Console port, telnet, and SSH handling

This chapter includes the following sections:

Restrictions for console port, telnet, and SSH

This sections describes the requirements when configuring the console port, Telnet, and SSH access.

Telnet and Secure Shell settings configured in the transport map override any other Telnet or SSH settings when the transport map is applied to the Ethernet management interface.
Only local usernames and passwords can be used to authenticate users entering an Ethernet management interface. AAA authentication is not available for users accessing the device through an Ethernet management interface using persistent Telnet or persistent SSH.
Applying a transport map to an Ethernet management interface with active Telnet or SSH sessions can disconnect the active sessions. Removing a transport map from an interface, however, does not disconnect any active Telnet or SSH session.
Configuring the diagnostic and wait banners is optional, but recommended. The banners are especially useful as indicators to users about the status of their Telnet or SSH attempts.

Console port interface

A console port is a hardware interface that

provides an EIA or TIA-232 asynchronous, serial connection
uses an RJ-45 connector and does not support flow control, and
allows direct access to the device from the front panel of the Route Processor.

For information on accessing the device using the console port, see Using Cisco IOS XE Software.

Console ports

A console port is a physical router interface that

enables direct local access to the router for configuration and troubleshooting,
automatically directs you to the Cisco IOS command-line interface, and
supports diagnostic operations when specific break signals are sent before CLI access.

If you access the router through the console port and send a break signal such as Ctrl-C, Ctrl-Shift-6, or issuing the send break command at the Telnet prompt before connecting to the CLI, the system may send you to a diagnostic mode provided the non-RPIOS subpackages are accessible. You can change these behaviors by configuring a transport map for the console port and applying it to the console interface.

Configure a console port transport map

This task describes how to configure a transport map for a console port interface on the device.

Procedure

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

transport-map type console transport-map-name

Example:


Router(config)# transport-map type console consolehandler

Creates and names a transport map for handling console connections, and enters transport map configuration mode.

Step 4

connection wait [allow [interruptible] | none [disconnect]]

Example:


Router(config-tmap)# connection wait none

Specifies how a console connection will be handled using this transport map.

allow interruptible—The console connection waits for a Cisco IOS VTY line to become available, and also allows users to enter diagnostic mode by interrupting a console connection that is waiting for a Cisco IOS VTY line to become available. This is the default setting.

Note

Users can interrupt a waiting connection by entering Ctrl-C or Ctrl-Shift-6.

none—The console connection immediately enters diagnostic mode.

Step 5

(Optional) banner [diagnostic | wait] banner-message

Example:


Router(config-tmap)# banner diagnostic X
Enter TEXT message. End with the character 'X'.
--Welcome to Diagnostic Mode--
X
Router(config-tmap)#

(Optional) Creates a banner message that will be seen by users entering diagnostic mode or waiting for the Cisco IOS VTY line because of the console transport map configuration.

diagnostic—Creates a banner message seen by users directed to diagnostic mode because of the console transport map configuration.

Note

Users can interrupt a waiting connection by entering Ctrl-C or Ctrl-Shift-6.

wait—Creates a banner message seen by users waiting for Cisco IOS VTY to become available.
banner-message—Banner message, which begins and ends with the same delimiting character.

Step 6

exit

Example:


Router(config-tmap)# exit

Exits transport map configuration mode to re-enter global configuration mode.

Step 7

transport type console console-line-number input transport-map-name

Example:


Router(config)# transport type console 0 input consolehandler

Applies the settings defined in the transport map to the console interface.

The transport-map-name for this command must match the transport-map-name defined in the transport-map type console command.

The transport map and banner configuration are applied to the specified console port interface.

Example

The following example shows how to create a transport map to set console port access policies and attach to console port 0:

Router(config)# transport-map type console consolehandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# banner diagnostic X
Enter TEXT message. End with the character 'X'.
--Welcome to diagnostic mode--
X
Router(config-tmap)# banner wait X
Enter TEXT message. End with the character 'X'.
Waiting for IOS vty line
X
Router(config-tmap)# exit
Router(config)# transport type console 0 input consolehandler

Console port and SSH handling configurations

Use the following commands to view console port, SSH, and Telnet handling configurations:

show transport-map
show platform software configuration access policy

Use the show transport-map command to view transport map configurations.

show transport-map [all | name transport-map-name | type [console [ssh ]]

This command can be used either in user EXEC mode or privileged EXEC mode.

Example

The following example shows transport maps that are configured on the device: a console port (consolehandler), persistent SSH (sshhandler), and persistent Telnet transport (telnethandler):

Router# show transport-map all
Transport Map:
Name: consolehandler
Type: Console Transport
 
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Waiting for the IOS CLI
 
bshell banner:
Welcome to Diagnostic Mode
Transport Map:

Name: sshhandler
Type: Persistent SSH Transport
 
Interface:
GigabitEthernet0/0/0
 
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
 
Waiting for IOS prompt
 
Bshell banner:
Welcome to Diagnostic Mode
 
Router# show transport-map type console
Transport Map:
Name: consolehandler
Type: Console Transport
 
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
 
Waiting for the IOS CLI
 
Bshell banner:
 
Welcome to Diagnostic Mode
 
Router# show transport-map type persistent ssh
Transport Map:
Name: sshhandler
Type: Persistent SSH Transport
 
Interface:
GigabitEthernet0
 
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
 
Waiting for IOS prompt
 
Bshell banner:
 
Welcome to Diagnostic Mode
 
SSH:
Timeout: 120
Authentication retries: 5
RSA keypair: sshkeys
  
Router# show transport-map name consolehandler
Transport Map:
Name: consolehandler
Type: Console Transport
 
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
 
Waiting for the IOS CLI
 
Bshell banner:
 
Welcome to Diagnostic Mode

Cisco Catalyst 8300 and Catalyst 8200 Series Edge Platforms Software Configuration Guide

Bias-Free Language

Book Title

Cisco Catalyst 8300 and Catalyst 8200 Series Edge Platforms Software Configuration Guide

Chapter Title