banner

Home | Basic Management | Accessing pg2 | Router(IOS) Software
Commands | IOS Naming | Configuration Register | Password Recovery

Gaining Access to Routers and Switches - Page 1

This Study Guide describes how to access a router through the following methods: Here you will learn how to access a router and switch through a direct console connection, over the LAN via Telnet, and finally through a terminal server. This Study Guide reviews how to access a router or switch through a direct console connection. Next, you will configure the terminal server router for Telnet access. Then you will access the terminal server over the LAN via Telnet using a terminal application program running on your PC. Finally, you will configure the router as the lab terminal server for reverse Telnet to access the lab routers.
Routers and switches can be accessed and configured through various means. To initially configure a Cisco device, you will need to connect directly through the console port. The console port exists on both routers and switches and is available to configure and monitor the device.

Direct Access to Routers and Switches Through a Console Port

Most Cisco devices use a rollover cable connected to the console port on the router or switch. For exceptions, consult the product documentation to verify whether you should use a straight-through or roll over cable .
The figure below shows the cabling for a roll over cable.

Roll_Over

The cable is then connected to an RJ-45 to DB-9 or RJ-45 to DB-25 terminal adapter that is attached to a serial communications port (COM1, COM2, or other COM port) on the PC. Figure 1 shows how this is done.

Connecting a Device with a Console Cable
Figure 1 - Connecting a Device with a Console Cable

When the physical connection is in place, configure the terminal application program on the PC with the following COM settings: These are the default HyperTerminal settings.
In the lab, you will be using the terminal application program HyperTerminal to connect to the terminal server's console port. Any terminal application could be used based on your personal preference. If another terminal application is used, consult the product documentation for configuration and setup procedures.

NOTE: The version of HyperTerminal has changed over the years to address functionality problems within the application. For example, older versions that came with Windows 95 and NT could not send the Ctrl-Break sequence (needed to break into the router). An early version that came with NT Service Pack 2 or 3 fixed this issue but had a problem when pasting several commands into the configuration script - it took about 5 seconds per line while it sent CPU utilization to 100 percent. The version that comes with NT-SP5, 98, and 2000 is fine. The authors of the program (Hilgraeve) provide a free update. To obtain the free update, open HyperTerminal, click Help, About, Upgrade Information, and then follow the upgrade instructions, or visit http://www.hilgraeve.com/

Let's demonstrate how this is done.

Accessing the Lab Terminal Server Through the Console Port
The physical cabling between your PC and the router acting as the terminal server has been configured as shown in Figure 1. With the physical cabling in place, start the program HyperTerminal on the PC. To do so, click Start, Programs, Accessories, Communications, HyperTerminal. Then double-click the HyperTerminal executable (hypertrm.exe) from within Windows, as shown in Figure 2.

Starting the HyperTerminal Application
Figure 2 - Starting the HyperTerminal Application

Give the new connection a name of LAB, and then click OK, as shown in Figure 3.

Giving the Connection a Name
Figure 3 - Giving the Connection a Name

In the Connect Using field, select Direct to Com1 from the drop-down menu, as shown in Figure 4.

NOTE: This step is correct for the newest versions of HyperTerminal. For older versions of HyperTerminal, it is done differently. Hilgraeve provides a free update to HyperTerminal when used for personal use. Visit http://www.hilgraeve.com/ and download HyperTerminal Private Edition.

Selecting the COM Port on PC
Figure 4 - Selecting the COM Port on PC

Now configure the port settings as follows and as shown in Figure 5. You can click the "Restore Defaults" button to get the port settings for connection to any Cisco equipment. When finished, click OK:

Configuring HyperTerminal Port Settings
Figure 5 - Configuring HyperTerminal Port Settings

You are initially placed in user EXEC mode of the terminal server. If you do not see a prompt, hit the Enter key a few times, and then type enable and hit Enter. You are put into privileged EXEC mode without being prompted for a password because an enable password has not yet been set, as shown in Figure 6.

Successful Establishment of EXEC Session Through a Direct Console Connection
Figure 6 - Successful Establishment of EXEC Session Through a Direct Console Connection

Be sure to hit the "Enter" key to connect to the router. If you still do not get a console prompt, verify that it shows Connected in the bottom-left corner of the HyperTerminal application, as shown in Figure 6. If not, check the physical cabling as well as the port settings, and verify that the router has been powered on.

Sometimes with Windows 2000 you may need to change the RJ-45 to DB-9 or RJ-45 to DB-25 terminal adapter from COM port 1 to COM port 2 or vice versa to get a connection. Also make sure the CMOS settings have enabled your COM ports.

Now that you have successfully connected to the console port of the terminal server, you will configure the terminal server for Telnet access.

Configuring the Terminal Server for Telnet Access

In this section, you will configure the terminal server so that you can Telnet to it across the network. When you are connected to the terminal server, the terminal server will be the single point from which you may access all other lab routers through reverse Telnet. A terminal server provides out-of-band access to several devices. Out-of-band access is through a router's console or aux port versus in-band access that occurs over a network through Telnet or SNMP. Telnet, reverse Telnet, and a terminal server overview are covered in greater detail later in the chapter.

The next step is to make the terminal server accessible over your Ethernet network so that you can access it from any workstation on the LAN, as shown in Figure 7.

LAN Configuration for Telnet Access
Figure 7 - LAN Configuration for Telnet Access

Telnet access is useful because it eliminates the requirement to be physically at the terminal server router to gain access. Instead, you can configure the terminal server so that you can Telnet to it over the LAN, as shown in Figure 7. Then, from the terminal server, you will be able to access each lab router through reverse Telnet, as shown in Figure 8.

Reverse Telnet will be explained and demonstrated later.

Terminal Server Logical Diagram
Figure 8 - Terminal Server Logical Diagram

Begin by configuring the terminal servers' host name, Ethernet IP address, and vty lines. Because you're still attached via a direct connection to the terminal server's console port, ensure you're in privileged EXEC mode by typing enable from user EXEC mode, as in Example 1.

Example 1 - Entering Enable Mode on Terminal Server

Router>enable
Router#

Because the privileged EXEC password has not yet been set, you are allowed directly into privileged EXEC mode without entering a password, as denoted by the Router# prompt in Example 1. To change the host name on the router, type configure terminal to enter global configuration mode. Next, issue the hostname command followed by Termserver, as shown in Example 2.

Example 2 - Changing the Host Name on the Terminal Server

Router>enableRouter#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Termserver
Termserver(config)#

Notice that the prompt has changed from Router(config)# to Termserver(config)#.

Next, from global configuration mode, enter interface configuration mode by typing interface ethernet0, and assign the IP address of 10.160.8.1 with a mask of 255.255.255.0 to the Ethernet0 interface. In addition, ensure that the interface is not shut down by typing no shutdown from interface configuration mode for Ethernet 0, as demonstrated in Example 3.

Example 3 - Assign the Terminal Server's Ethernet 0 Interface an IP Address and Bring the Interface Out of Shutdown Mode

Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname Termserver
Termserver(config)#
Termserver(config)#interface ethernet0
Termserver(config-if)#ip address 10.160.8.1 255.255.255.0
Termserver(config-if)#no shutdown
Termserver(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
Termserver(config-if)#
%LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Termserver(config-if)#

Notice that you receive a console message indicating that the line protocol on Ethernet 0 is up and the interface is up. You can verify that Ethernet 0 is up and configured with the proper IP address by typing show interface ethernet0, as shown in Example 4.

Example 4 - Verifying that Ethernet 0 Is Up and Configured with the Correct IP Address

Termserver#show interface ethernet0
Ethernet0 is up, line protocol is up
  Hardware is Lance, address is 0000.0c47.351c (bia 0000.0c47.351c)
  Internet address is 10.160.8.1/24
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 1/75, 0 drops
  5 minute input rate 0 bits/sec, 1 packets/sec
  5 minute output rate 0 bits/sec, 1 packets/sec
    6674 packets input, 1267069 bytes, 0 no buffer
    Received 6252 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 input packets with dribble condition detected
    12718 packets output, 1199744 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier
    0 output buffer failures, 0 output buffers swapped out

You can see that Ethernet 0 is up as shown in the highlighted lines of Example 4 because the interface is up and the line protocol is up. In addition, you see that the IP address of 10.160.8.1 and mask of 255.255.255.0 (/24) are configured on the interface.
The workstation has been assigned an IP address of 10.160.8.65 with a subnet mask of 255.255.255.0. From the workstation, verify that you can ping he newly assigned IP address on your terminal server's Ethernet 0 interface, as shown in Figure9.

Verify IP Connectivity Between Workstation and Terminal Server
Figure 9 - Verify IP Connectivity Between Workstation and Terminal Server

Success!

vty Line Configuration for Telnet Access

Virtual terminal lines are used to allow remote access to a router. A virtual terminal line is not associated with either the auxiliary or console port; instead, it is a "virtual port" on the router. The router has five virtual terminal lines, by default. You will configure the five vty lines (vty 0 through 4) for Telnet access and set a password of falcons on these lines. In addition, you want to ensure that, after 15 minutes of inactivity on the vty lines, the connection times out. To configure the vty lines, you will do the following from global configuration mode:

Step 1  Enter line configuration mode.
Step 2  Enable login on the vty lines.
Step 3  Set a password for Telnet access.
Step 4  Set the exec-timeout interval.

To examine how this is done, first enter line configuration mode for vty lines 0 through 4, as shown in Example 5.

Example 5 - Line Configuration Mode for vty 0 Through 4

Termserver#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Termserver(config)#line vty 0 4
Termserver(config-line)#

You can verify that you have successfully entered line configuration mode because the prompt has changed, as shown in the highlighted portion of Example 5. Next, enable login on the vty lines and set a Telnet password of falcons on the terminal server, as in Example 6.

Example 6 - Configure vty Lines with Login and Password Checking

Termserver(config-line)#login
Termserver(config-line)#password falcons

TIP: Remember that if an enable password has not been set on the router, you cannot Telnet into the router. This is true even when a password has been set on the vty lines. Although not shown here, assume that the terminal server has been configured with the enable password falcons.

Finally, it is a good idea to set timeout values on your vty lines so that idle Telnet sessions will not remain up indefinitely. By default, the exec-timeout is set to 10 minutes on both the console and the vty ports.

The timeout value is specified in minutes and seconds. You will set the timeout value to 15 minutes and 0 seconds on vty lines 0 through 4 using the exec-timeout command. If you are unsure of the order in which to specify minutes and seconds, use context-sensitive help, as shown in Example 7.

Example 7 - Setting the exec-timeout Value to 15 Minutes and 0 Seconds on vty Lines 0 Through 4

Termserver(config-line)#exec-timeout ?
<0-35791> Timeout in minutes

Termserver(config-line)#exec-timeout 15 ?
<0-2147483> Timeout in seconds
<cr>

Termserver(config-line)#exec-timeout 15 0
Termserver(config-line)#

Verify the configuration changes in your running-config by exiting back to privileged EXEC with CTRL-Z and then using a show running-config command. The highlighted section of Example 8 shows the last portion of the running-config with the configuration of the five vty lines.

Example 8 - Verify Changes with show running-config Command

Termserver(config-line)#^Z
Termserver#show running-config

line con 0
  login
line 1 16
line aux 0
line vty 0 4
  exec-timeout 15 0
  password 7 15140A0007252537
  login

The end of the configuration file shows all lines on the router, as well as the changes you have made to the vty lines.

Saving the Running Configuration

Save the configuration by typing copy running-config startup-config from global configuration mode, as shown in Example 9.

Example 9 - Copy running-config to startup-config

Termserver#copy running-config startup-config
Building configuration...
[OK]
Termserver#

NOTE: If you are running Cisco IOS software Release 12.0 or later, the copy command may ask for a confirmation in this form: Destination file [startup-config]?

The configuration has been successfully copied from the running configuration to the startup configuration, as denoted by the [OK] highlighted in Example 9.

Accessing the Terminal Server from a PC over a LAN/WAN via Telnet

Now you will test to see if you can Telnet to the terminal server at 10.160.8.1. To do so, configure the terminal application program (HyperTerminal) to Telnet to the router. This is done by starting HyperTerminal and, instead of selecting a COM port to connect through, selecting TCP/IP (Winsock), as shown in Figure 10.

NOTE: If the TCP/IP option is not available, you have an older version of the HyperTerminal Application. You can upgrade it at http://www.hilgraeve.com/.

HyperTerminal Configured to Use TCP/IP
Figure 10 - HyperTerminal Configured to Use TCP/IP

Next, enter the IP address of 10.160.8.1, as shown in Figure 11.

Telnet to Ethernet 0 10.160.8.1
Figure 11 - Telnet to Ethernet 0 10.160.8.1

You are first prompted for the Telnet password of falcons that you configured previously in Example 6. When this password is successfully supplied, you are taken into user EXEC mode. From there, you can type enable to gain access to privileged EXEC mode.

You have now successfully Telnetted to the terminal server.

Continue on page 2.

Top