- Direct Access to Routers and Switches Through a Console Port
- Accessing the Lab Terminal Server Through the Console Port
- Configuring the Terminal Server for Telnet Access
- Configuring the Terminal Server
- Summary
Configuring the Terminal Server for Telnet Access
In this section, you will configure the terminal server so that you can Telnet to it across the network. When you are connected to the terminal server, the terminal server will be the single point from which you may access all other lab routers through reverse Telnet. A terminal server provides out-of-band access to several devices. Out-of-band access is through a router's console or aux port versus in-band access that occurs over a network through Telnet or SNMP. Telnet, reverse Telnet, and a terminal server overview are covered in greater detail later in the chapter.
The next step is to make the terminal server accessible over your Ethernet network so that you can access it from any workstation on the LAN, as shown in Figure 4-7.
Figure 4-7 LAN Configuration for Telnet Access
Telnet access is useful because it eliminates the requirement to be physically at the terminal server router to gain access. Instead, you can configure the terminal server so that you can Telnet to it over the LAN, as shown in Figure 4-7. Then, from the terminal server, you will be able to access each lab router through reverse Telnet, as shown in Figure 4-8. Reverse Telnet will be explained and demonstrated later in this chapter.
Figure 4-8 Terminal Server Logical Diagram
Begin by configuring the terminal servers' host name, Ethernet IP address, and vty lines. Because you're still attached via a direct connection to the terminal server's console port, ensure you're in privileged EXEC mode by typing enable from user EXEC mode, as in Example 4-1.
Example 4-1 Entering Enable Mode on Terminal Server
Router>enable Router#
Because the privileged EXEC password has not yet been set, you are allowed directly into privileged EXEC mode without entering a password, as denoted by the Router# prompt in Example 4-1. To change the host name on the router, type configure terminal to enter global configuration mode. Next, issue the hostname command followed by Termserver, as shown in Example 4-2.
Example 4-2 Changing the Host Name on the Terminal Server
Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname Termserver Termserver(config)#
Notice that the prompt has changed from Router(config)# to Termserver(config)#.
Next, from global configuration mode, enter interface configuration mode by typing interface ethernet0, and assign the IP address of 10.160.8.1 with a mask of 255.255.255.0 to the Ethernet0 interface. In addition, ensure that the interface is not shut down by typing no shutdown from interface configuration mode for Ethernet 0, as demonstrated in Example 4-3.
Example 4-3 Assign the Terminal Server's Ethernet 0 Interface an IP Address and Bring the Interface Out of Shutdown Mode
Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname Termserver Termserver(config)# Termserver(config)#interface ethernet0 Termserver(config-if)#ip address 10.160.8.1 255.255.255.0 Termserver(config-if)#no shutdown Termserver(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up Termserver(config-if)# %LINK-3-UPDOWN: Interface Ethernet0, changed state to up Termserver(config-if)#
Notice that you receive a console message indicating that the line protocol on Ethernet 0 is up and the interface is up. You can verify that Ethernet 0 is up and configured with the proper IP address by typing show interface ethernet0, as shown in Example 4-4.
Example 4-4 Verifying that Ethernet 0 Is Up and Configured with the Correct IP Address
Termserver#show interface ethernet0 Ethernet0 is up, line protocol is up Hardware is Lance, address is 0000.0c47.351c (bia 0000.0c47.351c) Internet address is 10.160.8.1/24 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 1/75, 0 drops 5 minute input rate 0 bits/sec, 1 packets/sec 5 minute output rate 0 bits/sec, 1 packets/sec 6674 packets input, 1267069 bytes, 0 no buffer Received 6252 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 input packets with dribble condition detected 12718 packets output, 1199744 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out
You can see that Ethernet 0 is up as shown in the highlighted lines of Example 4-4 because the interface is up and the line protocol is up. In addition, you see that the IP address of 10.160.8.1 and mask of 255.255.255.0 (/24) are configured on the interface.
The workstation has been assigned an IP address of 10.160.8.65 with a subnet mask of 255.255.255.0. From the workstation, verify that you can ping the newly assigned IP address on your terminal server's Ethernet 0 interface, as shown in Figure 4-9.
Figure 4-9 Verify IP Connectivity Between Workstation and Terminal Server
Success!
vty Line Configuration for Telnet Access
Virtual terminal lines are used to allow remote access to a router. A virtual terminal line is not associated with either the auxiliary or console port; instead, it is a "virtual port" on the router. The router has five virtual terminal lines, by default. You will configure the five vty lines (vty 0 through 4) for Telnet access and set a password of falcons on these lines. In addition, you want to ensure that, after 15 minutes of inactivity on the vty lines, the connection times out. To configure the vty lines, you will do the following from global configuration mode:
Step 1 | Enter line configuration mode. |
Step 2 | Enable login on the vty lines. |
Step 3 | Set a password for Telnet access. |
Step 4 | Set the exec-timeout interval. |
To examine how this is done, first enter line configuration mode for vty lines 0 through 4, as shown in Example 4-5.
Example 4-5 Line Configuration Mode for vty 0 Through 4
Termserver#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Termserver(config)#line vty 0 4 Termserver(config-line)#
You can verify that you have successfully entered line configuration mode because the prompt has changed, as shown in the highlighted portion of Example 4-5. Next, enable login on the vty lines and set a Telnet password of falcons on the terminal server, as in Example 4-6.
Example 4-6 Configure vty Lines with Login and Password Checking
Termserver(config-line)#login Termserver(config-line)#password falcons
TIP
Remember that if an enable password has not been set on the router, you cannot Telnet into the router. This is true even when a password has been set on the vty lines. Although not shown here, assume that the terminal server has been configured with the enable password falcons.
Finally, it is a good idea to set timeout values on your vty lines so that idle Telnet sessions will not remain up indefinitely. By default, the exec-timeout is set to 10 minutes on both the console and the vty ports.
The timeout value is specified in minutes and seconds. You will set the timeout value to 15 minutes and 0 seconds on vty lines 0 through 4 using the exec-timeout command. If you are unsure of the order in which to specify minutes and seconds, use context-sensitive help, as shown in Example 4-7.
Example 4-7 Setting the exec-timeout Value to 15 Minutes and 0 Seconds on vty Lines 0 Through 4
Termserver(config-line)#exec-timeout ? <0-35791> Timeout in minutes Termserver(config-line)#exec-timeout 15 ? <0-2147483> Timeout in seconds <cr> Termserver(config-line)#exec-timeout 15 0 Termserver(config-line)#
Verify the configuration changes in your running-config by exiting back to privileged EXEC with CTRL-Z and then using a show running-config command. The highlighted section of Example 4-8 shows the last portion of the running-config with the configuration of the five vty lines.
Example 4-8 Verify Changes with show running-config Command
Termserver(config-line)#^Z Termserver#show running-config line con 0 login line 1 16 line aux 0 line vty 0 4 exec-timeout 15 0 password 7 15140A0007252537 login
The end of the config shows all lines on the router, as well as the changes you have made to the vty lines.
Saving the Running Configuration
Save the configuration by typing copy running-config startup-config from global configuration mode, as shown in Example 4-9.
Example 4-9 Copy running-config to startup-config
Termserver#copy running-config startup-config Building configuration... [OK] Termserver#
NOTE
If you are running Cisco IOS software Release 12.0 or later, the copy command may ask for a confirmation in this form: Destination file [startup-config]?.
The configuration has been successfully copied from the running configuration to the startup configuration, as denoted by the [OK] highlighted in Example 4-9.
Accessing the Terminal Server from a PC over a LAN/WAN via Telnet
Now you will test to see if you can Telnet to the terminal server at 10.160.8.1. To do so, configure the terminal application program (HyperTerminal) to Telnet to the router. This is done by starting HyperTerminal and, instead of selecting a COM port to connect through, selecting TCP/IP (Winsock), as shown in Figure 4-10.
NOTE
If the TCP/IP option is not available, you have an older version of the HypterTerminal Application. You can upgrade it at http://www.hilgraeve.com.
Figure 4-10 HyperTerminal Configured to Use TCP/IP
Next, enter the IP address of 10.160.8.1, as shown in Figure 4-11.
Figure 4-11 Telnet to Ethernet 0 10.160.8.1
You are first prompted for the Telnet password of falcons that you configured previously in Example 4-6. When this password is successfully supplied, you are taken into user EXEC mode. From there, you can type enable to gain access to privileged EXEC mode.
You have now successfully Telnetted to the terminal server.