

    A terminal or comm server commonly provides out-of-band access for multiple devices. A terminal server is a router with multiple, low speed, asynchronous ports that are connected to other serial devices, for example, modems or console ports on routers or switches.
    The terminal server allows you to use a single point to access the console ports of many devices. A terminal server eliminates the need to configure backup scenarios like modems on auxiliary ports for every device. You can also configure a single modem on the auxiliary port of the terminal server, to provide dial-up service to the other devices when network connectivity fails.

    he is configuring reverse telnet. as part of that you need to use the "ip host" command to define the name-to-address mapping of the static host in the host cache. (yeah, your not going to see this on the ccna exam) to do this you need an ip address. and you just create one that will work in your environment by using a loopback.
  • rob42rob42 Member Posts: 423
    Thanks for the explanation. My mistake; he’s setting up a Terminal Server, not an External Authentication Server, so AAA has noting to do with it, right?

    I saw the ‘AAA’ part in the config and came to an incorrect conclusion, then the Loopback thing just confused me all the more.

    But, I’ve learned from this and that’s what matters.

    Thanks for taking the time to explain. icon_cool.gif
    No longer an active member
  • clarsonclarson Member Posts: 903 ■■■■□□□□□□
    yes that is right.

    and the command was "no aaa new-model".
    and the first thing you do when configuring for an aaa server is to use the "aaa new-model" command.
    so the "no aaa new-model" is telling you that there isn't any aaa stuff going on here.
  • DCDDCD Member Posts: 473 ■■■■□□□□□□
    rob42 wrote: »
    Thanks for the reply.

    I understand the advantages of using the AAA service and the fact that the service doesn't need to be local i.e it can be configured on an external server, but when you say "local", just to be clear, do you mean that the service can be run on a local Router?

    Also, I understand the basics of IP Addressing and what an IP Address is, what I don't understand is why you'd assign a Loopback Interface a external IP address, as is the case here.



    Thanks.

    Yes you can run the service local on the router. just a sample.
    username XXX password XXXX
    aaa new-model
    aaa authentication login default local Router(
    line vty 0 4
    login authentication default

    If you have a routable IP address on the loopback it never goes down unless the router goes down and you can SSH/Telnet to that address and not have to worry about the interface is up. And it come in handy for OSPF.

    Also there are some good video on youtube for AAA.
  • rob42rob42 Member Posts: 423
    Thank you very much for taking the time to reply and for some really useful information; I appreciate it. icon_cool.gif
    No longer an active member
Sign In or Register to comment.