| ]

Router - Terminal Server

This configurations sample shows how to setup a router with several low-speed async ports to act as a terminal server. This
is a really good idea where you have remote equipment that is very critical. For example if you have rack-space in a data
center this is a good way to provide out of band management when needed. The idea behind this is that this router will connect
to the console ports of the other networking equipment. If you can get access to this router, you do what is referred to as a
reverse telnet to console into all of the other equipment. In this example we used an older model 2509, but you could do the
same thing with any router that has multiple low speed async ports. The 2509 router had a 68-pin connector that you could put
an octal async cable on. This breaks out the the 8 lines in the 68 pin connector and has an rj-45 plug at the end of each one.
Plug the rj-45 ends into the console ports of the other networking equipment and plug the 68 pin connector into the router.

Router - Terminal Server


# This configuration was taken from an 2509 running 12.0 version of IOS.

# I always like debug and log information to show the actual date and time and it is also good security practice to make sure
# password-encryption is turned on.

service timestamps debug datetime
service timestamps log datetime
service password-encryption

hostname Terminal-Server

enable secret ciscoconfigs


ip subnet-zero
no ip domain-lookup

# Okay so here is where it comes together. First of all we said the 2509 had 8 low speed async lines built into it that
# was coming out of the 68 pin connector. Each line will be listed at the bottom of the config so you will see in this
# case we have lines 1 - 8. What we need to do is setup a host command for each device we want to do a reverse telnet
# to. The difference in this ip host command is that we include a port number. The port number is what ties the host
# entry to the particular line. The port number is always 2000 + the line number. We simply use an IP address that
# is defined in this router in the host name command. So basically we created below 4 host entries that all had the
# same ip address that is defined on this router but each with a different port number that will associate with the
# given line number.


ip host Internet-Router 2001 1.1.1.1
ip host Firewall 2002 1.1.1.1
ip host Frame-Router 2003 1.1.1.1
ip host Switch 2004 1.1.1.1



# To ensure accurate time reporting set the timezone properly as well set the new daylight savings time settings.

clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00


# We created a loopback interface specifically for the reverse telnet sessions. We could have used any IP
# address on the router, such as the Ethernet IP address, but used a loopback address to make sure it
# is always up. Another tip, it is very common to create an interface loopback0. I try to stay away from that
# because you might have a loopback0 interface that is performing a particular function. Then 6 months
# later someone else has the need to add a loopback interface. They quickly go in and type in
# interface loopback0 and put an address on it. Just that quick they changed the ip address that you
# already had in place and broke something. If you take the CCIE lab, you will usually need several
# loopback interfaces. If you use loopback0, in your haste later in the exam you might not remember
# and think you are creating a new loopback0 interface and giving it an address, thereby, breaking
# something then.

interface Loopback99
ip address 1.1.1.1 255.255.255.255
no ip directed-broadcast


# Basic IP address on the ethernet interface.

interface Ethernet0
ip address 10.1.1.50 255.255.255.0
no ip directed-broadcast


# Didn't need the serial interface that comes standard so it is shutdown.

interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue


# Basic commands

ip default-gateway 10.1.1.1

ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.1


line con 0
transport input none


# Okay so here are the lines 1-8 that are on the router. This is where the physical connections are made
# to the rest of the equipment. The statements apply to all lines. We set a session-timeout to 30 minutes and
# we turn off the exec to make sure any devices can't start a console session into us. We set up the
# transport input to telnet so we can make are connections.

line 1 8
session-timeout 30
no exec
exec-timeout 0 0
transport input telnet


# We could add a modem and an analog line to the aux port. This way if the network is down and we can't
# telnet to this router, we could dial in to this router and then get console access to all the devices out of
# band. This config does not show that as you might need to add the appropriate modem commands here.

line aux 0
password ciscoconfigs

line vty 0 4
password ciscoconfigs

end


How it works:

So first you gain access to this router, either by telnet from the inside or by dial-in through the aux port. Now
you start a telnet session to each device by typing in the host name. So if we type in "Internet-Router" the router
will then start a telnet session to 1.1.1.1 but since we defined the port it sends the request back out the port
that is associated to it. Once we hit enter on that command we will be prompted for the login password on the
Internet-Router. To keep that session open and return to this router we would type Ctrl-Shift-6 then x. You would
then be brought back to the prompt of the terminal server router. To go back to the Internet-Router just type 1 and
hit enter. The Ctrl-Shift-6 x sequence maintained this connection as session 1 so when you type 1 and hit enter,
it will take you back to the Internet-Router. So now we have one session to the Internet-Router. If we type Firewall
the same thing will happen except we will have a session 2. This way from the terminal server you can bounce
around between all of your devices without having to continually sign in. If you forget which connection number
is being used for which session you can enter the command show sessions on the terminal server and it will
show them to you.

Refer to http://ciscoconfigs.net/
.