Re: RE: 500-CS...HELP!! [7:2414]......here is my 5 [7:2654]

Mon, 30 Apr 2001 20:42:51 -0700 

Speaking of, here is one nice terminal server setup for someone who wanted
to configure a large number of router pods and/or dialups (ends in 20
minutes):
http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=1232652456

Compaq 6200 w/6 2511s w/96 modems.  Heh, start your own small ISP.  Not too
bad for $1500.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Kevin Wigle""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I think the "no exec" issue may be a work around for other behaviour on
> async lines.
>
> Specifically for using async lines as a terminal server.
>
> I don't know how well the normal octopus cables are insulated but I have
> noticed lots of noise on these lines.  The noise on these lines seem to be
> able to trigger an exec session which prevents the line from being opened
> until it is cleared.
>
> Using "no exec" seems to prevent this from happening but you are still
able
> to connect.
>
> Now I'm talking "through the router out the line connection", not "in the
> line out the router connection" which it seems you are talking about.
>
> "Most" times when we're talking about reverse telent we're talking about
> connecting a line from the "server" to the console port of another router.
> In this case, the remote router is not initiating a call down the line, it
> is accepting a call.
>
> We talk about this so much it seems as it is just about the first thing
you
> have to do in the CCIE lab. (so I'm told - haven't been there yet but I
have
> books that say this)
>
> I grant that if you tried to make a call into the line with "no exec", you
> probably won't get too far.  But in most of the cases we are talking about
> going the other way.
>
> The "no exec" keeps the line down (available) until we really want it.
>
> On our main terminal server at work - a 2611 we have the following line:
>
> line 33 48
>  no exec
>
> Now our purpose is to connect to the terminal server to access the lab and
> to access the console ports of the other routers in the lab pod.
>
> When I telnet to w.x.y.z 2033 I get connected to the router at the end of
> line 33. (which is line 1 on the cable)
>
> When on the terminal server console I telnet to port 2033 on the loopback
I
> get to the same place.
>
> So, you are correct in what you say - but I think the most often the
problem
> being addressed is that the line is reported as in use and the user isn't
> the one using it.  I have yet to see anyone suggest using "no exec" on a
vty
> or console line so that doesn't seem to fit into the discussion.
>
> My slant - others may vary.
>
> Kevin Wigle
>
>
> ----- Original Message -----
> From: Paul Werner
> To:
> Sent: Monday, April 30, 2001 3:10 AM
> Subject: Re: RE: 500-CS...HELP!! [7:2414]......here is my 500-CS config
> [7:2536]
>
>
> > **WARNING - THE VERBOSITY BIT IS SET - THIS MESSAGE IS DISCARD
> > ELIGIBLE IF YOUR BUFFERS ARE FULL**
> >
> > Hi,
> >
> > I think there may be a degree of misunderstanding about the use
> > of the no exec command.  If you have seen this command used
> > in an access server that provides dialin access to corporate
> > users, or you have configured an access server for a typical
> > ISP, that is probably an appropriate place for this command.
> > When you place no exec under a given line, it will preclude
> > any use of an executive process (user or privileged).  Dont
> > take my word on it.  Lets all do a little test on our home
> > routers.
> >
> > First, do not do this test in a production network, period.
> > Second, it you are a little weak on the IOS, you may want to
> > brush up on your password recovery procedures; you will need it
> > later.  Here goes.  I will show you three different ways to
> > test this. First, go to the console port of your router  **DO
> > NOT TELNET IN**  Next, configure your router as follows:
> >
> > router#
> > router(config)#
> > router(config)#lin vty 0 4
> > router(config-line)#no exec
> > router(config-line)#exit
> > router(config)#int loopback 77
> > router(config-int)#ip add 1.0.0.1 255.0.0.0
> > router(config-int)#end
> > router#
> >
> > Now attempt to telnet into your own router using any accepted
> > telnet command, such as:
> >
> > router#telnet 1.0.0.1
> >
> > or,
> >
> > router#connect 1.0.0.1
> >
> > or,
> >
> > router#1.0.0.1
> >
> > You should get the following output:
> >
> > 2503#telnet 1.0.0.1
> > Trying 1.0.0.1 ... Open
> >
> > [Connection to 1.0.0.1 closed by foreign host]
> >
> > The connection will not open.  Since we did not have any access
> > class commands applied, the only other explanation is that a
> > vty line is dedicated for one purpose, namely to run an
> > executive process.  You can either telnet into the vty to do
> > user exec commands, or privileged exec commands.  When the line
> > has been restricted so that no exec is in place, then the vty
> > line is effectively shut down and no connection is allowed.
> > Remove the "no exec" command under the vty lines and reattempt
> > it.  You will note it works.
> >
> > Lets try it a second way.  This time, we will implement the
> > following commands on any cisco router that has both an AUX
> > port and a console line.  We will change the AUX port into a
> > line configuration and we will issue the no exec command on
> > the AUX line.  Before you start, make sure your configuration
> > is clear under the AUX line and console lines.  It should
> > similar to this:
> >
> > line con 0
> >  transport input all
> > line aux 0
> >  transport input all
> >
> > Go ahead and verify you get a command prompt in both AUX and
> > console lines. Verify you have interactivity by starting a ping
> > to 1.0.0.1 on each (physically plug into both ports).  Then
> > execute the following additional commands while plugged into
> > the AUX line:
> >
> > router#conf t
> > router(config)#lin aux 0
> > router(config-line)#no exec
> > router(config-line)#end
> > router#
> >
> > Try a ping again.  It will work.  Now save your configuration
> > with the following command and execute a reload while still
> > plugged into the AUX line:
> >
> > router#copy run start
> > router#reload
> > Proceed with reload? [confirm]y
> > 07:35:36: %SYS-5-RELOAD: Reload requested
> >
> > The last line is the last entry you will see.  When the router
> > reboots, you will not be able to see any output.  You may be
> > asking yourself why the command did not take place immediately
> > as most commands do.  It did take place immediately however,
> > you were still on a connected line.  Once the connection is
> > severed (via a reload), then the AUX line will have no exec
> > process when the system reboots.  This can be further verified
> > once the system boots by attempting to get a router prompt from
> > the AUX line.  When you are unsuccessful, plug into the console
> > line and go into line configuration mode and restore the exec
> > process with the following commands:
> >
> > router#conf t
> > router(config)#lin aux 0
> > router(config-line)#exec
> > router(config-line)#end
> > router#
> >
> > Log back into the AUX line and verify it now works properly. On
> > some routers you may have to reboot to get this to take
> > effect.  The final check on this is to do the same test with
> > the console line.
> >
> > WARNING - DO NOT ATTEMPT TO DO THIS UNLESS YOU ARE VERY
> > FAMILIAR WITH PASSWORD RECOVERY!!!
> >
> > Plug into the console line and type the following:
> >
> > router#conf t
> > router(config)#lin con 0
> > router(config-line)#no exec
> > router(config-line)#end
> > router#
> >
> > Run the same test and verify all functionality is still there,
> > e.g. execute a ping and get a response.  Everything should work
> > just fine.   Save your config and do a reload as before:
> >
> > router#copy run start
> > router#reload
> > Proceed with reload? [confirm]y
> > 07:35:36: %SYS-5-RELOAD: Reload requested
> >
> > This time you are going to notice something really strange and
> > different.  You will note that you can watch the router reload
> > and go through its POST and execute its startup-config.  The
> > only problem is that you cannot tell the router to do anything
> > because you guessed it, you have no exec on the console
> > line. You will see output go by one the screen, but you cannot
> > enter any commands. So, how do we fix it?  Yes, you guessed it 
> >  password recovery.  The only difference here is that when you
> > do password recovery in this instance, you will not recover a
> > password, rather, you will remove the no exec entry from your
> > configuration on the console line.
> >
> > Final point  why do you use such a command, no exec?  It
> > would seem to be terribly unhelpful and not too useful.
> > Consider the example of the access server.  You have configured
> > your access server with multiple modems attached.  When a user
> > wants to access your network remotely while in a hotel, they
> > just call in via a POTS line and reach a modem.  Since they
> > have no need and no business playing on the router itself (only
> > the network it serves), you would want to use the no exec
> > command to ensure they could not set up an executive session on
> > the router.
> >
> > What about the original example and the reason for this post?
> > Well, as I remember it, the original post was about somebody
> > who was trying to configure this CS-500 for reverse telnet as a
> > terminal server.  In that case, you would want to leave exec
> > configured on all of the lines that have router console ports
> > attached.  Additionally, you will still have to fix the issue
> > mentioned below regarding a reverse telnet into a line that has
> > no cable attached.
> >
> > Hope this helps more :-)
> >
> > v/r,
> >
> > Paul Werner
> >
> >
> >
> > > I don't think your problem has anything to do with the "no
> > exec" command
> > > in
> > > your config. I also use the "no exec" command for my async
> > ports and it
> > > works great.
> > >
> > > I think the problem lies within these commands.
> > >
> > > ip host R1 2003 1.1.1.1
> > > line 1
> > > no exec
> > > monitor
> > > transport input telnet
> > > transport output telnet
> > >
> > > Notice that the port you specified was 2003. Port 2003 maps
> > to line 3,
> > > not
> > > line 1. You don't have anything configured for line 3, so the
> > reverse
> > > telnet
> > > session will not work for it. I would either try changing the
> > port to
> > > 2001
> > > or change the "line 1" command to "line 1 3"
> >
> > ________________________________________________
> > Get your own "800" number
> > Voicemail, fax, email, and a lot more
> > http://www.ureach.com/reg/tag
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2654&t=2654
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to