Cisco - Internetwork Operating System (IOS)

-------------------------------------------------------------------------------- Escape From Reverse Telnet / Serial Connection: CTRL+SHIFT+6 X show line (or-> show sessions) clear line <line number> (or-> disconnect <line number>) s8 - cobx1 Tty Typ Tx/Rx 0 CTY 1 TTY 9600/9600 2 TTY 9600/9600 3 TTY 9600/9600 4 TTY 115200/115200 5 TTY 9600/9600 6 TTY 9600/9600 7 TTY 9600/9600 8 TTY 115200/115200 9 TTY 9600/9600 10 TTY 9600/9600 11 TTY 9600/9600 12 TTY 9600/9600 13 TTY 9600/9600 14 TTY 9600/9600 15 TTY 9600/9600 16 TTY 9600/9600 17 AUX 38400/38400 -------------------------------------------------------------------------------- Cisco 2509-2512 Terminal Servers http://www.cisco.com/warp/public/793/access_dial/comm_server.html A terminal or comm server commonly provides out-of-band access for multiple devices. A terminal server is a router with multiple, low speed, asynchronous ports that are connected to other serial devices, for example, modems or console ports on routers or switches. The terminal server allows you to use a single point to access the console ports of many devices. A terminal server eliminates the need to configure backup scenarios like modems on auxiliary ports for every device. You can also configure a single modem on the auxiliary port of the terminal server, to provide dial-up service to the other devices when network connectivity fails. The Cisco 2509 - 2512 series routers use a 68-pin connector and breakout cable. This cable (CAB-OCTAL-ASYNC) provides eight RJ-45 rolled cable async ports on each 68-pin connector. You can connect each RJ-45 rolled cable async port to the console port of a device. The 2511 router allows for a maximum of 16 devices to be remotely accessible. In addition, the NM-16A or NM-32A high density async network modules are available for the Cisco 2600 and 3600 series routers to provide the same function. Note: The async ports from the 68-pin connector are data terminal equipment (DTE) devices. DTE to DTE devices require a rolled (null modem) cable and DTE to data circuit-terminating equipment (DCE) devices require a straight-through cable. The CAB-OCTAL-ASYNC cable is rolled. Therefore, you can connect each cable directly to the console ports of devices with RJ-45 interfaces. However, if the console port of the device to which you connect is a 25-pin interface (DCE), you must use the RJ-45 to 25-pin adapter marked "Modem" (to reverse the "roll") in order to complete the connection. You can configure a modem on the auxiliary port of the terminal server for dial backup in the event your primary connection (through the Internet) goes down. Such a modem eliminates the need to configure a dial backup for each device. The terminal server is connected through its async ports to the console ports of the other devices. -------------------------------------------------------------------------------- Reverse Telnet Reverse Telnet allows you to Telnet out from a device you are telnetting from, but on a different interface. The term Reverse Telnet means that you are initiating a Telnet session out the asynchronous line, instead of accepting a connection into the line (which is a forward connection). In simple terms, Reverse Telnet gives you the ability to telnet to a device, and then console to another device from there. For example, you could telnet to a router, and then from the router, console into a switch, or a modem, or anything that has a console port. There are many devices out there that don’t have remote access built into them, so their only option is a console session. Reverse Telnet will allow you to remotely manage these devices. Let’s look at a simple Reverse Telnet example using a 3660 router. Note that the router doesn’t have to be a terminal server to do Reverse Telnet. A terminal server just allows you to connect a lot more devices to it! So, let’s say you need to connect to a device (we’ll call it DeviceX) this weekend that doesn’t have remote access built into it, but it does have a console port. With a non-terminal server router, you need to install a straight through cable going from the console port of DeviceX (the device you want to connect to) to the AUX port on the 3660 router (the makeshift terminal server). Next, configure the 3660 router to set up reverse telnet, using the following steps: 1. Configure the AUX port. router#config terminal router(config)#line aux 0 router(config-line)#modem InOut router(config-line)#transport input all router(config-line)#speed 19200 router(config-line)#exit 2. Create a loopback addresss router#config terminal router(config)#int loopback 0 router(config-if)#ip address 10.0.0.1 255.0.0.0 router(config-if)#no shut router(config-if)#exit 3. Find out what "line" the router uses for the AUX port. Get out of config mode (hit CTRL-Z to get out) and enter the command "show line". You will get an output resembling the following: router#show line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 0 CTY - - - - - 0 0 0/0 - 225 AUX 19200/19200 - inout - - - 0 0 0/0 - * 226 VTY - - - - - 10 0 0/0 - 227 VTY - - - - - 0 0 0/0 - 228 VTY - - - - - 0 0 0/0 - 229 VTY - - - - - 0 0 0/0 - 230 VTY - - - - - 0 0 0/0 - This particular 3660 router uses line 225 for the AUX port. The port with the asterisk (*) by it is the line you are currently connected to. The Reverse Telnet Connection To do this, you will telnet to the IP address you set on the loopback interface, 10.0.0.1 (See Step 2 above). The port number you will telnet to is 2000 + line#. The line number is 225, so 2000 + 225 = 2225 So for the 3660, since the loopback interface has the IP address of 10.0.0.1, you would telnet to 10.0.0.1 2225 router#telnet 10.0.0.1 2225 When you are done, while holding the keys CTRL+SHIFT+6, press the letter X. This will kick you out of the AUX port. The router will still keep the line connected and no one will be able to re-telnet back in until you clear the line. xrouter#CTRL+SHIFT+6 X To do this, get out of config mode (hit CTRL-Z to get out of config mode) and enter the command "clear line xxx" where "x" is the line#. So for the 3660, you would enter "clear line 225" router#clear line 225 -------------------------------------------------------------------------------- Terminal Server - Example Configuration ! version 12.0 service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname comm-server ! enable secret class ! username cisco password cisco username ppp password 7 13150702 chat-script cisco-default ABORT ERROR "" "AT Z" OK "ATDT \T" TIMEOUT 30 \c CONNECT \c ! ip host alpha 2001 172.21.1.1 ip host beta 2002 172.21.1.1 ip host kappa 2003 172.21.1.1 ip host delta 2004 172.21.1.1 !--- the host alpha is connected to port 1 (2000+line) of the comm server. !--- ensure that the IP address is that of an interface on the comm server. process-max-time 200 ! interface Loopback1 ip address 172.21.1.1 255.0.0.0 no ip directed-broadcast !--- this address is used in the IP host commands. !--- work with loopback interfaces, which are virtual and always available. interface Ethernet0 ip address 171.55.31.5 255.255.255.192 no ip directed-broadcast no ip mroute-cache !--- Use a public IP address to ensure connectivity. ip default-gateway x.x.x.x !--- this is the default gateway when routing is disabled. !--- for example, if the router is in boot ROM mode. ip classless ip route 0.0.0.0 0.0.0.0 171.55.31.1 !--- set the default route for the external network. no ip http server ! line con 0 transport input all line 1 16 session-timeout 20 !--- the session times out after 20 minutes of inactivity. no exec !--- unwanted signals from the attached device do not launch. !--- an EXEC session ensures that the line never becomes unavailable !--- due to a rogue EXEC process. exec-timeout 0 0 !--- this disables exec timeout transport input all. !--- allow all protocols to use the line. !--- configure lines 1 - 16 with at least transport input Telnet. ! line aux 0 !--- auxiliary port can provide dial backup to the network. !--- note: this configuration does not implement modem on AUX port modem InOut. !--- allow auxiliary port to support dialout and dialin connections. transport preferred telnet transport input all speed 38400 flowcontrol hardware ! line vty 0 4 exec-timeout 60 0 password <deleted> login ! end -------------------------------------------------------------------------------- interface Async1 ip unnumbered Ethernet0 ip tcp header-compression passive async dynamic address async mode interactive peer default ip address 169.222.16.129 no cdp enable ! interface Async2 ip unnumbered Ethernet0 ip tcp header-compression passive async dynamic address async mode interactive peer default ip address 169.222.16.130 ! interface Async[N-16] ip unnumbered Ethernet0 ip tcp header-compression passive async dynamic address async mode interactive peer default ip address 169.222.16.130 ! line con 0 line 1 16 password 7 071B701E login local modem InOut autocommand ppp default length 51 no history no editing transport input all escape-character BREAK telnet transparent stopbits 1 rxspeed 57600 txspeed 57600 flowcontrol hardware ! line vty 0 4 password 7 111B160A03100E0916 login length 25 ! end -------------------------------------------------------------------------------- interface Async1 description To Linux computer ip unnumbered Loopback0 async mode interactive no peer default ip address line 1 location To Linux PC session-timeout 30 no exec login modem InOut terminal-type vt100 special-character-bits 8 transport preferred none transport input telnet telnet break-on-ip telnet ip-on-break stopbits 1 flowcontrol hardware line vty 0 4 location Network password PASSWORD login local terminal-type vt100 transport preferred none transport output telnet -------------------------------------------------------------------------------- ip host Use this command to define the name-to-address mapping of the static host in the host cache. In order to remove the name-to-address mapping, use the no form of this command. ip host name [tcp-port-number] address1 [address2...address8] name This field indicates the name of the host. The name field need not match the actual name of the router to which you want to connect. However, ensure that you enter a name you would want to use in the reverse Telnet. When you use this command and the name field, you do not have to know the actual port number of the remote device. tcp-port-number This field represents the TCP port number to which you want to connect when you use the defined host name along with an EXEC connect or telnet command. In our example configuration, we use a reverse Telnet so the port number must be 2000+line number. address1 This field represents an associated IP address. In our example configuration, we use the loopback IP address. transport input Use this command to define the protocols to use when you connect to a specific line of the router. transport input {all | lat | mop | nasi | none | pad | rlogin | telnet | v120} all All selects all protocols. none None prevents any protocol selection on the line. In this case, the port becomes unusable for incoming connections. Note: In our configuration example, the async lines use the minimum configuration of the transport input telnet command. So you can Telnet to the devices on the async line. telnet Use this EXEC command to log into a host that supports Telnet. telnet host [port] [keyword] host This field indicates a host name or IP address. Host can be one of the name fields defined in the ip host command. port This field indicates a decimal TCP port number. The Telnet router port (decimal 23) on the host is the default decimal TCP port number. For reverse Telnet, the port number must be 2000+line number. Line numbers range from 1-16 in our configuration. Use the show line EXEC command to view the available lines. -------------------------------------------------------------------------------- Switch Between Active Sessions Complete these steps in order to switch between active sessions: 1) Use the escape sequence Ctrl-Shift-6-x to exit the current session. 2) Use the show sessions command to display all open connections. comm-server#show sessions Conn Host Address Byte Idle Conn Name 1 2511-1 171.69.163.26 0 0 2511-1 2 2511-2 171.69.163.26 0 0 2511-2 * 3 2511-3 171.69.163.26 0 0 2511-3 Note - The asterisk (*) indicates the current terminal session. 3) Enter the session (conn) number to connect to the corresponding device. For example, to connect to 2511-1 type 1, which is the connection number. However if you hit the return key, you are connected to the current terminal session, which in this case is router 2511-3. -------------------------------------------------------------------------------- Terminate Active Sessions Complete these steps to terminate a particular Telnet session: 1) Use the escape sequence Ctrl-Shift-6-x to exit the current Telnet session. Note: Ensure that you can reliably issue the escape sequence to suspend a Telnet session. Some terminal emulator packages are unable to send the correct sequence, Ctrl-Shift-6-x. 2) Issue the show sessions command to display all open connections. 3) Issue the disconnect [connection] command to disconnect the required session. -------------------------------------------------------------------------------- Troubleshoot This section provides information you can use to troubleshoot your configuration. Troubleshooting Procedure Follow these instructions to troubleshoot your configuration. If you cannot connect to the router of your choice with a name configured in the ip host command check: 1) Check whether the port address is configured correctly. 2) Verify whether the address (interface) used for the reverse Telnet is up/up. The output of the show ip interface brief command provides this information. Cisco recommends you to use loopbacks because they are always up. 3) Ensure that you have the correct type of cabling. For example, you must not use a crossover cable to extend the length. Refer to the Cabling section for more information. 4) Establish a Telnet connection to the IP address port to test direct connectivity. You must telnet from both an external device and the terminal server. For example, telnet 172.21.1.1 2003. 5) Ensure that you have the transport input telnet command under the line for the target device. The target device is the device that is connected to the terminal server. 6) Use a PC/dumb terminal to connect directly to the console of the target router. The target router is the device connected to the terminal server. This step helps you identify the presence of a port issue. 7) If you are disconnected, check timeouts. You can remove or adjust timeouts. Note If you encounter authentication failures, remember that the terminal server performs the first authentication (if configured), while the device to which you try to connect performs the second authentication (if configured). Verify whether AAA is configured correctly on both the terminal server and the connecting device. -------------------------------------------------------------------------------- Notes: Configure Line Attributes: BAUD: router(config)#line N router(config-line)#speed 9600 <0-4294967295> Transmit and receive speeds 300,1200,2400,4800,9600,19200,38400,57600,115200,230400 Change Console Line Baud (speed): router(config)#line con 0 router(config-line)#speed 38400 <0-4294967295> Transmit and receive speeds