Reverse telnet has been around for long time. The most common use today is to provide access to the console ports on your Cisco equipment in the data center so that you can configure them in the case of a radical failure.
This is easy to do. You pick a standard router that has Network Module slots, purchase an NM-16A or NM-32A Asynchronous module. This has four unusual connectors and looks like this.
The CAB-OCTAL-ASYNC cable looks like this and the kit comes standard with eight DB25 connectors which plug in to RJ45 connectors on the end of the cable. Its the RJ45 connectors that you want. You can throw the Rj45-DB25 connectors in the bin.
Once you put the module, and powered up you can see these lines:
lontrm01#show line summary 0: ?... .... .... .... .... .... .... .... .UU- 36: ---? ??-? ???? ???? ???? ???? ???? ??-U -??? 72: ???? ???? ???? ???? ???? ???? ??? 3 character mode users. (U) 57 lines never used. (?) 7 lines used, but currently idle. (-) 32 lines do not exist. (.) 3 total lines in use, 0 not authenticated (lowercase) lontrm01#
IOS allocated line numbers is a quasi random sort of way. You should refer to How Async Lines are Numbered on 3600 series Router as a starting point.
The easiest way to see how the TTY lines are laid out is to install the modules and do a “show line”. Remember also that modules count from zero, and start on the bottom right, then up, and back to the bottom on the left and then up.
Plug the RJ45 connection into the console port of your Cisco device.
Configuring IOS for Reverse Telnet
r1#conf t r1(config)#line 33 64 r1(config-line)#transport input telnet r1(config-line)#no exec r1(config-line)#^Z r1#
Go your telnet client – telnet 198.18.1.1 2033 will connect you to line 33, telnet 198.18.1.1 2034 will connect you to line 2034.
We have confirmed connectivity.
The SSH listener doesn’t use the same ports, we have to use rotary groups.
!generate the ssh key or crypto key generate rsa !some of the usual stuff for ssh ip ssh time-out 60 ip ssh authentication-retries 4 !configure the ssh listener at port 2001 through 2127 ip ssh port 2001 rotary 1 127 ip ssh logging events ! line 33 ! set the rotary group the port belongs to, only one port per rotary group rotary 1 ! do not allow the serial line to create spawn an exec session as this will lock the port. !This happens when the serial line gets EMF / EMI. no exec !allow SSH thread to access the port. transport input ssh transport output none line 34 rotary 2 no exec transport input ssh transport output none line 35 rotary 3 no exec transport input ssh transport output none !repeat for every line
You will need to configure your SSH client to connect on a non-standard port:
or even better at the Command Line
ssh -l gf 198.18.1.1 -p 2001
ssh [email protected] -p 2001
Each console port is available in ascending order, thus ssh -l gf 10.216.4.10 -p 2002 will connect to line 34, ssh -l gf 10.216.4.10 -p 2003 will connect to line 35.
Sometimes a line will not be terminated cleanly and will need clearing. Do a show line and the asterisk or star will show you which line is ‘in use’.
r1#sh line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 0 CTY - - - - - 0 0 0/0 - * 33 TTY 9600/9600 - - 1 - - 14 0 0/0 - * 34 TTY 9600/9600 - - 2 - - 3 0 0/0 - 35 TTY 9600/9600 - - 3 - - 1 1 0/0 - 36 TTY 9600/9600 - - 4 - - 1 0 0/0 - -snip- r1#clear line 33 [confirm] [OK] r1# r1#show line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 0 CTY - - - - - 0 0 0/0 - 33 TTY 9600/9600 - - 1 - - 14 0 0/0 - * 34 TTY 9600/9600 - - 2 - - 3 0 0/0 - 35 TTY 9600/9600 - - 3 - - 1 1 0/0 - 36 TTY 9600/9600 - - 4 - - 1 0 0/0 -
Why not use something else ?
Many people use a Cyclades or some other product to do this. They are often cheaper and have high density. However, I often waste a lot of time getting the physical cabling sorted out to connect to a Cisco console port. The Cisco NM-16A is quick and easy solution. Typically I use a 2600 or 3600 series router to be my terminal server, so the cost is really only for a the Asynchronous NM module and some cables.
I would also recommend buying the CAB-OCTAL-ASYNC cable from ebay. Typically £25 versus £150 or more from Cisco resellers. The ebay version can also come in five metre lengths which is useful for running up to your patch panel.
The use of reverse telnet or SSH is vital to creating an effective lights out and hands off data centre. It is also critical when building an Out of Band Network Disaster network as this might be the only way to connect to network equipment in the event of meltdown.
Telnet is not suitable because of its poor security (clear text passwords) so SSH is a necessity.
Please let me know if I have made any typos. Would be happy to fix this up.
I published a follow up to this post at http://etherealmind.com/cisco-ios-reverse-ssh-terminal-server-console-access-part2/
Other posts in the series
- Cisco IOS CLI Regex: sh ip bgp in
- IOS CLI Tip: More accurate pipe commands
- Cisco Nexus NXOS and Fixing broken “switchto” syntax with alias
- show ip eigrp topology all
- Cisco IOS CLI Shortcuts
- The poor man's IOS Traffic Generator
- IOS: "terminal monitor" on, off - logging to your terminal
- IOS: Console, Terminal, Monitor, VTY - what is what ?
- IOS: Clearing an interface configuration
- IOS: Setting Terminal Window Length
- IOS CLI: show run linenum
- IOS: Setting the TCP timeout on IOS
- IOS: enable and .... disable ?
- IOS: Reverse SSH console access - Part 2
- IOS:Open Source Lab DNS and IP addressing
- IOS: Reverse SSH console access (This post)
- ip tcp timestamp
- Cisco ASA and IOS command tip - test aaa-server