500-CS...HELP!! [7:2414]

[[EMAIL PROTECTED]]

Ok GUYS n GALS,
I got a simple dilemma, but I can't seem to get the solution.  I know its 
staring me in the face! :)  I bought a 500-CS off ebay and I config with 
TRANS IN ALL, but it doesn't take so I use TRANS IN TELNET and TRANS OUT 
TELNET on the console of my test router and on the async line I have the 
cable plugged to and use IP ADD 1.1.1.1 255.255.255.255 as a loopback int.  
When I try a Reverse Telnet, it opens, but I get a blank screen and NO
CURSOR
for my router?  WHAT GIVES?
Thanks,
 Rob H.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2414&t=2414
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 500-CS...HELP!! [7:2414]

[Brad Steinman]

Hmm.  I have a CS500 as well.

Looking at my config and comparing to the info you have provided, I have
some suggestions.  Note that you may have already done this - as I cant see
ur config or every command you've entered.

1. Are you using (ex.)'telnet 1.1.1.1 2001' to rev telnet to the 0 line?
Note that the CS500 ports are from labeled 0-15 where as their corresponding
tty lines are 1-16.

2. Cabling problem?  If you are connecting to a 2500 series, you will only
need a std rollover cable between the two.

3. Use 'stopbits 1' for your tty lines.  Default is not 1, 1.5 I think?
Probably wont help the immediate problem though...

-Brad
[EMAIL PROTECTED]

- Original Message -
From: 
To: 
Sent: Saturday, April 28, 2001 8:47 PM
Subject: 500-CS...HELP!! [7:2414]


> Ok GUYS n GALS,
> I got a simple dilemma, but I can't seem to get the solution.  I know its
> staring me in the face! :)  I bought a 500-CS off ebay and I config with
> TRANS IN ALL, but it doesn't take so I use TRANS IN TELNET and TRANS OUT
> TELNET on the console of my test router and on the async line I have the
> cable plugged to and use IP ADD 1.1.1.1 255.255.255.255 as a loopback int.
> When I try a Reverse Telnet, it opens, but I get a blank screen and NO
> CURSOR
> for my router?  WHAT GIVES?
> Thanks,
>  Rob H.
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2419&t=2414
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 500-CS...HELP!! [7:2414]

[Medley, Tim]

Take a look at your subnet mask.

tm

I hear and I forget
I see and I believe
I do and I understand
 -Confucius


Tim Medley - CCNA, CCDA
VoIP Engineer
704-943-3615 - Phone
704-525-9119 - Fax
877-6-iReady - Helpdesk



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Saturday, April 28, 2001 8:48 PM
To: [EMAIL PROTECTED]
Subject: 500-CS...HELP!! [7:2414]


Ok GUYS n GALS,
I got a simple dilemma, but I can't seem to get the solution.  I know its 
staring me in the face! :)  I bought a 500-CS off ebay and I config with 
TRANS IN ALL, but it doesn't take so I use TRANS IN TELNET and TRANS OUT 
TELNET on the console of my test router and on the async line I have the 
cable plugged to and use IP ADD 1.1.1.1 255.255.255.255 as a loopback int.  
When I try a Reverse Telnet, it opens, but I get a blank screen and NO
CURSOR
for my router?  WHAT GIVES?
Thanks,
 Rob H.
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2483&t=2414
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: 500-CS...HELP!! [7:2414]......here is my 5 [7:2654]

[Jason Roysdon]

Speaking of, here is one nice terminal server setup for someone who wanted
to configure a large number of router pods and/or dialups (ends in 20
minutes):
http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=1232652456

Compaq 6200 w/6 2511s w/96 modems.  Heh, start your own small ISP.  Not too
bad for $1500.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Kevin Wigle""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I think the "no exec" issue may be a work around for other behaviour on
> async lines.
>
> Specifically for using async lines as a terminal server.
>
> I don't know how well the normal octopus cables are insulated but I have
> noticed lots of noise on these lines.  The noise on these lines seem to be
> able to trigger an exec session which prevents the line from being opened
> until it is cleared.
>
> Using "no exec" seems to prevent this from happening but you are still
able
> to connect.
>
> Now I'm talking "through the router out the line connection", not "in the
> line out the router connection" which it seems you are talking about.
>
> "Most" times when we're talking about reverse telent we're talking about
> connecting a line from the "server" to the console port of another router.
> In this case, the remote router is not initiating a call down the line, it
> is accepting a call.
>
> We talk about this so much it seems as it is just about the first thing
you
> have to do in the CCIE lab. (so I'm told - haven't been there yet but I
have
> books that say this)
>
> I grant that if you tried to make a call into the line with "no exec", you
> probably won't get too far.  But in most of the cases we are talking about
> going the other way.
>
> The "no exec" keeps the line down (available) until we really want it.
>
> On our main terminal server at work - a 2611 we have the following line:
>
> line 33 48
>  no exec
>
> Now our purpose is to connect to the terminal server to access the lab and
> to access the console ports of the other routers in the lab pod.
>
> When I telnet to w.x.y.z 2033 I get connected to the router at the end of
> line 33. (which is line 1 on the cable)
>
> When on the terminal server console I telnet to port 2033 on the loopback
I
> get to the same place.
>
> So, you are correct in what you say - but I think the most often the
problem
> being addressed is that the line is reported as in use and the user isn't
> the one using it.  I have yet to see anyone suggest using "no exec" on a
vty
> or console line so that doesn't seem to fit into the discussion.
>
> My slant - others may vary.
>
> Kevin Wigle
>
>
> - Original Message -
> From: Paul Werner
> To:
> Sent: Monday, April 30, 2001 3:10 AM
> Subject: Re: RE: 500-CS...HELP!! [7:2414]..here is my 500-CS config
> [7:2536]
>
>
> > **WARNING - THE VERBOSITY BIT IS SET - THIS MESSAGE IS DISCARD
> > ELIGIBLE IF YOUR BUFFERS ARE FULL**
> >
> > Hi,
> >
> > I think there may be a degree of misunderstanding about the use
> > of the no exec command.  If you have seen this command used
> > in an access server that provides dialin access to corporate
> > users, or you have configured an access server for a typical
> > ISP, that is probably an appropriate place for this command.
> > When you place no exec under a given line, it will preclude
> > any use of an executive process (user or privileged).  Dont
> > take my word on it.  Lets all do a little test on our home
> > routers.
> >
> > First, do not do this test in a production network, period.
> > Second, it you are a little weak on the IOS, you may want to
> > brush up on your password recovery procedures; you will need it
> > later.  Here goes.  I will show you three different ways to
> > test this. First, go to the console port of your router  **DO
> > NOT TELNET IN**  Next, configure your router as follows:
> >
> > router#
> > router(config)#
> > router(config)#lin vty 0 4
> > router(config-line)#no exec
> > router(config-line)#exit
> > router(config)#int loopback 77
> > router(config-int)#ip add 1.0.0.1 255.0.0.0
> > router(config-int)#end
> > router#
> >
> > Now attempt to telnet into your own router using any accepted
> > telnet command, such as:
> >
> > router#telnet 1.0.0.1
> >
> > or,
> >
> > router#connect 1.0.0.1
> >
> > or,
> >
> > rou

Re: 500-CS...HELP!! [7:2414]......here is my 500-CS config [7:2433]

[[EMAIL PROTECTED]]

Here is my script..anybody see any errors?
TIA,
 Rob H.

Using 1299 out of 32512 bytes
version 9.1
!
hostname CS500
!
enable-password gabby
!
!
!
!
!
!
interface Ethernet 0
no ip address
shutdown
no lat enabled
no mop enabled
!
interface Loopback 0
ip address 1.1.1.1 255.255.255.255
!
 --More--
!
!
!
!
ip name-server 255.255.255.255
ip host R1 2003 1.1.1.1
snmp-server community
!
!
line vty 0 4
login
line con 0
transport input
transport output
line 1
no exec
monitor
transport input telnet
transport output telnet
line 2
no exec
transport input
 --More--
transport output
line 3
no exec
transport input telnet
transport output telnet
line 4
no exec
transport input
transport output
line 5
no exec
transport input
transport output
line 6
no exec
transport input
transport output
line 7
no exec
transport input
transport output
line 8
 --More--
no exec
transport input
transport output
line 9
no exec
transport input
transport output
line 10
no exec
transport input
transport output
line 11
no exec
transport input
transport output
line 12
no exec
transport input
transport output
line 13
no exec
transport input
 --More--
transport output
line 14
no exec
transport input
transport output
line 15
no exec
transport input
transport output
line 16
no exec
transport input
transport output
line vty 0
password gabby
line vty 1
password gabby
line vty 2
password gabby
line vty 3
password gabby
line vty 4
 --More--
password gabby
!
end




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2433&t=2433
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 500-CS...HELP!! [7:2414]......here is my 500-CS config [7:2439]

[Albert Lu]

I thought that only transport input telnet (or all) is needed, rather than
transport output as well.

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> [EMAIL PROTECTED]
> Sent: Sunday, 29 April 2001 2:15
> To: [EMAIL PROTECTED]
> Subject: Re: 500-CS...HELP!! [7:2414]..here is my 500-CS config
> [7:2433]
>
>
> Here is my script..anybody see any errors?
> TIA,
>  Rob H.
>
> Using 1299 out of 32512 bytes
> version 9.1
> !
> hostname CS500
> !
> enable-password gabby
> !
> !
> !
> !
> !
> !
> interface Ethernet 0
> no ip address
> shutdown
> no lat enabled
> no mop enabled
> !
> interface Loopback 0
> ip address 1.1.1.1 255.255.255.255
> !
>  --More--
> !
> !
> !
> !
> ip name-server 255.255.255.255
> ip host R1 2003 1.1.1.1
> snmp-server community
> !
> !
> line vty 0 4
> login
> line con 0
> transport input
> transport output
> line 1
> no exec
> monitor
> transport input telnet
> transport output telnet
> line 2
> no exec
> transport input
>  --More--
> transport output
> line 3
> no exec
> transport input telnet
> transport output telnet
> line 4
> no exec
> transport input
> transport output
> line 5
> no exec
> transport input
> transport output
> line 6
> no exec
> transport input
> transport output
> line 7
> no exec
> transport input
> transport output
> line 8
>  --More--
> no exec
> transport input
> transport output
> line 9
> no exec
> transport input
> transport output
> line 10
> no exec
> transport input
> transport output
> line 11
> no exec
> transport input
> transport output
> line 12
> no exec
> transport input
> transport output
> line 13
> no exec
> transport input
>  --More--
> transport output
> line 14
> no exec
> transport input
> transport output
> line 15
> no exec
> transport input
> transport output
> line 16
> no exec
> transport input
> transport output
> line vty 0
> password gabby
> line vty 1
> password gabby
> line vty 2
> password gabby
> line vty 3
> password gabby
> line vty 4
>  --More--
> password gabby
> !
> end
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2439&t=2439
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 500-CS...HELP!! [7:2414]......here is my 500-CS config [7:2468]

[Paul Werner]

Comments inline.

> Here is my script..anybody see any errors?
> TIA,
>  Rob H.
> 
> Using 1299 out of 32512 bytes
> version 9.1
> !
> hostname CS500
> !
> enable-password gabby

As a general comment, you may want to remove or "" all 
passwords prior to submitting them to the list.  It is a best 
practice to do in general and you will need to do this whenever 
you submit anything to TAC.  Cisco's TAC developed a macro that 
will list a series of troubleshooting friendly commands such 
as "show run", "show start", "show interfaces", etc.  This 
command will also strip out all incriminating information, such 
as passwords.  The command is "show tech".  Unfortunately, your 
version of IOS does not support this command.


> !
> interface Ethernet 0
> no ip address
> shutdown
> no lat enabled
> no mop enabled
> !
> interface Loopback 0
> ip address 1.1.1.1 255.255.255.255

As a good practice, you may want to put a different (non-
publicly routable) IP address here.  Try something from the RFC 
1918 series, such as 192.168.254.254 /32 .  There is no other 
reason than it is a good practice.  Besides, if you ever needed 
to get to the host on the Internet that owns IP addr 1.1.1.1, 
you will only go as far as your loopback address:-)

> !
> ip name-server 255.255.255.255
> ip host R1 2003 1.1.1.1

Is the host table entry above the one you are trying to use?  
If so, does it correspond to the port on the CS-500 that you 
have R1 plugged into?  Based upon the layout of my CS-516, I 
would say that if you attempted to type "R1" at the term server 
command line, router R1 better be plugged into the 3rd port. 


> snmp-server community
> !
> !
> line vty 0 4
> login
>
> line con 0
> transport input
> transport output

Why don't you just set the console line to "transport input 
all"?

> line 1
> no exec
> monitor
> transport input telnet
> transport output telnet

If you notice above and below, you will see the command, "no 
exec".  This is what is precluding you from doing anything 
useful on this box.  With "no exec" enabled, you will not get 
executive mode at the line.  At this point, it might just be 
easier to get rid of the "no exec" from each of the lines.  
Also, if you set "transport input all" and "transport output 
all", you will see the other lines on transport disappear as 
well.  In order to fix this problem, you will need to go to 
line configration mode for each line and type, "exec".  While 
you are there, type "transport input all" and "transport output 
all"

HTH,

Paul Werner


Get your own "800" number
Voicemail, fax, email, and a lot more
http://www.ureach.com/reg/tag




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2468&t=2468
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 500-CS...HELP!! [7:2414]......here is my 500-CS config [7:2472]

[Fred Danson]

I don't think your problem has anything to do with the "no exec" command in 
your config. I also use the "no exec" command for my async ports and it 
works great.

I think the problem lies within these commands.

ip host R1 2003 1.1.1.1
line 1
no exec
monitor
transport input telnet
transport output telnet

Notice that the port you specified was 2003. Port 2003 maps to line 3, not 
line 1. You don't have anything configured for line 3, so the reverse telnet 
session will not work for it. I would either try changing the port to 2001 
or change the "line 1" command to "line 1 3"

Let me know if this does any good.

Fred


I think your problem
>From: "Paul Werner" Reply-To: "Paul Werner" To: [EMAIL PROTECTED] 
>Subject: Re: 500-CS...HELP!! [7:2414]..here is my 500-CS config 
>[7:2468] Date: Sun, 29 Apr 2001 13:07:19 -0400
>
>Comments inline.
>
> > Here is my script..anybody see any errors? > TIA, > Rob H. > > Using 
>1299 out of 32512 bytes > version 9.1 > ! > hostname CS500 > ! > 
>enable-password gabby
>
>As a general comment, you may want to remove or "" all passwords prior 
>to submitting them to the list. It is a best practice to do in general and 
>you will need to do this whenever you submit anything to TAC. Cisco's TAC 
>developed a macro that will list a series of troubleshooting friendly 
>commands such as "show run", "show start", "show interfaces", etc. This 
>command will also strip out all incriminating information, such as 
>passwords. The command is "show tech". Unfortunately, your version of IOS 
>does not support this command.
>
>
> > ! > interface Ethernet 0 > no ip address > shutdown > no lat enabled > 
>no mop enabled > ! > interface Loopback 0 > ip address 1.1.1.1 
>255.255.255.255
>
>As a good practice, you may want to put a different (non- publicly 
>routable) IP address here. Try something from the RFC 1918 series, such as 
>192.168.254.254 /32 . There is no other reason than it is a good practice. 
>Besides, if you ever needed to get to the host on the Internet that owns IP 
>addr 1.1.1.1, you will only go as far as your loopback address:-)
>
> > ! > ip name-server 255.255.255.255 > ip host R1 2003 1.1.1.1
>
>Is the host table entry above the one you are trying to use? If so, does it 
>correspond to the port on the CS-500 that you have R1 plugged into? Based 
>upon the layout of my CS-516, I would say that if you attempted to type 
>"R1" at the term server command line, router R1 better be plugged into the 
>3rd port.
>
>
> > snmp-server community > ! > ! > line vty 0 4 > login > > line con 0 > 
>transport input > transport output
>
>Why don't you just set the console line to "transport input all"?
>
> > line 1 > no exec > monitor > transport input telnet > transport output 
>telnet
>
>If you notice above and below, you will see the command, "no exec". This is 
>what is precluding you from doing anything useful on this box. With "no 
>exec" enabled, you will not get executive mode at the line. At this point, 
>it might just be easier to get rid of the "no exec" from each of the lines. 
>Also, if you set "transport input all" and "transport output all", you will 
>see the other lines on transport disappear as well. In order to fix this 
>problem, you will need to go to line configration mode for each line and 
>type, "exec". While you are there, type "transport input all" and 
>"transport output all"
>
>HTH,
>
>Paul Werner
>
> Get your own "800" number 
>Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag
>subscription info: http://www.groupstudy.com/list/cisco.html Report 
>misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2472&t=2472
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: 500-CS...HELP!! [7:2414]......here is my 500-CS config [7:2536]

[Paul Werner]

**WARNING - THE VERBOSITY BIT IS SET - THIS MESSAGE IS DISCARD 
ELIGIBLE IF YOUR BUFFERS ARE FULL**

Hi,

I think there may be a degree of misunderstanding about the use 
of the no exec command.  If you have seen this command used 
in an access server that provides dialin access to corporate 
users, or you have configured an access server for a typical 
ISP, that is probably an appropriate place for this command.  
When you place no exec under a given line, it will preclude 
any use of an executive process (user or privileged).  Dont 
take my word on it.  Lets all do a little test on our home 
routers.

First, do not do this test in a production network, period.  
Second, it you are a little weak on the IOS, you may want to 
brush up on your password recovery procedures; you will need it 
later.  Here goes.  I will show you three different ways to 
test this. First, go to the console port of your router  **DO 
NOT TELNET IN**  Next, configure your router as follows:

router#
router(config)#
router(config)#lin vty 0 4
router(config-line)#no exec
router(config-line)#exit
router(config)#int loopback 77
router(config-int)#ip add 1.0.0.1 255.0.0.0
router(config-int)#end
router#

Now attempt to telnet into your own router using any accepted 
telnet command, such as:

router#telnet 1.0.0.1

or,

router#connect 1.0.0.1

or,

router#1.0.0.1

You should get the following output:

2503#telnet 1.0.0.1
Trying 1.0.0.1 ... Open

[Connection to 1.0.0.1 closed by foreign host]

The connection will not open.  Since we did not have any access 
class commands applied, the only other explanation is that a 
vty line is dedicated for one purpose, namely to run an 
executive process.  You can either telnet into the vty to do 
user exec commands, or privileged exec commands.  When the line 
has been restricted so that no exec is in place, then the vty 
line is effectively shut down and no connection is allowed.  
Remove the "no exec" command under the vty lines and reattempt 
it.  You will note it works.

Lets try it a second way.  This time, we will implement the 
following commands on any cisco router that has both an AUX 
port and a console line.  We will change the AUX port into a 
line configuration and we will issue the no exec command on 
the AUX line.  Before you start, make sure your configuration 
is clear under the AUX line and console lines.  It should 
similar to this:

line con 0
 transport input all
line aux 0
 transport input all

Go ahead and verify you get a command prompt in both AUX and 
console lines. Verify you have interactivity by starting a ping 
to 1.0.0.1 on each (physically plug into both ports).  Then 
execute the following additional commands while plugged into 
the AUX line:

router#conf t
router(config)#lin aux 0
router(config-line)#no exec
router(config-line)#end
router#

Try a ping again.  It will work.  Now save your configuration 
with the following command and execute a reload while still 
plugged into the AUX line:

router#copy run start
router#reload
Proceed with reload? [confirm]y
07:35:36: %SYS-5-RELOAD: Reload requested

The last line is the last entry you will see.  When the router 
reboots, you will not be able to see any output.  You may be 
asking yourself why the command did not take place immediately 
as most commands do.  It did take place immediately however, 
you were still on a connected line.  Once the connection is 
severed (via a reload), then the AUX line will have no exec 
process when the system reboots.  This can be further verified 
once the system boots by attempting to get a router prompt from 
the AUX line.  When you are unsuccessful, plug into the console 
line and go into line configuration mode and restore the exec 
process with the following commands:

router#conf t
router(config)#lin aux 0
router(config-line)#exec
router(config-line)#end
router#

Log back into the AUX line and verify it now works properly. On 
some routers you may have to reboot to get this to take 
effect.  The final check on this is to do the same test with 
the console line.  

WARNING - DO NOT ATTEMPT TO DO THIS UNLESS YOU ARE VERY 
FAMILIAR WITH PASSWORD RECOVERY!!!  

Plug into the console line and type the following:

router#conf t
router(config)#lin con 0
router(config-line)#no exec
router(config-line)#end
router#

Run the same test and verify all functionality is still there, 
e.g. execute a ping and get a response.  Everything should work 
just fine.   Save your config and do a reload as before:

router#copy run start
router#reload
Proceed with reload? [confirm]y
07:35:36: %SYS-5-RELOAD: Reload requested

This time you are going to notice something really strange and 
different.  You will note that you can watch the router reload 
and go through its POST and execute its startup-config.  The 
only problem is that you cannot tell the router to do anything 
because you guessed it, you have no exec on the console 
line. You will see output go by one the screen, but you cannot 

Re: RE: 500-CS...HELP!! [7:2414]......here is my 500-CS config [7:2577]

[Kevin Wigle]

I think the "no exec" issue may be a work around for other behaviour on
async lines.

Specifically for using async lines as a terminal server.

I don't know how well the normal octopus cables are insulated but I have
noticed lots of noise on these lines.  The noise on these lines seem to be
able to trigger an exec session which prevents the line from being opened
until it is cleared.

Using "no exec" seems to prevent this from happening but you are still able
to connect.

Now I'm talking "through the router out the line connection", not "in the
line out the router connection" which it seems you are talking about.

"Most" times when we're talking about reverse telent we're talking about
connecting a line from the "server" to the console port of another router.
In this case, the remote router is not initiating a call down the line, it
is accepting a call.

We talk about this so much it seems as it is just about the first thing you
have to do in the CCIE lab. (so I'm told - haven't been there yet but I have
books that say this)

I grant that if you tried to make a call into the line with "no exec", you
probably won't get too far.  But in most of the cases we are talking about
going the other way.

The "no exec" keeps the line down (available) until we really want it.

On our main terminal server at work - a 2611 we have the following line:

line 33 48
 no exec

Now our purpose is to connect to the terminal server to access the lab and
to access the console ports of the other routers in the lab pod.

When I telnet to w.x.y.z 2033 I get connected to the router at the end of
line 33. (which is line 1 on the cable)

When on the terminal server console I telnet to port 2033 on the loopback I
get to the same place.

So, you are correct in what you say - but I think the most often the problem
being addressed is that the line is reported as in use and the user isn't
the one using it.  I have yet to see anyone suggest using "no exec" on a vty
or console line so that doesn't seem to fit into the discussion.

My slant - others may vary.

Kevin Wigle


- Original Message -
From: Paul Werner 
To: 
Sent: Monday, April 30, 2001 3:10 AM
Subject: Re: RE: 500-CS...HELP!! [7:2414]..here is my 500-CS config
[7:2536]


> **WARNING - THE VERBOSITY BIT IS SET - THIS MESSAGE IS DISCARD
> ELIGIBLE IF YOUR BUFFERS ARE FULL**
>
> Hi,
>
> I think there may be a degree of misunderstanding about the use
> of the no exec command.  If you have seen this command used
> in an access server that provides dialin access to corporate
> users, or you have configured an access server for a typical
> ISP, that is probably an appropriate place for this command.
> When you place no exec under a given line, it will preclude
> any use of an executive process (user or privileged).  Dont
> take my word on it.  Lets all do a little test on our home
> routers.
>
> First, do not do this test in a production network, period.
> Second, it you are a little weak on the IOS, you may want to
> brush up on your password recovery procedures; you will need it
> later.  Here goes.  I will show you three different ways to
> test this. First, go to the console port of your router  **DO
> NOT TELNET IN**  Next, configure your router as follows:
>
> router#
> router(config)#
> router(config)#lin vty 0 4
> router(config-line)#no exec
> router(config-line)#exit
> router(config)#int loopback 77
> router(config-int)#ip add 1.0.0.1 255.0.0.0
> router(config-int)#end
> router#
>
> Now attempt to telnet into your own router using any accepted
> telnet command, such as:
>
> router#telnet 1.0.0.1
>
> or,
>
> router#connect 1.0.0.1
>
> or,
>
> router#1.0.0.1
>
> You should get the following output:
>
> 2503#telnet 1.0.0.1
> Trying 1.0.0.1 ... Open
>
> [Connection to 1.0.0.1 closed by foreign host]
>
> The connection will not open.  Since we did not have any access
> class commands applied, the only other explanation is that a
> vty line is dedicated for one purpose, namely to run an
> executive process.  You can either telnet into the vty to do
> user exec commands, or privileged exec commands.  When the line
> has been restricted so that no exec is in place, then the vty
> line is effectively shut down and no connection is allowed.
> Remove the "no exec" command under the vty lines and reattempt
> it.  You will note it works.
>
> Lets try it a second way.  This time, we will implement the
> following commands on any cisco router that has both an AUX
> port and a console line.  We will change the AUX port into a
> line configuration and we will issue the no exec command on
> the AUX line.  Before you start, make sure

Re: RE: 500-CS...HELP!! [7:2414]......here is my 500-CS config [7:2591]

[Paul Werner]

Actually, it is you who are correct.  While my discussion and 
the resulting tests were good for intellectual debate, they did 
little to further answering the problem correctly.  You have 
stated correctly that "no exec" will work exactly as advertised 
for *reverse* telnet connections only.  Since my CS516 uses a 
combination of forward and reverse connections, it was not 
practical for me to use this methodology.  Oh well, that's what 
you get for making a post late at night when you are tired :-)

The two replies that stated the reverse connection was made to 
the wrong line are likely the root of the original problem. 

v/r,

Paul Werner


> So, you are correct in what you say - but I think the most 
often the
> problem
> being addressed is that the line is reported as in use and 
the user
> isn't
> the one using it



Get your own "800" number
Voicemail, fax, email, and a lot more
http://www.ureach.com/reg/tag




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2591&t=2591
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]