Cisco路由器做反向Telnet做终端服务器

Cisco路由器反向Telnet做终端服务器

Cisco路由器的异步串口支持反向Telnet,因此可以用这个功能将一台2509配置成终端服务器,连接实验环 境的其他Cisco设备,具体做法如下:
将Cisco 2509安装八爪鱼线缆,注意只安装线缆,不装DB25-RJ45转换器。将八爪鱼线缆RJ45一头插入其他Cisco设备的Console口。
然后配置这台2509:
Line tty 1 8
No exec
Transport input all
对于要使用AUX接口的,还要:
Line AUX 0
No exec
Transport input all
如果要登录tty1(1号辫子)连接的Cisco设备,就要在用于终端服务器的2509上:
telnet X.X.X.X 2001 (X.X.X.X为2509的loopback地址)
同理,如果要登录tty2(2号辫子)连接的Cisco设备,就要在用于终端服务器的2509上:
telnet X.X.X.X 2002
如果要登录tty65(AUX)连接的Cisco设备,就要在用于终端服务器的2509上:
telnet X.X.X.X 2065

也就是说:
对哪个端口使用反向telnet,就要:
telnet X.X.X.X (2000+Line号)
对于Line号的查询,可使用:
show Line

特别注意:
一定要在使用反向Telnet的Line上配置:
Line tty X
No exec
Transport input all
否则无法打开端口

具体的配置
hostname Server
no ip domain-lookup
ip host CASA 2001 1.1.1.1
ip host CPIX 2002 1.1.1.1
ip host FINET 2003 1.1.1.1
ip host CIPS  
ip host CSW1 2004 1.1.1.1     //CS-2950(12port)
ip host CSW2 2005 1.1.1.1   
ip host CR1 2006 1.1.1.1          //2T+2E
ip host CR2 2007 1.1.1.1          //1T+1E
ip host CR3 2008 1.1.1.1          //2E
ip host CR4 2009 1.1.1.1
ip host HSW1 2010 1.1.1.1
ip host HSW2 2011 1.1.1.1
ip host HR1 2012 1.1.1.1
ip host HR2 2013
ip host HR3 2014
ip host HR4 2015

interface Loopback0
ip address 1.1.1.1 255.255.255.0---------------------------------------------------cisco原文档 ------------------------------------------------------
http://www.cisco.com/en/US/tech/tk801/tk36/technologies_configuration_example09186a008014f8e7.shtml

IntroductionA terminal or comm server commonly provides out-of-band access formultiple devices. A terminal server is a router with multiple, lowspeed, asynchronous ports that are connected to o ther serial devices,for example, modems or console ports on routers or switches.
The terminal server allows you to use a single point to access theconsole ports of many devices. A terminal server eliminates the need toconfigure backup scenarios like modems on auxiliary ports for everydevice. You can also configure a single modem on the auxiliary port ofthe terminal server, to provide dial-up service to the other deviceswhen network connectivity fails.
This document shows how to configure a terminal server to accessonly the console ports on other routers through Reverse Telnet. ReverseTelnet allows you to establish a Telnet connection out on the samedevice you telnet from, but on a different interface. For moreinformation on Reverse Telnet refer to Establishing a Reverse Telnet Session to a Modem.
PrerequisitesRequirementsThere are no specific requirements for this document.
Components UsedThis document is not restricted to specific software and hardware versions.
ConventionsFor more information on document conventions, refer to the Cisco Technical Tips Conventions.
The information in this document was created from the devices in aspecific lab environment. All of the devices used in this documentstarted with a cleared (default) configuration. If your network islive, make sure that you understand the potential impact of any command.
CablingThe Cisco 2509 - 2512 series routers use a 68-pin connector and breakout cable. This cable ( CAB-OCTAL-ASYNC)provides eight RJ-45 rolled cable async ports on each 68-pin connector.You can connect each RJ-45 rolled cable async port to the console portof a device. The 2511 router allows for a maximum of 16 devices to beremotely accessible. In addition, the NM-16A or NM-32Ahigh density async network modules are available for the Cisco 2600 and3600 series routers to provide the same function. For more informationon cabling refer to the Let's Connect:Your Serial Cable Guide and the Cabling Guide for Console and AUX Ports.
Note: The async ports from the 68-pin connector aredata terminal equipment (DTE) devices. DTE to DTE devices require arolled (null modem) cable and DTE to data circuit-terminating equipment(DCE) devices require a straight-through cable. The CAB-OCTAL-ASYNCcable is rolled. Therefore, you can connect each cable directly to theconsole ports of devices with RJ-45 interfaces. However, if the consoleport of the device to which you connect is a 25-pin interface (DCE),you must use the RJ-45 to 25-pin adapter marked "Modem" (to reverse the"roll") in order to complete the connection.
This table shows the port types for console and auxiliary ports on Cisco routers and switches:
                
            Interface Type
            
            DB25 Interface
            
            RJ-45 Interface
            
            Console
            
            DCE
            
            DTE
            
            AUX
            
            DTE
            
            DTE
            


Design StrategyConfigure the terminal server so that you can access the terminalserver from anywhere. In order to make the terminal server accessible,assign a registered public Internet address, and locate the serveroutside the firewall. When you do so, firewall issues do not interruptyour connection. You can always maintain connectivity to the terminalserver and access the connected devices. If you are concerned aboutsecurity, configure access lists to allow access only to the terminalserver from certain addresses. For a more robust security solution, youcan also configure server-based authentication, authorization, andaccounting (AAA) for example, RADIUS or TACACS+. For more informationon AAA refer to the Cisco AAA Implementation Case Study.
You can configure a modem on the auxiliary port of the terminalserver for dial backup in the event your primary connection (throughthe Internet) goes down. Such a modem eliminates the need to configurea dial backup for each device. The terminal server is connected throughits async ports to the console ports of the other devices. For moreinformation on how to connect a modem to the AUX port, refer to Modem-Router Connection Guide.
Use the ip default gatewaystatement,and point to the the next hop router on the Internet. This commandenables you to have connectivity to the terminal server through theInternet even if routing is not enabled. For example, the terminalserver is in ROM monitor (ROMMON) mode as a result of a bad rebootafter a power outage.
ConfigureIn this section, you are presented with the information to configure the features described in this document.
Note: To find additional information on the commands used in this document, use the Command Lookup Tool ([size=-1] registered customers only) .
Network DiagramThis document uses this network setup:






ConfigurationsThis document uses this configuration:
  •     Cisco 2511
        
            Cisco 2511
            
            aus-comm-server#show running-config
!
version 12.0

service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname aus-comm-server
!
enable secret  <deleted>
!
username cisco password <deleted>
!
ip subnet-zero
ip domain-list cisco.com
no ip domain-lookup

ip host 3600-3 2014 172.21.1.1

!--- The host 3600-3 is connected to port 14 of the comm server.
!--- Ensure that the IP address is that of an interface on the comm server.

ip host 3600-2 2013 172.21.1.1
ip host 5200-1 2010 172.21.1.1
ip host 2600-1 2008 172.21.1.1
ip host 2509-1 2007 172.21.1.1
ip host 4500-1 2015 172.21.1.1
ip host 3600-1 2012 172.21.1.1
ip host 2511-2 2002 172.21.1.1
ip host 2511-rj 2003 172.21.1.1
ip host 2511-1 2001 172.21.1.1
ip host 5200-2 2011 172.21.1.1
ip host 2520-1 2004 172.21.1.1
ip host 2520-2 2005 172.21.1.1
ip host 2600-2 2009 172.21.1.1
ip host 2513-1 2006 172.21.1.1
ip host pix-1 2016 172.21.1.1
!
!
process-max-time 200
!
interface Loopback1
ip address 172.21.1.1 255.0.0.0

!--- This address is used in the IP host commands.
!--- Work with loopback interfaces, which are virtual and always available.

no ip directed-broadcast
!
interface Ethernet0
ip address 171.55.31.5 255.255.255.192

!---  Use a public IP address to ensure connectivity.

No ip directed-broadcast
no ip mroute-cache
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
ip default-gateway 171.55.31.1

!--- This is the default gateway when routing is disabled.
!--- For example, if the router is in boot ROM mode.

ip classless
ip route 0.0.0.0 0.0.0.0 171.55.31.1

!--- Set the default route for the external network.

no ip http server
!
line con 0
transport input all
line 1 16
session-timeout 20

!--- The session times out after 20 minutes of inactivity.

no exec

!--- Unwanted signals from the attached device do not launch.
!--- An EXEC session ensures that the line never becomes unavailable
!--- due to a rogue EXEC process.

exec-timeout 0 0

!--- This disables exec timeout transport input all.
!--- Allow all protocols to use the line.
!--- Configure lines 1 - 16 with at least transport input Telnet.

line aux 0

!--- Auxiliary port can provide dial backup to the network.
!--- Note: This configuration does not implement modem on AUX port modem InOut.
!--- Allow auxiliary port to support dialout and dialin connections.

transport preferred telnet
transport input all
speed 38400
flowcontrol hardware
line vty 0 4
exec-timeout 60 0
password <deleted>
login
!
end            

Note: If you use the 3600 as the access-server, refer to How Async Lines are Numbered in Cisco 3600 Series Routers for line number details.
Command Summary ip host —Use this command to define thename-to-address mapping of the static host in the host cache. in orderto remove the name-to-address mapping, use the no form of this command.
  •     ip host name [tcp-port-number] address1 [address2...address8]
    •         name —Thisfield indicates the name of the host. The name field need not match theactual name of the router to which you want to connect. However, ensurethat you enter a name you would want to use in the reverse Telnet. Whenyou use this command and the name field, you do not have to know theactual port number of the remote device.
    •         tcp-port-number —This field represents the TCP port number to which you want to connect when you use the defined host name along with an EXEC connect or telnet command. In our example configuration, we use a reverse Telnet so the port number must be 2000+line number.
    •         address1 —this field represents an associated IP address. In our example configuration, we use the loopback IP address.
       
transport input—Use this command to define the protocols to use when you connect to a specific line of the router.
  •     transport input {all | lat | mop | nasi | none | pad | rlogin | telnet | v120}
    •         all —All selects all protocols.
    •         none —None prevents any protocol selection on the line. In this case, the port becomes unusable for incoming connections.
        Note: In our configuration example, the async lines use the minimum configuration of the transport input telnet command. So you can Telnet to the devices on the async line.
       
telnet—Use this EXEC command to log into a host that supports Telnet.
  •     telnet host [port] [keyword]
    •         host This field indicates a host name or IP address. Host can be one of the name fields defined in the ip host command.
    •         port —Thisfield indicates a decimal TCP port number. The Telnet router port(decimal 23) on the host is the default decimal TCP port number. Forreverse Telnet, the port number must be 2000+line number. Line numbersrange from 1-16 in our configuration. Use the show line EXEC command to view the available lines.
       
Switch Between Active SessionsComplete these steps in order to switch between active sessions:
  •     Use the escape sequence Ctrl-Shift-6 then x to exit the current session.
  •     Use the show sessions command to display all open connections.
       
        aus-comm-server# show sessions
    Conn Host      Address         Byte Idle  Conn Name
       1 2511-1    171.69.163.26   0     0     2511-1
       2 2511-2    171.69.163.26   0     0     2511-2
    * 3 2511-3    171.69.163.26   0     0     2511-3   
        Note: The asterisk (*) indicates the current terminal session.
  •     Enter the session (conn) number to connect to the corresponding device. For example, to connect to 2511-1 type 1,which is the connection number. However if you hit the return key, youare connected to the current terminal session, which in this case isrouter 2511-3.
Terminate Active SessionsComplete these steps to terminate a particular Telnet session:
  •     Use the escape sequence Ctrl-Shift-6 then x to exit the current Telnet session.
        Note: Ensurethat you can reliably issue the escape sequence to suspend a Telnetsession. Some terminal emulator packages are unable to send the correctsequence, Ctrl-Shift-6 then x.
  •     Issue the show sessions command to display all open connections.
  •     Issue the disconnect [connection] command to disconnect the required session.
VerifyThis section provides information you can use to confirm your configuration is working properly.
Certain show commands are supported by the Output Interpreter Tool ([size=-1] registered customers only) , which allows you to view an analysis of show command output.
  •     show ip interface brief —indicates whether the interface you use for the Telnet session is up.
TroubleshootThis section provides information you can use to troubleshoot your configuration.
Troubleshooting ProcedureFollow these instructions to troubleshoot your configuration.
If you cannot connect to the router of your choice with a name configured in the ip host command check:
  •     Check whether the port address is configured correctly.
  •     Verify whether the address (interface) used for the reverse Telnet is up/up. The output of the show ip interface brief command provides this information. Cisco recommends you to use loopbacks because they are always up.
  •     Ensurethat you have the correct type of cabling. For example, you must notuse a crossover cable to extend the length. Refer to the Cabling section for more information.
  •     Establisha Telnet connection to the IP address port to test direct connectivity.You must telnet from both an external device and the terminal server.For example, telnet 172.21.1.1 2003.
  •     Ensure that you have the transport input telnet command under the line for the target device. The target device is the device that is connected to the terminal server.
  •     Usea PC/dumb terminal to connect directly to the console of the targetrouter. The target router is the device connected to the terminalserver. This step helps you identify the presence of a port issue.
  •     If you are disconnected, check timeouts. You can remove or adjust timeouts.
        Note: Ifyou encounter authentication failures, remember that the terminalserver performs the first authentication (if configured), while thedevice to which you try to connect performs the second authentication(if configured). Verify whether AAA is configured correctly on both theterminal server and the connecting device.

你可能感兴趣的:(接口,服务器,Cisco,八爪鱼,的)