Cisco路由器做反向Telnet做终端服务器
Cisco路由器的异步串口支持反向Telnet,因此可以用这个功能将一台2509配置成终端服务器,连接实验环 境的其他Cisco设备,具体做法如下: 将Cisco2509安装八爪鱼线缆,注意只安装线缆,不装DB25-RJ45转换器。将八爪鱼线缆RJ45一头插入其他Cisco设备的Console口。然后配置这台2509:
Line tty 1 8
No exec
Transport input all
对于要使用AUX接口的,还要:
Line AUX 0
No exec
Transport input all
如果要登录tty1(1号辫子)连接的Cisco设备,就要在用于终端服务器的2509上:
telnet X.X.X.X 2001 (X.X.X.X为2509的loopback地址)
同理,如果要登录tty2(2号辫子)连接的Cisco设备,就要在用于终端服务器的2509上:
telnet X.X.X.X 2002
如果要登录tty65(AUX)连接的Cisco设备,就要在用于终端服务器的2509上:
telnet X.X.X.X 2065
也就是说:
对哪个端口使用反向telnet,就要:
telnet X.X.X.X (2000+Line号)
对于Line号的查询,可使用:
show Line
特别注意:
一定要在使用反向Telnet的Line上配置:
Line tty X
No exec
Transport input all
否则无法打开端口
具体的配置
hostname Server
no ip domain-lookup
ip host CASA 2001 1.1.1.1
ip host CPIX 2002 1.1.1.1
ip host FINET 2003 1.1.1.1
ip host CIPS
ip host CSW1 2004 1.1.1.1 //CS-2950(12port)
ip host CSW2 2005 1.1.1.1
ip host CR1 2006 1.1.1.1 //2T+2E
ip host CR2 2007 1.1.1.1 //1T+1E
ip host CR3 2008 1.1.1.1 //2E
ip host CR4 2009 1.1.1.1
ip host HSW1 2010 1.1.1.1
ip host HSW2 2011 1.1.1.1
ip host HR1 2012 1.1.1.1
ip host HR2 2013
ip host HR3 2014
ip host HR4 2015
interface Loopback0
ip address 1.1.1.1 255.255.255.0---------------------------------------------------cisco原文档------------------------------------------------------
http://www.cisco.com/en/US/tech/tk801/tk36/technologies_configuration_example09186a008014f8e7.shtml
IntroductionA terminal or comm server commonly provides out-of-band access formultiple devices. A terminal server is a router with multiple, lowspeed, asynchronous ports that are connected to other serialdevices,for example, modems or console ports on routers or switches.
The terminal server allows you to use a single point to access theconsole ports of many devices. A terminal server eliminates the need toconfigure backup scenarios like modems on auxiliary ports for everydevice. You can also configure a single modem on the auxiliary port ofthe terminal server, to provide dial-up service to the other deviceswhen network connectivity fails.
This document shows how to configure a terminal server to accessonly the console ports on other routers through Reverse Telnet. ReverseTelnet allows you to establish a Telnet connection out on the samedevice you telnet from, but on a different interface. For moreinformation on Reverse Telnet refer to Establishing a Reverse Telnet Session to a Modem.
PrerequisitesRequirementsThere are no specific requirements for thisdocument.
Components UsedThis document is not restricted to specific software andhardware versions.
ConventionsFor more information on document conventions, refer to the Cisco Technical Tips Conventions.
The information in this document was created from the devices in aspecific lab environment. All of the devices used in this documentstarted with a cleared (default) configuration. If your network islive, make sure that you understand the potential impact of any command.
CablingThe Cisco 2509 - 2512 series routers use a 68-pin connector andbreakout cable. This cable (CAB-OCTAL-ASYNC)provideseight RJ-45 rolled cableasync ports on each 68-pin connector.You canconnect each RJ-45 rolledcable async port to the console portof adevice. The 2511 router allowsfor a maximum of 16 devices toberemotely accessible. In addition, the NM-16A or NM-32Ahighdensity async network modulesare available for the Cisco 2600 and3600series routers to provide thesame function. For more informationoncabling refer to the Let's Connect:Your Serial Cable Guide and the Cabling Guide for Console and AUX Ports.
Note: The async ports from the 68-pin connector aredata terminal equipment (DTE) devices. DTE to DTE devices require arolled (null modem) cable and DTE to data circuit-terminating equipment(DCE) devices require a straight-through cable. The CAB-OCTAL-ASYNCcable is rolled. Therefore, you can connect each cable directly to theconsole ports of devices with RJ-45 interfaces. However, if the consoleport of the device to which you connect is a 25-pin interface (DCE),you must use the RJ-45 to 25-pin adapter marked "Modem" (to reverse the"roll") in order to complete the connection.
This table shows the port types for console and auxiliary ports on Ciscorouters and switches:
InterfaceType DB25 Interface RJ-45 Interface Console DCE DTE AUX DTE DTE Design StrategyConfigure the terminal server so that you can access the terminalserver from anywhere. In order to make the terminal server accessible,assign a registered public Internet address, and locate the serveroutside the firewall. When you do so, firewall issues do not interruptyour connection. You can always maintain connectivity to the terminalserver and access the connected devices. If you are concerned aboutsecurity, configure access lists to allow access only to the terminalserver from certain addresses. For a more robust security solution, youcan also configure server-based authentication, authorization, andaccounting (AAA) for example, RADIUS or TACACS+. For more informationon AAA refer to the Cisco AAA Implementation Case Study.
You can configure a modem on the auxiliary port of the terminalserver for dial backup in the event your primary connection (throughthe Internet) goes down. Such a modem eliminates the need to configurea dial backup for each device. The terminal server is connected throughits async ports to the console ports of the other devices. For moreinformation on how to connect a modem to the AUX port, refer to Modem-Router Connection Guide.
Use the ip default gatewaystatement,and point to the the next hop router on the Internet. This commandenables you to have connectivity to the terminal server through theInternetevenif routing is not enabled. For example, the terminalserver is inROMmonitor (ROMMON) mode as a result of a bad rebootafter a poweroutage.
ConfigureIn this section, you are presented with the information toconfigure the features described in this document.
Note: To find additional information on the commandsused in this document, use the Command Lookup Tool ( registeredcustomers only) .
Network DiagramThis document uses this network setup:
http://www.net527.cn/uploads/allimg/100130/1I615IM-1.gif
ConfigurationsThis document uses this configuration:
[*] Cisco 2511
Cisco 2511 aus-comm-server#showrunning-config !
version 12.0
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname aus-comm-server
!
enable secret<deleted>
!
username cisco password <deleted>
!
ip subnet-zero
ip domain-list cisco.com
no ip domain-lookup
ip host 3600-3 2014 172.21.1.1
!--- The host 3600-3 is connected to port 14 ofthe comm server.
!--- Ensure that the IP address is that of an interface on the commserver.
ip host 3600-2 2013 172.21.1.1
ip host 5200-1 2010 172.21.1.1
ip host 2600-1 2008 172.21.1.1
ip host 2509-1 2007 172.21.1.1
ip host 4500-1 2015 172.21.1.1
ip host 3600-1 2012 172.21.1.1
ip host 2511-2 2002 172.21.1.1
ip host 2511-rj 2003 172.21.1.1
ip host 2511-1 2001 172.21.1.1
ip host 5200-2 2011 172.21.1.1
ip host 2520-1 2004 172.21.1.1
ip host 2520-2 2005 172.21.1.1
ip host 2600-2 2009 172.21.1.1
ip host 2513-1 2006 172.21.1.1
ip host pix-1 2016 172.21.1.1
!
!
process-max-time 200
!
interface Loopback1
ip address 172.21.1.1 255.0.0.0
!--- This address is used in the IP host commands.
!--- Work with loopback interfaces, which are virtual and alwaysavailable.
no ip directed-broadcast
!
interface Ethernet0
ip address 171.55.31.5 255.255.255.192
!---Use a public IP address to ensureconnectivity.
No ip directed-broadcast
no ip mroute-cache
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
ip default-gateway 171.55.31.1
!--- This is the default gateway when routing isdisabled.
!--- For example, if the router is in boot ROM mode.
ip> ip route 0.0.0.0 0.0.0.0 171.55.31.1
!--- Set the default route for the externalnetwork.
no ip http server
!
line con 0
transport input all
line 1 16
session-timeout 20
!--- The session times out after 20 minutes ofinactivity.
no exec
!--- Unwanted signals from the attached device donot launch.
!--- An EXEC session ensures that the line never becomes unavailable
!--- due to a rogue EXEC process.
exec-timeout 0 0
!--- This disables exec timeout transport inputall.
!--- Allow all protocols to use the line.
!--- Configure lines 1 - 16 with at least transport input Telnet.
line aux 0
!--- Auxiliary port can provide dial backup to thenetwork.
!--- Note: This configuration does not implement modemon AUX port modem InOut.
!--- Allow auxiliary port to support dialout and dialin connections.
transport preferred telnet
transport input all
speed 38400
flowcontrol hardware
line vty 0 4
exec-timeout 60 0
password <deleted>
login
!
end
Note: If you use the 3600 as the access-server, referto How Async Lines are Numbered in Cisco 3600 SeriesRouters for line number details.
Command Summaryip host —Use this command to define thename-to-address mapping of the static host in the host cache. in orderto remove the name-to-address mapping, use the noform of this command.
[*] ip host name address1
[*] name —Thisfield indicatesthename of the host. The name field need not match theactual name oftherouter to which you want to connect. However, ensurethat you enter a name you would want to use in the reverse Telnet. Whenyou use this command and the name field, you do not have to know theactual port number of the remote device.
[*] tcp-port-number —This fieldrepresents the TCP port number to which you want to connect when you usethe defined host name along with an EXEC connect or telnetcommand. In our example configuration, we use a reverse Telnet so theport number must be 2000+line number.
[*] address1 —this field representsan associated IP address. In our example configuration, we use theloopback IP address.
transport input—Use thiscommand to define the protocols to use when you connect to a specificline of the router.
[*] transport input {all | lat | mop | nasi | none |pad | rlogin | telnet | v120}
[*] all —All selects all protocols.
[*] none —None prevents anyprotocol selection on the line. In this case, the port becomes unusablefor incoming connections.
Note: In our configuration example, theasync lines use the minimum configuration of the transport inputtelnet command. So you can Telnet to the devices on the asyncline.
telnet—Use this EXEC command to log into ahost that supports Telnet.
[*] telnet host
[*] host This field indicates a hostname or IP address. Host can be one of the name fields defined in theip host command.
[*] port —Thisfield indicates a decimal TCP port number. The Telnet router port(decimal 23) on the host is the default decimal TCP port number. Forreverse Telnet, the port number must be 2000+line number. Line numbersrange from 1-16 in our configuration. Use the show line EXEC command to viewthe available lines.
Switch Between Active SessionsComplete thesesteps in order to switch between active sessions:
[*] Use the escape sequence Ctrl-Shift-6then x to exit the current session.
[*] Use the show sessions command to displayall open connections. aus-comm-server#show sessions
Conn Host Address Byte> 1 2511-1 171.69.163.26 0 0 2511-1
2 2511-2 171.69.163.26 0 0 2511-2
* 3 2511-3 171.69.163.26 0 0 2511-3
Note:The asterisk (*) indicates the current terminal session.
[*] Enter the session (conn) number to connect to thecorresponding device. For example, to connect to 2511-1 type 1,which is the connection number. However if you hit the return key, youare connected to the current terminal session, which in this case isrouter 2511-3.
Terminate Active SessionsComplete these steps to terminate aparticular Telnet session:
[*] Use the escape sequence Ctrl-Shift-6then x to exit the current Telnet session.
Note: Ensurethat you can>
[*] Issue the show sessions command to displayall open connections.
[*] Issue the disconnect commandto disconnect the required session.
VerifyThis section provides information you can use to confirmyour configuration is working properly. Certain show commands are supported by the Output Interpreter Tool ( registeredcustomers only) , which allows you to view an analysis of showcommand output.
[*] show ip interface brief —indicates whetherthe interface you use for the Telnet session is up.
TroubleshootThis section provides information you can use totroubleshoot your configuration. Troubleshooting ProcedureFollow these instructions to troubleshoot yourconfiguration.
If you cannot connect to the router of your choice with a nameconfigured in theip host command check:
[*] Check whether the port address is configuredcorrectly.
[*] Verify whether the address (interface) used for the reverseTelnet is up/up. The output of the show ip interface briefcommand provides this information. Cisco recommends you to useloopbacks because they are always up.
[*] Ensurethat you have the correct type of cabling. For example, you must notuse a crossover cable to extend the length. Refer to the Cabling section for more information.
[*] Establisha Telnet connection to the IP address port to test direct connectivity.You must telnet from both an external device and the terminal server.For example, telnet 172.21.1.1 2003.
[*] Ensure that you have the transport input telnetcommand under the line for the target device. The target device is thedevice that is connected to the terminal server.
[*] Usea PC/dumb terminal to connect directly to the console of the targetrouter. The target router is the device connected to the terminalserver. This step helps you>
[*] If you are disconnected, check timeouts. You can remove oradjust timeouts. Note: Ifyou encounter authentication failures, remember that the terminalserver performs the first authentication (if configured), while thedevice to which you try to connect performs the second authentication(if configured). Verify whether AAA is configured correctly on both theterminal server and the connecting device.
页:
[1]