“telnet 23端口失败”的一点心得
2009-11-11 09:19
423 查看
用了一个上午的时间查看配置的问题,其实配置并没有任何问题,如果是配置的问题可能很快就会得到答案,也不会浪费这么多时间了,后来终于找到了问题的答案,很是惊喜。我把它共享出来,希望博友们不要在同样的问题上浪费时间,也希望自己能更深刻的记住这个经历。
问题描述:
PC机(ip:10.140.60.56)直连到交换机的f0/40端口后,可以telnet 10.140.60.254 登陆交换机,但是telnet 10.140.254.254 提示打开23端口失败。。。。。。。。。。。。。。
以下是交换机的配置信息。
waiwang#show run
Building configuration...
Current configuration : 5585 byt
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname waiwang
!
enable secret 5 $1$KZxI$/YmqPXFI
!
no aaa new-model
ip subnet-zero
ip routing
!
ip dhcp-server 10.140.0.3
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
------------------------------------------------------------
!
vlan internal allocation policy a
!
interface FastEthernet0/1
switchport access vlan 140
!
interface FastEthernet0/2
switchport access vlan 148
!
interface FastEthernet0/3
switchport access vlan 140
!
interface FastEthernet0/4
switchport access vlan 140
!
interface FastEthernet0/5
switchport access vlan 140
!
interface FastEthernet0/6
switchport access vlan 140
!
interface FastEthernet0/7
switchport access vlan 140
!
interface FastEthernet0/8
switchport access vlan 140
!
interface FastEthernet0/9
switchport access vlan 140
!
interface FastEthernet0/10
switchport access vlan 140
!
interface FastEthernet0/11
switchport access vlan 140
!
interface FastEthernet0/12
switchport access vlan 140
!
interface FastEthernet0/13
switchport access vlan 140
!
interface FastEthernet0/14
switchport access vlan 140
!
interface FastEthernet0/15
switchport access vlan 140
!
interface FastEthernet0/16
switchport access vlan 140
!
interface FastEthernet0/17
switchport access vlan 140
!
interface FastEthernet0/18
switchport access vlan 140
!
interface FastEthernet0/19
switchport access vlan 140
!
interface FastEthernet0/20
switchport access vlan 140
!
interface FastEthernet0/21
switchport access vlan 140
!
interface FastEthernet0/22
switchport access vlan 140
!
interface FastEthernet0/23
switchport access vlan 140
!
interface FastEthernet0/24
switchport access vlan 140
!
interface FastEthernet0/25
switchport access vlan 140
!
interface FastEthernet0/26
switchport access vlan 140
!
interface FastEthernet0/27
switchport access vlan 140
!
interface FastEthernet0/28
switchport access vlan 140
!
interface FastEthernet0/29
switchport access vlan 140
!
interface FastEthernet0/30
switchport access vlan 140
!
interface FastEthernet0/31
switchport access vlan 140
!
interface FastEthernet0/32
switchport access vlan 140
!
interface FastEthernet0/33
switchport access vlan 140
!
interface FastEthernet0/34
switchport access vlan 140
!
interface FastEthernet0/35
switchport access vlan 140
!
interface FastEthernet0/36
switchport access vlan 140
!
interface FastEthernet0/37
switchport access vlan 140
!
interface FastEthernet0/38
switchport access vlan 140
!
interface FastEthernet0/39
switchport access vlan 160
!
interface FastEthernet0/40
switchport access vlan 160
!
interface FastEthernet0/41
switchport access vlan 160
!
interface FastEthernet0/42
switchport access vlan 140
!
interface FastEthernet0/43
switchport access vlan 148
!
interface FastEthernet0/44
switchport access vlan 144
!
interface FastEthernet0/45
switchport access vlan 140
!
interface FastEthernet0/46
switchport access vlan 100
!
interface FastEthernet0/47
switchport access vlan 99
switchport mode access
!
interface FastEthernet0/48
switchport access vlan 99
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
description "Switch Default GateWay"
ip address 10.140.254.254 255.255.255.0
!
interface Vlan99
description "to TianRongXing Firewall"
ip address 10.140.8.254 255.255.255.0
ip access-group attack-port in
ip access-group attack-port out
!
interface Vlan100
ip address 10.140.0.254 255.255.255.0
!
interface Vlan140
description "to XingZhengLou"
ip address 10.140.40.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan144
description "caiwu"
ip address 10.140.44.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan148
ip address 10.140.48.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan160
ip address 10.140.60.254 255.255.255.0
ip helper-address 10.140.0.3
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.140.8.1
ip http server
!
ip access-list extended attack-port
deny udp any any eq tftp
deny tcp any any eq 4444
deny tcp any any eq 135
deny udp any any eq 135
deny tcp any any eq 1024
deny udp any any eq netbios-ns
deny tcp any any eq 6667
deny tcp any any eq 2644
deny udp any any eq 2644
deny tcp any any eq 2645
deny udp any any eq 2645
deny udp any any eq netbios-dgm
deny udp any any eq netbios-ss
deny tcp any any eq 139
deny tcp any any eq 213
deny udp any any eq 213
deny udp any any eq 593
deny tcp any any eq 593
deny tcp any any eq 445
deny tcp any any eq 5554
deny tcp any any eq 9995
deny tcp any any eq 9996
deny udp any any eq 1434
deny tcp any any eq 1068
deny tcp any any eq 5800
deny tcp any any eq 5900
deny tcp any any eq 10080
deny tcp any any eq 455
deny udp any any eq 455
deny tcp any any eq 3208
deny tcp any any eq 1871
deny tcp any any eq 4510
deny udp any any eq 4334
deny tcp any any eq 4331
deny tcp any any eq 4557
deny tcp any eq exec any
deny tcp any any eq exec
permit ip any any
ip access-list extended permit600
permit ip any 10.140.0.0 0.0.0.255
permit ip any 10.140.254.0 0.0.0.255
permit ip any 10.140.8.0 0.0.0.255
deny ip any 10.140.0.0 0.0.255.255
permit ip any any
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
no login
!
!
end
waiwang#
问题解决:
使用show ip interface brief便得到了答案
看到了吗,vlan1的protocol is down,这便是原因所在;必须至少有一个 active client 接入vlan1 ,一旦存在一个 active client 在这个switch 的vlan1上,你将要看到vlan 1 up/up ,此刻 telnet 10.140.254.254 将不会报23端口打开失败!本文出自 “hongguang” 博客,请务必保留此出处http://hongguang.blog.51cto.com/363382/224942
问题描述:
PC机(ip:10.140.60.56)直连到交换机的f0/40端口后,可以telnet 10.140.60.254 登陆交换机,但是telnet 10.140.254.254 提示打开23端口失败。。。。。。。。。。。。。。
以下是交换机的配置信息。
waiwang#show run
Building configuration...
Current configuration : 5585 byt
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname waiwang
!
enable secret 5 $1$KZxI$/YmqPXFI
!
no aaa new-model
ip subnet-zero
ip routing
!
ip dhcp-server 10.140.0.3
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
------------------------------------------------------------
!
vlan internal allocation policy a
!
interface FastEthernet0/1
switchport access vlan 140
!
interface FastEthernet0/2
switchport access vlan 148
!
interface FastEthernet0/3
switchport access vlan 140
!
interface FastEthernet0/4
switchport access vlan 140
!
interface FastEthernet0/5
switchport access vlan 140
!
interface FastEthernet0/6
switchport access vlan 140
!
interface FastEthernet0/7
switchport access vlan 140
!
interface FastEthernet0/8
switchport access vlan 140
!
interface FastEthernet0/9
switchport access vlan 140
!
interface FastEthernet0/10
switchport access vlan 140
!
interface FastEthernet0/11
switchport access vlan 140
!
interface FastEthernet0/12
switchport access vlan 140
!
interface FastEthernet0/13
switchport access vlan 140
!
interface FastEthernet0/14
switchport access vlan 140
!
interface FastEthernet0/15
switchport access vlan 140
!
interface FastEthernet0/16
switchport access vlan 140
!
interface FastEthernet0/17
switchport access vlan 140
!
interface FastEthernet0/18
switchport access vlan 140
!
interface FastEthernet0/19
switchport access vlan 140
!
interface FastEthernet0/20
switchport access vlan 140
!
interface FastEthernet0/21
switchport access vlan 140
!
interface FastEthernet0/22
switchport access vlan 140
!
interface FastEthernet0/23
switchport access vlan 140
!
interface FastEthernet0/24
switchport access vlan 140
!
interface FastEthernet0/25
switchport access vlan 140
!
interface FastEthernet0/26
switchport access vlan 140
!
interface FastEthernet0/27
switchport access vlan 140
!
interface FastEthernet0/28
switchport access vlan 140
!
interface FastEthernet0/29
switchport access vlan 140
!
interface FastEthernet0/30
switchport access vlan 140
!
interface FastEthernet0/31
switchport access vlan 140
!
interface FastEthernet0/32
switchport access vlan 140
!
interface FastEthernet0/33
switchport access vlan 140
!
interface FastEthernet0/34
switchport access vlan 140
!
interface FastEthernet0/35
switchport access vlan 140
!
interface FastEthernet0/36
switchport access vlan 140
!
interface FastEthernet0/37
switchport access vlan 140
!
interface FastEthernet0/38
switchport access vlan 140
!
interface FastEthernet0/39
switchport access vlan 160
!
interface FastEthernet0/40
switchport access vlan 160
!
interface FastEthernet0/41
switchport access vlan 160
!
interface FastEthernet0/42
switchport access vlan 140
!
interface FastEthernet0/43
switchport access vlan 148
!
interface FastEthernet0/44
switchport access vlan 144
!
interface FastEthernet0/45
switchport access vlan 140
!
interface FastEthernet0/46
switchport access vlan 100
!
interface FastEthernet0/47
switchport access vlan 99
switchport mode access
!
interface FastEthernet0/48
switchport access vlan 99
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
description "Switch Default GateWay"
ip address 10.140.254.254 255.255.255.0
!
interface Vlan99
description "to TianRongXing Firewall"
ip address 10.140.8.254 255.255.255.0
ip access-group attack-port in
ip access-group attack-port out
!
interface Vlan100
ip address 10.140.0.254 255.255.255.0
!
interface Vlan140
description "to XingZhengLou"
ip address 10.140.40.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan144
description "caiwu"
ip address 10.140.44.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan148
ip address 10.140.48.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan160
ip address 10.140.60.254 255.255.255.0
ip helper-address 10.140.0.3
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.140.8.1
ip http server
!
ip access-list extended attack-port
deny udp any any eq tftp
deny tcp any any eq 4444
deny tcp any any eq 135
deny udp any any eq 135
deny tcp any any eq 1024
deny udp any any eq netbios-ns
deny tcp any any eq 6667
deny tcp any any eq 2644
deny udp any any eq 2644
deny tcp any any eq 2645
deny udp any any eq 2645
deny udp any any eq netbios-dgm
deny udp any any eq netbios-ss
deny tcp any any eq 139
deny tcp any any eq 213
deny udp any any eq 213
deny udp any any eq 593
deny tcp any any eq 593
deny tcp any any eq 445
deny tcp any any eq 5554
deny tcp any any eq 9995
deny tcp any any eq 9996
deny udp any any eq 1434
deny tcp any any eq 1068
deny tcp any any eq 5800
deny tcp any any eq 5900
deny tcp any any eq 10080
deny tcp any any eq 455
deny udp any any eq 455
deny tcp any any eq 3208
deny tcp any any eq 1871
deny tcp any any eq 4510
deny udp any any eq 4334
deny tcp any any eq 4331
deny tcp any any eq 4557
deny tcp any eq exec any
deny tcp any any eq exec
permit ip any any
ip access-list extended permit600
permit ip any 10.140.0.0 0.0.0.255
permit ip any 10.140.254.0 0.0.0.255
permit ip any 10.140.8.0 0.0.0.255
deny ip any 10.140.0.0 0.0.255.255
permit ip any any
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
no login
!
!
end
waiwang#
问题解决:
使用show ip interface brief便得到了答案
看到了吗,vlan1的protocol is down,这便是原因所在;必须至少有一个 active client 接入vlan1 ,一旦存在一个 active client 在这个switch 的vlan1上,你将要看到vlan 1 up/up ,此刻 telnet 10.140.254.254 将不会报23端口打开失败!本文出自 “hongguang” 博客,请务必保留此出处http://hongguang.blog.51cto.com/363382/224942
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 远程telnet 提示链接23端口失败,提示 找不到usr/lib/mit/sbit/login.hrb5 文件或目录
- 关于“telnet localhost:8080不能打开到主机的连接, 在端口 23: 连接失败”问题
- 关于“telnet localhost:1433 不能打开到主机的连接, 在端口 23: 连接失败”问题
- telnet 正在连接192.168.0.200...无法打开到主机的连接。 在端口 23: 连接失败
- [问题] 阿里云无法telnet端口 连接失败 无法进行TCP通信
- 【网络安全】Telnet 23端口扫描与信息提取
- 阿里云telnet 3306端口失败
- 修改Windows2003Server的Telnet默认端口(23)为其它端口的方法
- CISCO路由器突然不能telnet,显示为23端口不通
- Telnet 1521端口连接失败问题,经过四天的努力终于解决!
- 故障排查:是什么 导致了服务器端口telnet失败?(转)
- windows下sqldeveloper无法访问局域网虚拟机中Oracle,telnet 1521端口失败之 解决办法
- 故障排查:是什么 导致了服务器端口telnet失败?
- 面试的一点心得,失败的教训
- 【telnet】telnet 正在连接47.88.18.180...无法打开到主机的连接。 在端口 80: 连接失败
- 故障排查:是什么 导致了服务器端口telnet失败?
- telnet IP【程序和功能中的telnet服务器和客户端都已经打开,防火墙中23端口也开着,就是进不去,请看里面吧!】
- 故障排查:是什么 导致了服务器端口telnet失败?
- 故障排查:是什么 导致了服务器端口telnet失败?
- 经验分享:C/S系统故障排查之服务器端口telnet失败