Access 2

Gaining Access to Routers and Switches - Page 2

Configuring the Terminal Server

This page of the Study Guide demonstrates how to configure a terminal server to provide access to the rest of the routers in the lab. Once configured, you will be able access each lab router's console port through reverse Telnet.

Lab Objective

In this Study Guide, you will accomplish the following lab objective:

Configure a Cisco a router to be the terminal server for this lab. The terminal server is connected to each device's console port. Port assignments are as follows:

R1 - 2001
R2 - 2002
R3 - 2003
R4 - 2004
R5 - 2005
R6 - 2006
R6 - 2006
Catalyst Switch - 2007

After completing this objective, you will learn how to maneuver from the terminal server to each individual lab router and then back to the terminal server.

Terminal Server Overview

A terminal server provides out-of-band access for several devices. Out-of-band access is through a router's console or aux port versus in-band access that occurs over the network using telnet. Generally, a terminal server is a router with multiple, asynchronous ports that are connected to other devices, such as the console port of other routers or switches, as shown previously in Figure 8. To get a better idea of what the ports look like on the back of a terminal server Figure 12 shows the back of a Cisco router.

Figure 12 - A Cisco 2511 to Be Configured as the Lab Terminal Server

Cabling

The Cisco 2511 series router uses a 68-pin connector and breakout cable shown in Figure 13.

Figure 13 - CAB-OCTAL-ASYNC Cable

This cable is referred to as a CAB-OCTAL-ASYNC cable or just OCTAL cable. It provides eight RJ-45 rolled cable asynchronous (async) ports on each 68-pin connector. The 68-pin connector is attached to Interface Async 1 of the terminal server. Each RJ-45 rolled cable is connected to the console port of each router in the lab. For configuration purposes, each rolled cable is referred to as an asynchronous line in the configuration. Each line is numbered beginning with 2001 to 2008. So, R1 is attached to async 2001, R2 is connected to 2002, and so on up to 2007, which is connected to the Catalyst 1900 switch, leaving 2008 unused. See Figure 14 for an example.

Figure 14 - Terminal Server Connectivity to Lab Routers

NOTE: The async ports from the 68-pin connector are data terminal equipment (DTE) devices. DTE-to-DTE connections require a rolled (null modem) cable. DTE-to-DCE devices require a straight-through cable. Because the Octal cable is rolled, you can connect each cable directly to the RJ-45 console port of each lab router. However, some routers have console ports that are 25-pin interfaces instead of RJ-45. If so, remember that the 25-pin interface is a DCE, and you must use the RJ-45-to-25 pin adapter marked "modem" to reverse the roll and complete the connection.
The major benefit of a terminal server is that it allows you a single point from which to access the console ports of many devices. This is helpful initially in the lab because the lab routers will not have any configuration settings such as IP addresses or Telnet parameters. Without the terminal server, you would have the tedious process of manually switching between each router's console port to gain access. A second benefit is that a terminal server can provide fault tolerance in case the routers become inaccessible because of a network failure. This is because you can configure a modem on the auxiliary or asynchronous port of the terminal server, allowing dialup connectivity to the terminal server and thus to each router that the terminal server is connected to.

In the lab, the terminal server will be the single point from which you may access all other lab routers through reverse telnet.

Reverse Telnet
Most Telnet connections are considered forward connections, or connections accepted into a line or interface. Reverse Telnet means that the Telnet session is initiated out of the line (like an asynchronous line) instead of accepting a connection into the line. Thus, reverse Telnet allows you to Telnet out from a device that you are Telnetting to, but on a different interface, such as an asynchronous port. For example, the terminal server has a LAN (Ethernet) IP address of 10.160.8.1. If you want to connect to R1 on asynchronous line 2001, you would issue the following command from the terminal server:

Termserver#telnet 10.160.8.1 2001

Essentially, you are telling the router to connect to its own Ethernet 0 IP address of 10.160.8.1 via Telnet but to initiate the connection out line 2001. This will be a fundamental part of the lab exercises, so let's demonstrate how this is done.

In the lab, you will do reverse Telnet using an IP address assigned to a loopback interface. Loopback addresses are preferred because they are virtual and thus always available. For reverse Telnet to work, the interface that is used must be up and the line protocol must be up. Because of this, using a loopback interface is advantageous because it never goes down, as opposed to an Ethernet interface, which might go down and prevent reverse Telnet from working.

Terminal Server Configuration

Now that you have an understanding of how the terminal server is physically connected and how reverse Telnet functions, it's time to examine how to configure the terminal server.

The steps to configure the terminal server are as follows:
Step 1  Create a loopback interface.
Step 2  Assign an IP address to the loopback interface.
Step 3  Allow Telnet as a transport across asynchronous lines 1 to 16.
Step 4  Create a host table that maps a router's host name (such as R1, R2, and so on) to the asynchronous line it is connected to on the terminal server (such as 2001, 2002, and so on).

Steps 1 and 2: Creating a Loopback Interface and Assigning an IP Address

Begin by creating the loopback interface from global configuration mode. Going into interface configuration mode for the loopback 0 interface creates the loopback interface and brings up the interface, as highlighted in Example 11. You can assign the interface any number in the range of 0 to 2147483647. Use loopback 0 and assign it an IP address of 192.168.10.10 with a mask of 255.255.255.0, as shown in Example 10.

Example 10 - Creating loopback 0 and Assigning It an IP Address

Termserver(config)#
Termserver(config)#interface loopback0
Termserver(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
Termserver(config-if)#
%LINK-3-UPDOWN: Interface Loopback0, changed state to up

Termserver(config-if)#ip address 192.168.10.10 255.255.255.0

Exit interface configuration mode by doing a CTRL-Z and do a show running-config to show how this interface now appears in the output in Example 11.

Example 11 - loopback0 Interface as It Appears in Running-Config After Creation

Termserver(config-if)#^Z
Termserver#show running-config
Current configuration:
!
version 11.2
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Termserver
!
enable password 7 0200055708090132
!
interface Loopback0
ip address 192.168.10.10 255.255.255.0
!

You can also do a show interface loopback0 to verify that the loopback interface is up and has the correct IP address, as in Example 12.

Example 12 - show interface loopback0 Command Output Verifies Interface Status and IP Address

Termserver#show interface loopback0
Loopback0 is up, line protocol is up
  Hardware is Loopback
  Internet address is 192.168.10.10/24
  MTU 1514 bytes, BW 8000000 Kbit, DLY 5000 usec, rely 255/255, load 1/255
  Encapsulation LOOPBACK, loopback not set, keepalive set (10 sec)
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/0, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
    0 packets input, 0 bytes, 0 no buffer
    Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 packets output, 0 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 output buffer failures, 0 output buffers swapped out
Termserver#

Step 3: Allowing Telnet as a Transport Across Asynchronous Lines 1 to 16

Now that the loopback 0 interface is created, you need to ensure that the asynchronous lines allow Telnet to traverse the lines.
This is done using the transport input x command, where x is the protocol that you want to allow, such as Telnet. The command allows the granularity of permitting only certain protocols to cross the asynchronous lines. The allowed protocols are shown using context-sensitive help, as demonstrated in Example 13.

Example 13 - Available Protocols Configurable for Transport Across the Asynchronous Lines

Termserver(config)#line 1 16
Termserver(config-line)#transport input ?
all	All protocols
lat	DEC LAT protocol
mop	DEC MOP Remote Console Protocol
nasi	NASI protocol
none	No protocols
pad	X.3 PAD
rlogin	Unix rlogin protocol
telnet	TCP/IP Telnet protocol
v120	Async over ISDN
Termserver(config-line)#transport input

In the lab, you will do a transport input telnet to allow Telnet to cross the lines.

Enter line configuration mode for asynchronous lines 1 through 16. To do this, type line 1 16 from privileged EXEC mode.

NOTE: In the lab, you are really concerned with only Lines 1 to 7 (2001 to 2007) because they are the only asynchronous lines that have routers connected to them. However, because a Cisco 2511 has two asynchronous interfaces, 16 lines total are available (8 per asynchronous interface) for configuration.

Upon entering line configuration mode, allow all protocols to be transported across the lines, as shown in Example 15.

Example 14 - Allow All Protocols to Cross the Asynchronous Lines

Termserver(config)#line 1 16
Termserver(config-line)#transport input telnet
Termserver(config-line)#^Z

Step 4: Creating a Host Table That Maps a Router's Host Name to the Asynchronous Line to Which It Is Connected on the Terminal Server

At this point, the terminal server is configured and should be functional; however, as a timesaver, you will create a host table that maps the router name to the loopback 0 interface and then specify the asynchronous port out which to initiate the reverse Telnet session. This is done using the ip host command. The ip host command is a static DNS entry used by the router. The router will translate "R1" to 192.168.10.10 port 2001. When this host table is completed, you will access each router by typing the host name of the router. For example, typing R1 initiates a reverse Telnet session out asynchronous line 1 (2001). Create the table from global configuration mode as shown in Example 15.

Example 15 - Creating IP Host Table for Reverse Telnet

Termserver#config t
Enter configuration commands, one per line. End with CNTL/Z.

Termserver(config)#ip host r1 2001 192.168.10.10
Termserver(config)#ip host r2 2002 192.168.10.10
Termserver(config)#ip host r3 2003 192.168.10.10
Termserver(config)#ip host r4 2004 192.168.10.10
Termserver(config)#ip host r5 2005 192.168.10.10
Termserver(config)#ip host r6 2006 192.168.10.10
Termserver(config)#ip host cat19 2007 192.168.10.10
Termserver(config)#

Saving and Testing the Terminal Server Configuration

Exit back to global configuration mode by doing a CTRL-Z and then save the configuration. Next, test reverse Telnet functionality by typing R1 from user EXEC or privileged EXEC mode, as shown in Example 16.

Example 16 - Successful Reverse Telnet to R1

Termserver#^Z
Termserver#copy running startup
Building configuration...
[OK]
Termserver#r1
Trying r1 (192.168.10.10, 2001)... Open Hit enter key

Router>

You can see from Example 16 that the terminal server initiates a connection to R1. It does this by connecting to its own loopback 0 address of 192.168.10.10 (via Telnet) and then redirecting the connection out asynchronous port 2001. Because the Telnet connection is "redirected," it is referred to a reverse Telnet connection. Next, hit the Enter key to get the Router> prompt. R1's console port is connected to asynchronous line 1 (port 2001) of the terminal server. By hitting the Enter key, you are placed into R1's user EXEC mode. At this point, give the router a host name of R1 to avoid confusion about which router you are connected to. Change the host name to R1, and save the changes, as shown in Example 17.

Example 17 - Hostname Changed from Router to R1

Router>enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname R1
R1(config)#^Z
R1#copy running startup
Building configuration... [OK] R1#

To get back to the terminal server, type Ctrl-Shift-6, x from R1, as in Example 18.

Example 18 - Return to the Terminal Server via the Escape Sequence

R1#Ctrl-Shift-6, x
Termserver#

Upon doing the escape sequence (Ctrl-Shift-6, x), notice that you have been returned to the terminal server, as shown by the change from the R1# prompt to the Termserver# prompt in Example 18.

Connecting, Disconnecting, and Verifying Reverse Telnet Sessions

From the terminal server, you can view active reverse Telnet connections by doing show sessions as in Example 19.

Example 19 - Established Sessions on the Terminal Server

Termserver#show sessions

Conn Host Address Byte Idle Conn Name
* 1 r1 192.168.10.10 0 3 R1

Termserver#

When a reverse Telnet session is established, the session is given a connection number. The asterisk preceding the connection number indicates that the session is active, as highlighted in Example 19.

To return to an active session, you can simply enter the connection number. Upon seeing the message [Resuming connection 1 to R1 ... ], press the Enter key and you are taken to R1, as demonstrated in Example 20.

Example 20 - Resuming an Active Reverse Telnet Session Using the Connection Number

Termserver#1
[Resuming connection 1 to r1 ... ]
Hit Enter key
R1#

Occasionally, when initiating the reverse Telnet session, the connection might be refused and you will not be able to get into a router; you will see a message as shown in Example 21.

Example 21 - Reverse Telnet Session Refused by Remote Host

Termserver#r1
Trying r1 (192.168.10.10, 2001)...
% Connection refused by remote host

Termserver#

When the connection is refused, you need to clear the asynchronous line and attempt the reverse Telnet again. This is done by doing a clear line 1, confirming the request by pressing Enter, and then entering r1 to reinitiate the reverse Telnet connection, as shown in Example 22.

Example 22 - Clearing the Asynchronous Line 1 After a Connection Is Refused and Reinitiating the Reverse Telnet Connection

Termserver#r1
Trying r1 (192.168.10.10, 2001)...
% Connection refused by remote host

Termserver#clear line 1
[confirm]
[OK]
Termserver#r1
Trying r1 (192.168.10.10, 2001)... Open

R1>

TIP: You might need to clear the line a few times before it completely clears.

You have now successfully connected to R1 through reverse Telnet.

Return to the terminal server from R1 using Ctrl-Shift-6, x. Execute a show sessions command on the terminal server to display that connection 1 is an established reverse Telnet session to R1. To disconnect a previously established reverse Telnet session, you can enter disconnect and the connection number, and then hit Enter to confirm the disconnect, as shown in Example 23.

Example 23 - Disconnecting an Established Reverse Telnet Session

R1>
Termserver#show sessions
Conn Host Address Byte Idle Conn Name
* 1 r1 192.168.10.10 0 0 R1

Termserver#disconnect 1
Closing connection to r1 [confirm]
Termserver#

Now if you do a show sessions on the terminal server, as demonstrated in Example 24, you can see that the reverse Telnet session to R1 was disconnected.

Example 24 - No Active Reverse Telnet Session After Doing a Disconnect

Termserver#show sessions
% No connections open
Termserver#

To finish, set up a reverse Telnet connection to each of the lab devices, R1 through R6. First, you'll connect to each router by typing the router's host name, hitting Enter, and then entering the escape sequence Ctrl-Shift-6, x to get back to the terminal server to repeat the process for the next router (see Example 25).

Example 25 - Setting Up a Reverse Telnet Session to Each Lab Router

Termserver#r1
Trying r1 (192.168.10.10, 2001)... Open

R1>
Termserver#r2
Trying r2 (192.168.10.10, 2002)... Open

Router> Termserver#r3
Trying r3 (192.168.10.10, 2003)... Open

Router> Termserver#r4
Trying r4 (192.168.10.10, 2004)... Open

Router> Termserver#r5
Trying r5 (192.168.10.10, 2005)... Open

Router> Termserver#r6
Trying r6 (192.168.10.10, 2006)... Open

Router>
Termserver#

Notice in Example 25 that the reverse Telnet session is successful because the connection shows Open and you are taken to the router prompt of each respective device. R1 is the only router with a configured host name because it is the only router that you have configured with a host name so far. Thus, the remaining routers take you to the Router> prompt.

NOTE: Individual host names for the remaining routers will be configured later, "General Router Configurations."

Reverse Telnetting to the Catalyst Switch

Next, establish a reverse Telnet session to the Catalyst 1900 switch by entering cat1900 and pressing Enter, as shown in Example 26.

Example 26 - Setting Up a Reverse Telnet Session to the Catalyst Switch

Termserver#cat1900
Trying cat1900 (192.168.1.3, 2007)... Open

-------------------------------------------------
Catalyst 1900 Management Console
Copyright (c) Cisco Systems, Inc. 1993-1997
All rights reserved.

Ethernet address: 00-C0-1D-80-C7-5E
-------------------------------------------------

1 user(s) now active on Management Console.

Enter password:
Termserver#

Now from the terminal server, do a show sessions and notice that each reverse Telnet session has been assigned a connection number (see Example 27).

Example 27 - Connections Numbers Assigned to Each Lab Device

Termserver#show sessions
Conn               HostAddress      Byte Idle Conn Name
  1 r1               192.168.10.10   0   0  R1
  2 r2               192.168.10.10   0   0  r2
  3 r3               192.168.10.10   0   0  r3
  4 r4               192.168.10.10   0   0  r4
  5 r5               192.168.10.10   0   0  r5
  6 r6               192.168.10.10   0   0  r6
v7 cat1900   192.168.10.10   0   0 cat1900

From this point on, when configuring lab devices, you can access each device by simply entering the connection number associated with the device from the terminal server (that is, 1 to access R1, 2to access R2, and so on).

Summary

You have now successfully completed the configuration of the terminal server. Table 1 summarizes the commands to maneuver between the terminal server and the lab routers, as well as manage reverse Telnet connections on the terminal server.

Table 1 - Study Guide Command Summary

Command	Purpose
show sessions	Displays all open sessions
disconnect connection #	Disconnects the desired connection
clear line line #	Clears the desired asynchronous line (1 to 16, where 1 = 2001, 2 = 2002 and so on)
Ctrl-Shift-6, x	Escapes the current session and returns to the terminal server
line 1 16	Enters line configuration mode for asynchronous lines 1 through 16 on the terminal server
line vty 0 4	Enters line configuration mode for vty lines 0 through 4
transport input protocol	Defines what protocols are allowed across the asynchronous or vty lines
ip host [hostname] [port] [ip-address]	Adds an entry to the IP host name table
copy running-config startup-config	Copies the running configuration to the startup configuration

Top