A device cannot access the Telnet port of the public interface

8

NAT server is configured on the public interface.
[Huawei-GigabitEthernet1/0/0] nat server protocol tcp global 10.10.10.1 telnet inside 192.168.2.10 telnet
When a network device attempts to access the Telnet port of the public interface, the device accesses the Telnet port on the internal network that is mapped by the NAT server, and cannot access the Telnet port of the public interface. You can change the Telnet port of the public interface in the NAT server configuration, for example, change the Telnet port to port 1001.

[Huawei-GigabitEthernet1/0/0] nat server protocol tcp global 10.10.10.1 1001 inside 192.168.2.10 telnet

Other related questions:
An internal user cannot access the internal server through the public address
An intranet user cannot use a public address to access an intranet server. Use the following method: 1. Check whether services on the intranet NAT server are running properly. 2. Check whether the NAT server is configured correctly. 3. Check the connection between the external host and NAT server and the configurations of the connected interfaces. 4. Check that the intranet NAT server is configured with the correct gateway address or route.

What to do if a WLAN device cannot be logged in through Telnet
For WLAN devices, if an error occurs when you log in to the Telnet server through Telnet, perform the following checks: 1. Check whether the number of users logging in to the server has reached the upper limit. Log in to the server through the console port and run the display users command to check whether all the current VTY channels are occupied. By default, the maximum number of users supported by VTY channels is 5. Run the display user-interface maximum-vty command to query the maximum number of users supported by the current VTY channels. 2. Check whether an ACL is configured in the VTY user interface view. (Telnet IPv4 is used as an example.) On the Telnet server, run the user-interface vty command to enter the user interface view, and then run the display this command to check whether an ACL rule is configured on the VTY user interface. If an ACL rule has been configured, record the ACL number. Run the display acl acl-number command on the Telnet server to check whether the IP address of the Telnet client is denied in the ACL. If the IP address of the client is denied, run the undo rule rule-id command in the ACL view to delete the denial rule, and then run relevant commands to modify the ACL, allowing access of the IP address of the client. 3. Check whether the access protocol configured in the VTY user interface view is correct. On the Telnet server, run the user-interface vty command to enter the user interface view, and then run the display this command to check whether the protocol inbound on the VTY user interface is Telnet or all. If none of these 2 options is selected, run the protocol inbound { telnet | all } command to modify the configurations, allowing Telnet users to access the server. 4. Check whether the login authentication mode is configured in the user interface view. - If the login authentication mode of VTY channels has been configured to password by running the authentication-mode password command, you must enter the password when logging in to the server. - If the authentication mode has been configured to aaa by running the authentication-mode aaa command, you must run the local-user command to create local user AAA.

The state of an E1 interface is not Up when the interface interconnects with the peer device
For the problem that the state of an E1 interface of an AR router is not Up when the interface interconnects with other devices, see the troubleshooting guide. For details, access the URL in the right column.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top