Reverse Telnet

1
Reverse Telnet

• Once you have physically connected a modem to
  your access server or router, you have to
  configure the modem's software. Modems have a
  default software configuration, which is set by
  the vendor at the factory. In most cases, you
  will need to modify this configuration to suit
  your needs. For example, you can configure the
  modem to answer calls on the second ring or lock
  its speed, etc.

2
Reverse Telnet

• Some modems can be configured by using a panel on
  the unit However, most modems don't have
  configuration panels. Instead, you must access
  the modem's software via another device such as
  an access server.

3
Reverse Telnet

• When using a Cisco access server, you have the
  option to manually configure the modem or
  automatically configure the modem using a script.
  Manual configurations are accomplished using a
  technique called reverse telnet.
• Access servers support both incoming and outgoing
  asynchronous line connections.

4
Reverse Telnet

• Incoming connections are forward connections.
  Outgoing connections are reverse connections. A
  remote terminal user who dials into the access
  server through an asynchronous line makes a
  forward connection. A user who connects through
  an access server to an attached modem makes a
  reverse connection. This reverse connection,
  called reverse telnet, can be used to configure
  modems.

5
Reverse Telnet

• You can make reverse telnet connections to
  various types of attached devices, such as
  modems, routers, and terminals.
• As its name implies, reverse telnet sessions are
  established using the Telnet protocol. Telnet
  daemons typically listen on TCP port 23 for
  connection requests.

6
Reverse Telnet

• If you want to communicate with and configure a
  modem attached to a router, Telnet to the
  router's IP address (but not to the default TCP
  port, 23) instead, Telnet to a different TCP
  port (a line number assigned to the interface
  that the modem connects to).

7
Reverse Telnet

• When a modem connects to a router interface, the
  router maps that interface to a line number (port
  number). The line number is used when reverse
  telnetting.

8
Reverse Telnet

• When using reverse Telnet, you can use the telnet
  command to connect to any IP address configured
  on the router, as long as the interface
  associated with that IP address is up. Typically,
  you configure the access server with a loopback
  IP address. Since a loopback interface is a
  logical interface, it is not susceptible to
  physical failures.

9
Line Types and Numbering

• Cisco devices have the following four types of
  lines
• CON (Console line) - Typically used to login to
  the router for configuration purposes this line
  is also referred to as CTY.
• AUX (Auxiliary line) - EIA/TIA-232 DTE port used
  as a backup asynchronous port (TTY) you can
  connect a modem to the AUX port.

10
Line Types and Numbering

• TTY (Asynchronous line) - Same as asynchronous
  interface available on access server models
  (Cisco 2509, 2510, 2511, 2512, AS5100, etc) used
  typically for remote dial-in sessions that use
  such protocols as SLIP and PPP. A serial
  interface configured as asynchronous is a TTY
  connection.

11
Line Types and Numbering

• VTY (Virtual terminal line) - Used for incoming
  Telnet, local-area transport (LAT), X.25 packet
  assembler/disassembler (PAD), and
  protocol-translation connections into synchronous
  ports (e.g., Ethernet and serial interfaces) on
  the router.
• Different router models number the line types in
  different ways.

12
Line Types and Numbering

• The Cisco line-numbering rules, where n
  represents the first physical line after the
  console line, and m refers to the number of the
  vty line. For example, the VTY 4 line corresponds
  to line 14 on a router with eight TTY ports.
  Because line 0 is for the console, lines 1 to 8
  are the TTY lines, line 9 is for the auxiliary
  port, and lines 10 to 14 are for VTY 0 to 4.

13
Line Types and Numbering

• TTY lines correspond to asynchronous interfaces
  on a one-to-one basis, and VTY lines are virtual
  lines that are dynamically assigned to the
  synchronous interfaces. VTY lines accept incoming
  Telnet sessions. You can enter the interface line
  tty ? command to view the maximum number of TTY
  lines supported by the router.

14
Line Types and Numbering

• Reverse Telnet connections to an individual line
  can be used to communicate and configure an
  attached device. To connect to an individual
  line, the remote host or terminal must specify a
  particular TCP port on the access server. For
  reverse Telnet, that port is 2000 plus the line
  number. For example

15
Line Types and Numbering

• telnet 131.108.30.40 2001.
• This command indicates a Telnet connection to
  line 1 (2000 1). If you want to reverse Telnet
  to a modem on line 14, you would use TCP port
  2014.
• 2000 - 2999 are reserved for reverse Telnet
  sessions to individual lines. Additional ranges
  have been reserved for rotary groups and other
  services, such as raw TCP and XRemote.

16
Line Types and Numbering

• Since line numbering varies among Cisco router
  models, you may want to rely on the show line
  command to display all types of lines and the
  status of each line.

17
Line Types and Numbering

• The show line-number command displays more
  detailed information on the specified line,
  including some useful data such as baud rate,
  modem state (idle or ready), and modem hardware
  state (CTS, DSR, DTR, and RTS for hardware flow
  control and session control).

18
Configuring Reverse Telnet

• In order for reverse Telnet to work, you must
  configure the access server's line with the
  transport input protocol and modem inout
  commands. You could issue the following commands
  to allow reverse Telnet via line 10
  RTAconfigure terminalRTA(config)line
  10RTA(config-line)transport input
  allRTA(config-line)modem inout

19
Configuring Reverse Telnet

• Use the transport input protocol command to
  specify which protocol to allow for incoming
  connections. Since reverse Telnet is a kind of
  incoming connection, you must allow at least the
  Telnet protocol.
• In the example, transport input all allows all of
  the following protocols to be used for the
  connection LAT, MOP, NASI, PAD, rlogin, Telnet,
  and v120.

20
Configuring Reverse Telnet

• If you don't specify Telnet or "all," you will
  receive the message "Connection Refused" when you
  try to establish a reverse Telnet connection. The
  modem inout command is required to permit both
  incoming and outgoing connections on a given line.

21
Configuring Reverse Telnet

• The escape command sequence is a very important
  command to remember. To leave a reverse Telnet
  session, press ctrl-shift-6, and then the letter
  x. This sequence, ctrl-shift-6, x, will suspend
  any Telnet session, and return you to the router
  console. Note also that a reverse Telnet session
  can be established from a remote host (such as a
  Windows PC), as well as the access server itself.

22
Asynchronous Interfaces and Line Configurations

• Access servers have terminal lines (TTYs), which
  differentiate them from other routers. Modems are
  typically connected to these terminal lines.

23
Asynchronous Interfaces and Line Configurations

• Access servers have terminal lines (TTYs), which
  differentiate them from other routers. Modems are
  typically connected to these terminal lines. The
  Cisco IOS assigns a logical interface to each
  physical terminal line, or group of terminal
  lines. As shown in Figure , these logical
  interfaces are labeled interface asynchronous
  interface-number (for individual lines) and
  interface group-async group-number (for grouped
  interfaces).

24
Asynchronous Interfaces and Line Configurations

• Asynchronous interfaces correspond to physical
  terminal (TTY) lines. This means that, for a
  connection using TTY 8, configuration commands
  can be applied to the logical interface
  (interface async 8) and to the physical line
  (line 8).

25
Asynchronous Interfaces and Line Configurations

• Commands entered in the asynchronous interface
  mode allow you to configure protocol-specific
  parameters for asynchronous interfaces. Commands
  entered in line configuration mode permit you to
  configure the physical aspects of the line's port.

26
Asynchronous Interfaces and Line Configurations

• The interface commands can be thought of as
  logical configuration the line commands
  configure physical characteristics of the
  configuration. For example, you configure the
  basic modem-related parameters on an access
  server using the line command, but you configure
  protocol encapsulation and authentication with
  the interface async command.

27
Asynchronous Interfaces and Line Configurations

• Asynchronous interfaces can be grouped as one
  logical interface (interface group-async
  group-number) to simplify configuration. To
  create a group, issue the interface group-async
  command in global configuration mode
• RTA(config)interface group-async 1.

28
Asynchronous Interfaces and Line Configurations

• Using the group-range command, specify which
  individual interfaces are members of the group,
  as shown
• RTA(config)interface group-async
  1RTA(config-if)group-range 1 7.

29
Asynchronous Interfaces and Line Configurations

• This configuration assigns asynchronous
  interfaces 1 through 7 under a single master
  interface (interface Group-Async 1). This
  one-to-many structure allows you to configure all
  associated member interfaces by entering one
  command on the group interface, rather than
  entering this command on each interface.

30
Basic Terminal Line Configuration

• You must configure an access server's terminal
  line to asynchronously communicate with a modem.
• The following paragraphs examine an example line
  configuration in detail

31
Basic Terminal Line Configuration

• RTA(config)line 2RTA(config-line)loginRTA(conf
  ig-line)password letmein.
• The login command enables password checking at
  login on line 2, while the password command sets
  the password to letmein.
• RTA(config-line)speed 115200RTA(config-line)flo
  wcontrol hardwareRTA(config-line)stopbits 1

32
Basic Terminal Line Configuration

• The speed command is used to set the speed of
  transmission (both transmit and receive) between
  the modem and the attached access server.
  Depending on the router hardware, TTY line speeds
  can be set from between 50 and 115200 bits per
  second (bps). The default speed setting is 9600
  bps.

33
Basic Terminal Line Configuration

• Typically, you should set this value to the
  maximum supported speed between both devices.
  Note also that you must lock the speed of your
  modem to match the router's line configuration.
• The flowcontrol command sets the type of flow
  control to be used on the line. Options are
  software, hardware, and none (default). In this
  example, the router is configured for hardware
  flow control (RTS/CTS flow control).

34
Basic Terminal Line Configuration

• The stopbits command configures the number of
  stop bits to be used (1, 1.5, or 2). The default
  setting is 2. The modem and the router must use
  the same number of stop bits. Reducing the number
  of stop bits from 2 to 1 will improve throughput
  by reducing asynchronous framing overhead.

35
Basic Terminal Line Configuration

• RTA(config-line)transport input
  allRTA(config-line)modem inout
• The transport input all command allows all
  protocols inbound on a specific line, while the
  modem inout command allows both incoming and
  outgoing calls.

36
Basic Terminal Line Configuration

• Note that both of these commands can be used with
  more restrictive keywords. For example
• RTA(config-line)transport input
  telnetRTA(config-line)modem dialin
• The transport input telnet command only allows
  the telnet protocol to connect to a specific
  line, while the modem dialin command restricts
  the line to incoming calls only.

37
Basic Terminal Line Configuration

• It is essential that the TTY line be configured
  before configuring/initializing the modem.
  Otherwise, you cannot reverse Telnet to the
  modem. Moreover, if you change the line speed
  after the modem has been initialized, the modem
  will no longer communicate with the router until
  it is again told at what speed to talk to the
  router.

38
Basic Auxiliary Port Configurations

• The AUX port is typically configured as an
  asynchronous serial interface on routers without
  built-in terminal lines.

39
Basic Auxiliary Port Configurations

• Depending on the hardware, an AUX port may not
  perform as well as a built-in TTY. As shown in
  the figure, most AUX ports are limited to 38400
  bps, although AUX ports on 2600 and 3600 series
  routers support speeds up to 115200 bps.
  Moreover, AUX ports do not support such features
  as DMA buffering and IP fast switching.

40
Basic Auxiliary Port Configurations

• To configure the AUX port as an asynchronous
  interface, configure it with line commands, as
  you would any TTY. Use the line aux 0 command in
  global configuration mode, as shown
• RTA(config)line aux 0RTA(config-line)loginRTA(
  config-line)password letmein

41
Basic Auxiliary Port Configurations

• RTA(config-line)speed 115200RTA(config-line)flo
  wcontrol hardwareRTA(config-line)stopbits
  1RTA(config-line)transport input
  allRTA(config-line)modem inout

42
Basic Auxiliary Port Configurations

• You may want to issue the show line command to
  determine what line number is assigned to your
  router's AUX port. Depending on your router's
  hardware, this could be line 1, line 17, or line
  65, or some other number. Once you have
  identified the line number, you will know which
  corresponding asynchronous interface to configure
  (interface async 1, interface async 17, interface
  async 65, etc.).

43
Basic Auxiliary Port Configurations

• You can configure an AUX port by its line number
  as well. For example, on a 2511, where the AUX
  port is assigned line 17, you can configure the
  port's physical parameters issuing either line
  aux 0 or line 17 in global config mode.

44
Connecting a Modem to the Console Port

• Advantages of connecting a modem on the console
  port
• Passwords can be recovered remotely. You may
  still need someone on-site with the router to
  toggle the power, but aside from that, it's
  identical to being there with the router.

45
Connecting a Modem to the Console Port

• It is a convenient method of attaching a second
  modem to a router without async ports. This is
  beneficial if you need to access the router for
  configuration or management while leaving the AUX
  port free for dial-on-demand routing (DDR).

46
Connecting a Modem to the Console Port

• Some routers (for example, Cisco 1600s) do not
  have AUX ports. If you want to connect a modem to
  the router and leave the serial port(s) free for
  other connections, the console is the only
  option.

47
Connecting a Modem to the Console Port

• Disadvantages of connecting a modem on the
  console port
• The console port does not support EIA/TIA-232
  modem control (Data Set Ready/Data Carrier Detect
  (DSR/DCD), data terminal ready (DTR)). Therefore,
  when the EXEC session terminates (logout), the
  modem connection will not drop automatically the
  user will need to manually disconnect the session.

48
Connecting a Modem to the Console Port

• More seriously, if the modem connection should
  drop, the EXEC session will not automatically
  reset. This can present a security hole, in that
  a subsequent call into that modem will be able to
  access the console without entering a password.
  The hole can be made smaller by setting a tight
  exec-timeout on the line. However, if security is
  important, it is recommended to use a modem that
  can provide a password prompt.

49
Connecting a Modem to the Console Port

• Unlike other async lines, the console port does
  not support hardware Clear to Send/Ready to Send
  (CTS/RTS) flow control. It is recommended to use
  no flow control. If data overruns are
  encountered, however, software (XON/XOFF) flow
  control may be enabled.
• The console ports on most systems only support
  speeds of up to 9600 bps.

50
Connecting a Modem to the Console Port

• The console port lacks reverse telnet capability.
  If the modem loses its stored initialization
  string, the only remedy is to physically
  disconnect the modem from the router and attach
  it to another device (such as an AUX port or a
  PC) to reinitialize. If a modem on an AUX port
  loses its initialization string, you can use
  reverse telnet remotely to correct the problem.

51
Connecting a Modem to the Console Port

• A console port cannot be used for dial-on-demand
  routing it has no corresponding async interface.

52
Configuring a Serial Interface to Use a Modem

• Depending on your router's hardware, a serial
  interface can be configured as a low-speed
  asynchronous line. To configure a serial
  interface as asynchronous, issue the following
  command in interface configuration mode
• Router(config-if)physical-layer async

53
Configuring a Serial Interface to Use a Modem

• If your router does not recognize this command,
  it does not support this configuration.