Solved

Basic configuration for using a 2611 as a front for a terminal server

Posted on 2008-10-02
15
989 Views
Last Modified: 2008-11-16
I was thinking of using a 2611 (not a 2511) as kind of a front end for a terminal server using the 2611's AUX port. What I envision is logging into the 2611 through SSH and having the the input/output of the session redirected through through the AUX port. The AUX port would be connected to the control serial port of the terminal server (really just a selectable selectable serial ports connected to the console ports of the other devices). Setup looks something like this:


Remote access terminal (SSH-ethernet)
^
|
v
Cisco 2611 (SSH-e0/0-ethernet)
|
Cisco 2611 (AUX-serial)
^
|
v
Terminal server (Control serial port)
^^^^
| | | |
vvvv
Devices (Console serial ports)

I believe for the connection though the 2611 I'd need to use a reverse telnet connect (though I'm not sure how to do that).

I'm kinda clueless in how to set up the 2611 for this. Assuming that the router is used for no other purpose, what would the basic configuration file look like for the cisco 2611 to be able to do this?

Thanks.
0
Comment
Question by:1gtx
  • 8
  • 6
15 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 22627466
Could you provide more detail of exactly what you are trying to accomplish?
0
 

Author Comment

by:1gtx
ID: 22627569
Pretty simple

1) Log into 2611 through the Ethernet connection using SSH
2) Then establish a connection to the 2611's AUX port
3) Communicate back and forth with another device's serial port

In summary, using the 2611 as a secure Ethernet front end for another device's serial port.

(there are other purposes as well, but this is the primary component)
0
 
LVL 13

Expert Comment

by:kdearing
ID: 22631096
It sounds like you want to use this setup as a serial console server.

There are devies designed for this. BlackBox makes very good ones.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:1gtx
ID: 22631403
That's nice, but there are other reasons for going with this approach that is beyond the scope of the original question..

I don't think that this should be difficult to setup. Am I wrong?
0
 
LVL 13

Expert Comment

by:kdearing
ID: 22631463
What you are trying to do will not work.

I assumed you were looking for a solution to controlling multiple serial devices remotely.
That is why I made the suggestion.
0
 

Author Comment

by:1gtx
ID: 22635508
I'm controlling another device that controls multiple other serial devices.

All I'm trying to do is connect through the 2611's ethernet port and talk back and forth through the 2611's AUX port (or even the console port) to another serial device.

So you're saying that you can't ssh into a 2611 and then continue the session through the Aux port using reverse telnet?

0
 
LVL 13

Expert Comment

by:kdearing
ID: 22650587
To my knowledge, you cannot route or redirect your telnet session like that.
Since you asked, I've tried to do it (I have a couple 2610's)...unsuccessful.
0
 

Author Comment

by:1gtx
ID: 22651579
I've gotten it to work.

I telnet through a 2611's e0/0 and establish serial communications with a device connected to the 2611's AUX port. I can then select a device connected to that device, like a ASA 5505, and then continue the conversation with it (the 5505).

PC-->2611 e0/0-->2611 aux 0-->terminal server-->asa 5505  Bingo!

I'll post a config that works later today.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 22665489
That's great.
I'd be very interested in seeing the config.
0
 

Author Comment

by:1gtx
ID: 22755370
Sorry I haven;'t posted the config yet. I try to do it tomorrow
0
 

Author Comment

by:1gtx
ID: 22829116
I haven't forgotten-I've just been swamped
0
 
LVL 13

Expert Comment

by:kdearing
ID: 22829283
No problem.
I am very curious to see the config.
0
 

Accepted Solution

by:
1gtx earned 0 total points
ID: 22888608
Sorry it took so long--I've been traveling a lot.

Here's a stripped down version of a config for a 2611 that works as I wanted.

It has a few special features:
1) you connect in using an ssh connection, telnet isn't authorized (be sure to issue the 'crypto key gen rsa gen mod 2048' to generate a key for use with ssh)
2) you connect into the ssh connection using a dedicated ip instead of selecting a standard port (192.168.1.36 vs 192.168.1.38 port 2065)

It works well. Just use something like putty and connect to 192.168.1.36 (default port) using ssh version 1 (version 2 not supported on 2611s) and after a short delay (1-3 secs) you'll be asked for your username (<username>) and password (<password>). You'll get a message like 'PASSWORD OK' and then you'll be connected out the aux port of the 2611 to whatever serial device you're connected to (at 9600 baud, 1 stop, even parity, no flow control).

Be aware that if you change the hostname of domain name you'll need to regenerate the keys for ssh using crypto.

Not very straight forward but it works great!
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname demo
!
boot-start-marker
boot-end-marker
!
enable secret 5 <suppressed>
!
username <username> privilege 15 secret 5 <suppressed>
no aaa new-model
ip subnet-zero
no ip cef
!
ip domain name demo.com
!
ip audit po max-events 100
ip ssh port 5001 rotary 1
!
 
interface Loopback0
 ip address 192.168.1.38 255.255.255.248
!
interface Ethernet0/0
 ip address 192.168.1.2 255.255.255.252
 full-duplex
!
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
!
interface Ethernet0/1
 ip address 192.168.1.6 255.255.255.252
 full-duplex
!
!
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip alias 192.168.1.36 5001
!
line con 0
line aux 0
 no motd-banner
 no exec-banner
 exec-timeout 6 0
 session-limit 5
 login local
 rotary 1
 special-character-bits 8
 no exec
 transport preferred none
 transport input ssh
 transport output ssh
line vty 0 4
!
!
end

Open in new window

0
 
LVL 13

Expert Comment

by:kdearing
ID: 22892940
I've got a 2610 I am going to try it out on.

As much time as I spend on this site and another like it helping other people, I enjoy coming across opportunities like this to learn new tricks.

Thanks,
0
 

Author Comment

by:1gtx
ID: 22901657
Let me know if you have issues.

I stripped the config down for security and simplicity reasons, but I got the master config working on multiple sites.

Quite useful from my standpoint.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question