Configure a Terminal/Comm Server

Introduction

This document describes how to configure a terminal server to access only the console ports on other routers through Reverse Telnet.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Background Information

A terminal or comm server commonly provides out-of-band access for multiple devices. A terminal server is a router with multiple, low speed, asynchronous ports that are connected to other serial devices, for example, modems or console ports on routers or switches.

The terminal server allows you to use a single point to access the console ports of many devices. A terminal server eliminates the need to configure backup scenarios like modems on auxiliary ports for every device. You can also configure a single modem on the auxiliary port of the terminal server, to provide dial-up service to the other devices when network connectivity fails.

This document shows how to configure a terminal server to access only the console ports on other routers through Reverse Telnet. Reverse Telnet allows you to establish a Telnet connection out on the same device you telnet from, but on a different interface. For more information on Reverse Telnet refer to Establishing a Reverse Telnet Session to a Modem.

Cabling

The Cisco 2509 - 2512 series routers use a 68-pin connector and breakout cable. This cable provides eight RJ-45 rolled cable async ports on each 68-pin connector. (See CAB-OCTAL-ASYNC Cable Pinouts.) You can connect each RJ-45 rolled cable async port to the console port of a device. The 2511 router allows for a maximum of 16 devices to be remotely accessible. In addition, the NM-16A or NM-32A high-density async network modules are available for the Cisco 2600 and 3600 series routers to provide the same function. For more information on cabling refer to the Cabling Guide for Console and AUX Ports.

Note: The async ports from the 68-pin connector are data terminal equipment (DTE) devices. DTE to DTE devices require a rolled (null modem) cable and DTE to data circuit-terminating equipment (DCE) devices require a straight-through cable. The CAB-OCTAL-ASYNC cable is rolled. Therefore, you can connect each cable directly to the console ports of devices with RJ-45 interfaces. However, if the console port of the device to which you connect is a 25-pin interface (DCE), you must use the RJ-45 to 25-pin adapter marked "Modem" (to reverse the "roll") in order to complete the connection.

This table shows the port types for console and auxiliary ports on Cisco routers and switches:

Design Strategy

Configure the terminal server so that you can access the terminal server from anywhere. In order to make the terminal server accessible, assign a registered public Internet address, and locate the server outside the firewall. When you do so, firewall issues do not interrupt your connection. You can always maintain connectivity to the terminal server and access the connected devices. If you are concerned about security, configure access lists to allow access only to the terminal server from certain addresses. For a more robust security solution, you can also configure server-based authentication, authorization, and accounting (AAA) for example, RADIUS or TACACS+.

You can configure a modem on the auxiliary port of the terminal server for dial backup in the event your primary connection (through the Internet) goes down. Such a modem eliminates the need to configure a dial backup for each device. The terminal server is connected through its async ports to the console ports of the other devices. For more information on how to connect a modem to the AUX port, refer to the Modem-Router Connection Guide.

Use the ip default gateway statement, and point to the the next hop router on the Internet. This command enables you to have connectivity to the terminal server through the Internet even if routing is not enabled. For example, the terminal server is in ROM monitor (ROMMON) mode as a result of a bad reboot after a power outage.

Configure

In this section provides information on how to configure the features mentioned in this document.

Note: To find additional information on the commands used in this document, use the Cisco CLI Analyzer. Only registered Cisco users can access internal Cisco tools and information.

Network Diagram

This document uses this network setup:

Configurations

This document uses this configuration:

• Cisco 2511

aus-comm-server#show running-config
!
version 12.0

service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname aus-comm-server
!
enable secret  <deleted>
!
username cisco password <deleted>
!
ip subnet-zero
ip domain-list cisco.com
no ip domain-lookup

ip host 3600-3 2014 172.21.1.1

!--- The host 3600-3 is connected to port 14 of the comm server. 
!--- Ensure that the IP address is that of an interface on the comm server.

ip host 3600-2 2013 172.21.1.1
ip host 5200-1 2010 172.21.1.1
ip host 2600-1 2008 172.21.1.1
ip host 2509-1 2007 172.21.1.1
ip host 4500-1 2015 172.21.1.1
ip host 3600-1 2012 172.21.1.1
ip host 2511-2 2002 172.21.1.1
ip host 2511-rj 2003 172.21.1.1
ip host 2511-1 2001 172.21.1.1
ip host 5200-2 2011 172.21.1.1
ip host 2520-1 2004 172.21.1.1
ip host 2520-2 2005 172.21.1.1
ip host 2600-2 2009 172.21.1.1
ip host 2513-1 2006 172.21.1.1
ip host pix-1 2016 172.21.1.1
!
!
process-max-time 200
!
interface Loopback1
 ip address 172.21.1.1 255.0.0.0

!--- This address is used in the IP host commands. 
!--- Work with loopback interfaces, which are virtual and always available.

 no ip directed-broadcast
!
interface Ethernet0
 ip address 172.16.35.1  255.255.255.192

!--- Use a public IP address to ensure connectivity. 

No ip directed-broadcast
 no ip mroute-cache
!
interface Serial0
 no ip address
 no ip directed-broadcast
 no ip mroute-cache
 shutdown
!
ip default-gateway 172.16.35.1

!--- This is the default gateway when routing is disabled. 
!--- For example, if the router is in boot ROM mode.

ip classless
ip route 0.0.0.0 0.0.0.0 172.16.35.1

!--- Set the default route for the external network.

no ip http server
!
line con 0
 transport input all
 line 1 16
 session-timeout 20

!--- The session times out after 20 minutes of inactivity. 

no exec

!--- Unwanted signals from the attached device do not launch. 
!--- An EXEC session ensures that the line never becomes unavailable 
!--- due to a rogue EXEC process.

 exec-timeout 0 0

!--- This disables exec timeout transport input all. 
!--- Allow all protocols to use the line. 
!--- Configure lines 1 - 16 with at least transport input Telnet.

line aux 0

!--- Auxiliary port can provide dial backup to the network. 
!--- Note: This configuration does not implement modem on AUX port modem InOut. 
!--- Allow auxiliary port to support dialout and dialin connections.

 transport preferred telnet
 transport input all
 speed 38400
 flowcontrol hardware
line vty 0 4
 exec-timeout 60 0
 password <deleted> 
login
!
end

Note: If you use the 3600 as the access-server, refer to How Async Lines are Numbered in Cisco 3600 Series Routers for line number details.

Command Summary

ip host : Use this command to define the name-to-address mapping of the static host in the host cache. in order to remove the name-to-address mapping, use the no form of this command.

• ip host name [tcp-port-number] address1 [address2...address8]

  • name: This field indicates the name of the host. The name field need not match the actual name of the router to which you want to connect. However, ensure that you enter a name you would want to use in the reverse Telnet. When you use this command and the name field, you do not have to know the actual port number of the remote device.

  • tcp-port-number: This field represents the TCP port number you want to connect to when you use the defined host name along with an EXEC connect or telnet command. In our example configuration, use a reverse Telnet so the port number is be 2000+line number.

  • address1: This field represents an associated IP address. In our example configuration, we use the loopback IP address.

transport input: Use this command to define the protocols to use when you connect to a specific line of the router.

• transport input {all | lat | mop | nasi | none | pad | rlogin | telnet | v120}

  • all: All selects all protocols.

  • none: None prevents any protocol selection on the line. In this case, the port becomes unusable for incoming connections.

  Note: In this configuration example, the async lines use the minimum configuration of the transport input telnet command. So you can Telnet to the devices on the async line.

telnet: Use this EXEC command to log into a host that supports Telnet.

• telnet host [port] [keyword]

  • host: This field indicates a host name or IP address. Host can be one of the name fields defined in the ip host command.

  • port: This field indicates a decimal TCP port number. The Telnet router port (decimal 23) on the host is the default decimal TCP port number. For reverse Telnet, the port number must be 2000+line number. Line numbers range from 1-16 in our configuration. Use the show line EXEC command to view the available lines.

Switch Between Active Sessions

Complete these steps in order to switch between active sessions:

1. Use the escape sequence Ctrl-Shift-6 thenxto exit the current session.

2. Use the show sessions command to display all open connections.

aus-comm-server#show sessions 
Conn Host      Address         Byte Idle  Conn Name
   1 2511-1    172.16.163.26   0     0     2511-1
   2 2511-2    172.16.163.26   0     0     2511-2
 * 3 2511-3    172.16.163.26   0     0     2511-3

Note: The asterisk (*) indicates the current terminal session.

3. Enter the session (conn) number to connect to the corresponding device. For example, to connect to 2511-1 type 1 , which is the connection number. However if you hit the return key, you are connected to the current terminal session, which in this case is router 2511-3.

Terminate Active Sessions

Complete these steps to terminate a particular Telnet session:

1. Use the escape sequence Ctrl-Shift-6 thenxto exit the current Telnet session.

   Note: Ensure that you can reliably issue the escape sequence to suspend a Telnet session. Some terminal emulator packages are unable to send the correct sequence, Ctrl-Shift-6 then x.

2. Issue the show sessions command to display all open connections.

3. Issue the disconnect [connection] command to disconnect the required session.

Verify

This section provides information you can use to confirm your configuration works properly.

• show ip interface brief: Indicates whether the interface you use for the Telnet session is up.

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

Troubleshoot Procedure

Use the next instructions to troubleshoot your configuration.

If you cannot connect to the router of your choice with a name configured in the ip host command check:

1. Check whether the port address is configured correctly.

2. Verify whether the address (interface) used for the reverse Telnet is up/up. The output of the show ip interface brief command provides this information. Cisco recommends you to use loopbacks because they are always up.

3. Ensure that you have the correct type of cabling. For example, you must not use a crossover cable to extend the length. Refer to the Cabling section for more information.

4. Establish a Telnet connection to the IP address port to test direct connectivity. You must telnet from both an external device and the terminal server. For example, telnet 172.21.1.1 2003 .

5. Ensure that you have the transport input telnet command under the line for the target device. The target device is the device that is connected to the terminal server.

6. Use a PC/dumb terminal to connect directly to the console of the target router. The target router is the device connected to the terminal server. This step helps you identify the presence of a port issue.

7. If you are disconnected, check timeouts. You can remove or adjust timeouts.

Note: If you encounter authentication failures, remember that the terminal server performs the first authentication (if configured), while the device to which you try to connect performs the second authentication (if configured). Verify whether AAA is configured correctly on both the terminal server and the connecting device.

Related Information

• Modem-Router Connection Guide
• Establishing a Reverse Telnet Session to a Modem
• Cabling Guide for Console and AUX Ports
• Serial Cable Connection Guide
• Dial and Access Technology Support
• Cisco Technical Support & Downloads