Cisco路由器做反向Telnet做终端服务器

超酷小

Cisco路由器的异步串口支持反向Telnet，因此可以用这个功能将一台2509配置成终端服务器，连接实验环 境的其他Cisco设备，具体做法如下：　　将Cisco  2509安装八爪鱼线缆，注意只安装线缆，不装DB25-RJ45转换器。将八爪鱼线缆RJ45一头插入其他Cisco设备的Console口。
　　然后配置这台2509：
　　Line tty 1 8
　　No exec
　　Transport input all
　　对于要使用AUX接口的，还要：
　　Line AUX 0
　　No exec
　　Transport input all
　　如果要登录tty1(1号辫子)连接的Cisco设备，就要在用于终端服务器的2509上：
　　telnet X.X.X.X 2001 (X.X.X.X为2509的loopback地址)
　　同理，如果要登录tty2(2号辫子)连接的Cisco设备，就要在用于终端服务器的2509上：
　　telnet X.X.X.X 2002
　　如果要登录tty65(AUX)连接的Cisco设备，就要在用于终端服务器的2509上：
　　telnet X.X.X.X 2065
　　也就是说：
　　对哪个端口使用反向telnet，就要：
　　telnet X.X.X.X （2000＋Line号）
　　对于Line号的查询，可使用：
　　show Line
　　特别注意：
　　一定要在使用反向Telnet的Line上配置：
　　Line tty X
　　No exec
　　Transport input all
　　否则无法打开端口
　　具体的配置
　　hostname Server
　　no ip domain-lookup
　　ip host CASA 2001 1.1.1.1
　　ip host CPIX 2002 1.1.1.1
　　ip host FINET 2003 1.1.1.1
　　ip host CIPS
　　ip host CSW1 2004 1.1.1.1     //CS-2950(12port)
　　ip host CSW2 2005 1.1.1.1
　　ip host CR1 2006 1.1.1.1          //2T+2E
　　ip host CR2 2007 1.1.1.1          //1T+1E
　　ip host CR3 2008 1.1.1.1          //2E
　　ip host CR4 2009 1.1.1.1
　　ip host HSW1 2010 1.1.1.1
　　ip host HSW2 2011 1.1.1.1
　　ip host HR1 2012 1.1.1.1
　　ip host HR2 2013
　　ip host HR3 2014
　　ip host HR4 2015
　　interface Loopback0
　　ip address 1.1.1.1   255.255.255.0---------------------------------------------------cisco原文档  ------------------------------------------------------
　　http://www.cisco.com/en/US/tech/tk801/tk36/technologies_configuration_example09186a008014f8e7.shtml
　　IntroductionA terminal or comm server commonly provides out-of-band   access formultiple devices. A terminal server is a router with multiple,   lowspeed, asynchronous ports that are connected to other serial  devices,for example, modems or console ports on routers or switches.
　　The terminal server allows you to use a single point to access   theconsole ports of many devices. A terminal server eliminates the need   toconfigure backup scenarios like modems on auxiliary ports for   everydevice. You can also configure a single modem on the auxiliary port   ofthe terminal server, to provide dial-up service to the other   deviceswhen network connectivity fails.
　　This document shows how to configure a terminal server to accessonly the   console ports on other routers through Reverse Telnet. ReverseTelnet   allows you to establish a Telnet connection out on the samedevice you   telnet from, but on a different interface. For moreinformation on   Reverse Telnet refer to Establishing a Reverse Telnet Session to a Modem.
　　PrerequisitesRequirementsThere are no specific requirements for this  document.
　　Components UsedThis document is not restricted to specific software and  hardware versions.
　　ConventionsFor more information on document conventions, refer to the Cisco Technical Tips Conventions.
　　The information in this document was created from the devices in   aspecific lab environment. All of the devices used in this   documentstarted with a cleared (default) configuration. If your network   islive, make sure that you understand the potential impact of any   command.
　　CablingThe Cisco 2509 - 2512 series routers use a 68-pin connector and  breakout cable. This cable (CAB-OCTAL-ASYNC)provides  eight RJ-45 rolled cable  async ports on each 68-pin connector.You can  connect each RJ-45 rolled  cable async port to the console portof a  device. The 2511 router allows  for a maximum of 16 devices to  beremotely accessible. In addition, the NM-16A or NM-32Ahigh  density async network modules  are available for the Cisco 2600 and3600  series routers to provide the  same function. For more informationon  cabling refer to the Let's Connect:Your Serial Cable Guide and the Cabling Guide for Console and AUX Ports.
　　Note: The async ports from the 68-pin connector aredata   terminal equipment (DTE) devices. DTE to DTE devices require arolled   (null modem) cable and DTE to data circuit-terminating equipment(DCE)   devices require a straight-through cable. The CAB-OCTAL-ASYNCcable is   rolled. Therefore, you can connect each cable directly to theconsole   ports of devices with RJ-45 interfaces. However, if the consoleport of   the device to which you connect is a 25-pin interface (DCE),you must use   the RJ-45 to 25-pin adapter marked "Modem" (to reverse the"roll") in   order to complete the connection.
　　This table shows the port types for console and auxiliary ports on Cisco  routers and switches:
Interface  Type            DB25 Interface            RJ-45 Interface            Console            DCE            DTE            AUX            DTE            DTE　　Design StrategyConfigure the terminal server so that you can access the   terminalserver from anywhere. In order to make the terminal server   accessible,assign a registered public Internet address, and locate the   serveroutside the firewall. When you do so, firewall issues do not   interruptyour connection. You can always maintain connectivity to the   terminalserver and access the connected devices. If you are concerned   aboutsecurity, configure access lists to allow access only to the   terminalserver from certain addresses. For a more robust security   solution, youcan also configure server-based authentication,   authorization, andaccounting (AAA) for example, RADIUS or TACACS+. For   more informationon AAA refer to the Cisco AAA Implementation Case Study.
　　You can configure a modem on the auxiliary port of the terminalserver   for dial backup in the event your primary connection (throughthe   Internet) goes down. Such a modem eliminates the need to configurea dial   backup for each device. The terminal server is connected throughits   async ports to the console ports of the other devices. For   moreinformation on how to connect a modem to the AUX port, refer to Modem-Router Connection Guide.
　　Use the ip default gatewaystatement,and   point to the the next hop router on the Internet. This commandenables   you to have connectivity to the terminal server through theInternet  even  if routing is not enabled. For example, the terminalserver is in  ROM  monitor (ROMMON) mode as a result of a bad rebootafter a power  outage.
　　ConfigureIn this section, you are presented with the information to  configure the features described in this document.
　　Note: To find additional information on the commands  used in this document, use the Command Lookup Tool ([size=-1] registered  customers only) .
　　Network DiagramThis document uses this network setup:

http://www.net527.cn/uploads/allimg/100130/1I615IM-1.gif

　　ConfigurationsThis document uses this configuration:

•     Cisco 2511
  

                    Cisco 2511            aus-comm-server#show  running-config　　!
　　version 12.0
　　service timestamps debug datetime msec localtime show-timezone
　　service timestamps log datetime msec localtime show-timezone
　　service password-encryption
　　!
　　hostname aus-comm-server
　　!
　　enable secret  <deleted>
　　!
　　username cisco password <deleted>
　　!
　　ip subnet-zero
　　ip domain-list cisco.com
　　no ip domain-lookup
　　ip host 3600-3 2014 172.21.1.1
　　
　　!--- The host 3600-3 is connected to port 14 of  the comm server.
　　!--- Ensure that the IP address is that of an interface on the comm  server.
　　ip host 3600-2 2013 172.21.1.1
　　ip host 5200-1 2010 172.21.1.1
　　ip host 2600-1 2008 172.21.1.1
　　ip host 2509-1 2007 172.21.1.1
　　ip host 4500-1 2015 172.21.1.1
　　ip host 3600-1 2012 172.21.1.1
　　ip host 2511-2 2002 172.21.1.1
　　ip host 2511-rj 2003 172.21.1.1
　　ip host 2511-1 2001 172.21.1.1
　　ip host 5200-2 2011 172.21.1.1
　　ip host 2520-1 2004 172.21.1.1
　　ip host 2520-2 2005 172.21.1.1
　　ip host 2600-2 2009 172.21.1.1
　　ip host 2513-1 2006 172.21.1.1
　　ip host pix-1 2016 172.21.1.1
　　!
　　!
　　process-max-time 200
　　!
　　interface Loopback1
　　ip address 172.21.1.1 255.0.0.0
　　
　　!--- This address is used in the IP host commands.
　　!--- Work with loopback interfaces, which are virtual and always  available.
　　no ip directed-broadcast
　　!
　　interface Ethernet0
　　ip address 171.55.31.5 255.255.255.192
　　
　　!---  Use a public IP address to ensure  connectivity.
　　No ip directed-broadcast
　　no ip mroute-cache
　　!
　　interface Serial0
　　no ip address
　　no ip directed-broadcast
　　no ip mroute-cache
　　shutdown
　　!
　　ip default-gateway 171.55.31.1
　　
　　!--- This is the default gateway when routing is  disabled.
　　!--- For example, if the router is in boot ROM mode.

　　ip>　　ip route 0.0.0.0 0.0.0.0 171.55.31.1
　　
　　!--- Set the default route for the external  network.
　　no ip http server
　　!
　　line con 0
　　transport input all
　　line 1 16
　　session-timeout 20
　　
　　!--- The session times out after 20 minutes of  inactivity.
　　no exec
　　
　　!--- Unwanted signals from the attached device do  not launch.
　　!--- An EXEC session ensures that the line never becomes unavailable
　　!--- due to a rogue EXEC process.
　　exec-timeout 0 0
　　
　　!--- This disables exec timeout transport input  all.
　　!--- Allow all protocols to use the line.
　　!--- Configure lines 1 - 16 with at least transport input Telnet.
　　line aux 0
　　
　　!--- Auxiliary port can provide dial backup to the  network.
　　!--- Note: This configuration does not implement modem  on AUX port modem InOut.
　　!--- Allow auxiliary port to support dialout and dialin connections.
　　transport preferred telnet
　　transport input all
　　speed 38400
　　flowcontrol hardware
　　line vty 0 4
　　exec-timeout 60 0
　　password <deleted>
　　login
　　!
　　end
　　Note: If you use the 3600 as the access-server, refer  to How Async Lines are Numbered in Cisco 3600 Series  Routers for line number details.
　　Command Summaryip host —Use this command to define   thename-to-address mapping of the static host in the host cache. in   orderto remove the name-to-address mapping, use the no  form of this command.

•     ip host name [tcp-port-number] address1  [address2...address8]
  
  
  
  •         name —Thisfield indicates  the  name of the host. The name field need not match theactual name of  the  router to which you want to connect. However, ensurethat you enter a   name you would want to use in the reverse Telnet. Whenyou use this   command and the name field, you do not have to know theactual port   number of the remote device.
    
  •         tcp-port-number —This field  represents the TCP port number to which you want to connect when you use  the defined host name along with an EXEC connect or telnet  command. In our example configuration, we use a reverse Telnet so the  port number must be 2000+line number.
    
  •         address1 —this field represents  an associated IP address. In our example configuration, we use the  loopback IP address.
    
     
  

transport input—Use this  command to define the protocols to use when you connect to a specific  line of the router.

•     transport input {all | lat | mop | nasi | none |  pad | rlogin | telnet | v120}
  
  
  
  •         all —All selects all protocols.
    
  •         none —None prevents any  protocol selection on the line. In this case, the port becomes unusable  for incoming connections.
    
      Note: In our configuration example, the  async lines use the minimum configuration of the transport input  telnet command. So you can Telnet to the devices on the async  line.
  

telnet—Use this EXEC command to log into a  host that supports Telnet.

•     telnet host [port] [keyword]
  
  
  
  •         host This field indicates a host  name or IP address. Host can be one of the name fields defined in theip host command.
    
  •         port —Thisfield indicates a   decimal TCP port number. The Telnet router port(decimal 23) on the host   is the default decimal TCP port number. Forreverse Telnet, the port   number must be 2000+line number. Line numbersrange from 1-16 in our   configuration. Use the show line EXEC command to view  the available lines.
    
     
  

Switch Between Active SessionsComplete these  steps in order to switch between active sessions:

•     Use the escape sequence Ctrl-Shift-6  then x to exit the current session.
  
•     Use the show sessions command to display  all open connections.

      aus-comm-server#show sessions
  　　Conn Host      Address         Byte>　　1 2511-1    171.69.163.26   0     0     2511-1
  　　2 2511-2    171.69.163.26   0     0     2511-2
  　　* 3 2511-3    171.69.163.26   0     0     2511-3
  

      Note:  The asterisk (*) indicates the current terminal session.
  
•     Enter the session (conn) number to connect to the  corresponding device. For example, to connect to 2511-1 type 1,which   is the connection number. However if you hit the return key, youare   connected to the current terminal session, which in this case isrouter   2511-3.
  

Terminate Active SessionsComplete these steps to terminate a  particular Telnet session:

•     Use the escape sequence Ctrl-Shift-6  then x to exit the current Telnet session.
  　　Note: Ensurethat you can>
  
•     Issue the show sessions command to display  all open connections.
  
•     Issue the disconnect [connection] command  to disconnect the required session.
  

VerifyThis section provides information you can use to confirm  your configuration is working properly.　　Certain show commands are supported by the Output Interpreter Tool ([size=-1] registered  customers only) , which allows you to view an analysis of show  command output.

•     show ip interface brief —indicates whether  the interface you use for the Telnet session is up.
  

TroubleshootThis section provides information you can use to  troubleshoot your configuration.　　Troubleshooting ProcedureFollow these instructions to troubleshoot your  configuration.
　　If you cannot connect to the router of your choice with a name  configured in theip host command check:

•     Check whether the port address is configured  correctly.
  
•     Verify whether the address (interface) used for the reverse  Telnet is up/up. The output of the show ip interface brief  command provides this information. Cisco recommends you to use  loopbacks because they are always up.
  
•     Ensurethat you have the correct type of cabling. For   example, you must notuse a crossover cable to extend the length. Refer   to the Cabling section for more information.
  
•     Establisha Telnet connection to the IP address port to test   direct connectivity.You must telnet from both an external device and   the terminal server.For example, telnet 172.21.1.1 2003.
  
•     Ensure that you have the transport input telnet  command under the line for the target device. The target device is the  device that is connected to the terminal server.
  
•     Usea PC/dumb terminal to connect directly to the console of   the targetrouter. The target router is the device connected to the   terminalserver. This step helps you>
  
•     If you are disconnected, check timeouts. You can remove or  adjust timeouts.　　Note: Ifyou encounter authentication failures,   remember that the terminalserver performs the first authentication (if   configured), while thedevice to which you try to connect performs the   second authentication(if configured). Verify whether AAA is configured   correctly on both theterminal server and the connecting device.