Router - Terminal Server
This configurations sample shows how to setup a router with several low-speed async ports to act as a terminal server. This is a really good idea where you have remote equipment that is very critical. For example if you have rack-space in a data center this is a good way to provide out of band management when needed. The idea behind this is that this router will connect to the console ports of the other networking equipment. If you can get access to this router, you do what is referred to as a reverse telnet to console into all of the other equipment. In this example we used an older model 2509, but you could do the same thing with any router that has multiple low speed async ports. The 2509 router had a 68-pin connector that you could put an octal async cable on. This breaks out the the 8 lines in the 68 pin connector and has an rj-45 plug at the end of each one. Plug the rj-45 ends into the console ports of the other networking equipment and plug the 68 pin connector into the router.
# This configuration was taken from an 2509 running 12.0 version of IOS.
# I always like debug and log information to show the actual date and time and it is also good security
# practice to make sure password-encryption is turned on.
service timestamps debug datetime
service timestamps log datetime
enable secret ciscoconfigs
no ip domain-lookup
# Okay so here is where it comes together. First of all we said the 2509 had 8 low speed async lines built
# into it that was coming out of the 68 pin connector. Each line will be listed at the bottom of the config so
# you will see in this case we have lines 1 - 8. What we need to do is setup a host command for each device
# we want to do a reverse telnet to. The difference in this ip host command is that we include a port
# number. The port number is what ties the host entry to the particular line. The port number is always
# 2000 + the line number. We simply use an IP address that # is defined in this router in the host name
# command. So basically we created below 4 host entries that all had the same ip address that is defined on
# this router but each with a different port number that will associate with the given line number.
ip host Internet-Router 2001 188.8.131.52
ip host Firewall 2002 184.108.40.206
ip host Frame-Router 2003 220.127.116.11
ip host Switch 2004 18.104.22.168
# To ensure accurate time reporting set the timezone properly as well set the new daylight savings time
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00!
# We created a loopback interface specifically for the reverse telnet sessions. We could have used any IP
# address on the router, such as the Ethernet IP address, but used a loopback address to make sure it
# is always up. Another tip, it is very common to create an interface loopback0. I try to stay away from that
# because you might have a loopback0 interface that is performing a particular function. Then 6 months
# later someone else has the need to add a loopback interface. They quickly go in and type in
# interface loopback0 and put an address on it. Just that quick they changed the ip address that you
# already had in place and broke something. If you take the CCIE lab, you will usually need several
# loopback interfaces. If you use loopback0, in your haste later in the exam you might not remember
# and think you are creating a new loopback0 interface and giving it an address, thereby, breaking
# something then.
ip address 22.214.171.124 255.255.255.255
no ip directed-broadcast
# Basic IP address on the ethernet interface.
ip address 10.1.1.50 255.255.255.0
no ip directed-broadcast
# Didn't need the serial interface that comes standard so it is shutdown.
no ip address
no ip directed-broadcast
no ip mroute-cache
# Basic commands
ip default-gateway 10.1.1.1
ip route 0.0.0.0 0.0.0.0 10.1.1.1
line con 0
transport input none
# Okay so here are the lines 1-8 that are on the router. This is where the physical connections are made
# to the rest of the equipment. The statements apply to all lines. We set a session-timeout to 30 minutes
# andwe turn off the exec to make sure any devices can't start a console session into us. We set up the
# transport input to telnet so we can make are connections.
line 1 8
exec-timeout 0 0
transport input telnet
# We could add a modem and an analog line to the aux port. This way if the network is down and we can't
# telnet to this router, we could dial in to this router and then get console access to all the devices out of
# band. This config does not show that as you might need to add the appropriate modem commands here.
line aux 0
line vty 0 4
How it works:
So first you gain access to this router, either by telnet from the inside or by dial-in through the aux port. Now you start a telnet session to each device by typing in the host name. So if we type in "Internet-Router" the router will then start a telnet session to 126.96.36.199 but since we defined the port it sends the request back out the port that is associated to it. Once we hit enter on that command we will be prompted for the login password on the Internet-Router. To keep that session open and return to this router we would type Ctrl-Shift-6 then x. You would then be brought back to the prompt of the terminal server router. To go back to the Internet-Router just type 1 and hit enter. The Ctrl-Shift-6 x sequence maintained this connection as session 1 so when you type 1 and hit enter, it will take you back to the Internet-Router. So now we have one session to the Internet-Router. If we type Firewall the same thing will happen except we will have a session 2. This way from the terminal server you can bounce around between all of your devices without having to continually sign in. If you forget which connection number is being used for which session you can enter the command show sessions on the terminal server and it will show them to you.