Reverse SSH ona terminal server

We are rolling out new terminal servers (2811s) and on the new terminal servers we want to configure reverse SSH.
On the old terminal servers we only had reverse telnet configured. And we would map the port to an IP using the ip alias command Eg ip alias 10.1.1.1 2067.
These would help out with management as we could then add this IP address to our DNS server and we wouldn't have to remember what port was needed when using out-of-band management when trying to console to a device.
With reverse SSH this isnt possible as the port needs to be specified when logging on to the router.
Has anyone successfully used reverse ssh with "ip alias"?
I could use the IP host command (ip host name port-num ip), but this would mean i would have to use a cisco device as a golden source.

I like to use:
alias exec 1 1.1.1.1 2001
alias exec 2 1.1.1.1 2002
alias exec 3 1.1.1.1 2003
alias exec 4 1.1.1.1 2004
alias exec 5 1.1.1.1 2005
alias exec 6 1.1.1.1 2006
alias exec 7 1.1.1.1 2007
alias exec 8 1.1.1.1 2008

Similar Messages

Terminal Server Break Sequence

We have a lab where we ssh to a router and then telnet to a Terminal server from there in order to access a different lab. However, when executing the break sequence while connected to the Terminal server in order to exit out of one of the devices, it switches back to the rouer we initially ssh'ed to. Does anyone know if there's a way to override this? When we send the break sequence, we only want to break from the reverse telnet session back to the Terminal Server.

Figured it out...not sure how to delete my posting, so i'll post what I found. CTRL Shift 6 TWICE, then X will send the break sequence to the second level connection. New one for me...

Router reverse SSH

Hello all,
I think i know the answer to this already, however, I was hoping someone had a brilliant idea to get this working.
In a nutshell, we are in the process of deploying DMVPN spokes at numerous locations throughout the world. In some of these areas, the connectivity is NAT'd several times. Normally this is not an issue due to the tunnel coming up, however when it does not, it is always awkward working with the receptionist to get it working again.
Topo:
Hub -- Internet -- NAT -- Spoke
I was thinking along the lines of an EEM script on bootup that does a remote SSH from the router to another router or to a server. This way we can ssh into them without needing to have someone local or shipping equipment back and forth? Is anyone doing this today or something else along these lines? It would be ideal to be able to do a remote wipe on one if it's stolen (and plugged into the Internet) or something along those lines.
thanks!

Follow these steps to configure reverse ssh for console access:
1. enable
2. configure terminal
3. line line-number [ending-line-number]
4. no exec
5. login authentication listname
6. transport input ssh
7. exit
8. exit
9. ssh -l userid:{number} {ip-address}
Following link may help you
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804831b6.html#wp1027188

2611xm Terminal Server + ACS + reauthentication when selecting menu options

Hi,
I've managed to setup ACS Authentication on my 2611xm router,
after you login to the router I have a autocommand setup to run a menu.
My problem is when you select the option on the menu,
You are then re prompted to reauthenicated against the router again before connecting to the line,
can any one tell me how to stop this from happening.
Thanks for your time and effort in advance, I have enclosed a config below.
DDRAS01#sh running-config
Building configuration...
Current configuration : 6854 bytes
! Last configuration change at 10:28:49 AEST Sun Feb 21 2010 by <removed>
! NVRAM config last updated at 19:25:53 AEST Sat Feb 20 2010 by <removed>
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service linenumber
service sequence-numbers
hostname DDRAS01
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 informational
logging rate-limit all 10000
logging console critical
enable password 7 <removed>
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login if_needed local
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ local if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
clock timezone AEST 10
clock summer-time AEST recurring last Sun Oct 2:00 last Sun Mar 3:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
ip domain list <removed>
ip domain list <removed>
ip domain name <removed>
ip host dd-cr-01e 2033 172.16.1.1
ip host ddsws01 2034 172.16.1.1
ip host ddsws04 2035 172.16.1.1
ip host ddce565 2040 172.16.1.1
ip name-server <removed>
ip name-server <removed>
username netops privilege 15 password 7 <removed>
ip ssh source-interface FastEthernet0/0
ip ssh logging events
ip ssh version 2
interface Loopback0
ip address 172.16.1.1 255.255.255.255
interface FastEthernet0/0
ip address <removed> 255.255.255.0
speed 100
full-duplex
interface Serial0/0
no ip address
shutdown
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 <removed>
ip http server
no ip http secure-server
ip tacacs source-interface FastEthernet0/0
ip radius source-interface FastEthernet0/0
logging facility local6
logging <removed>
snmp-server community <removed> RO
snmp-server community <removed> RW
snmp-server location <removed>
snmp-server contact NetOps
menu ddras01 title ^C
Cisco Terminal Server
Select the number from the list below
Use 'ctrl+shift+6' then 'x' to switch back to the menu
^C
menu ddras01 text 1 Connect to DD-CR-01
menu ddras01 command 1 resume dd-cr-01 /connect telnet dd-cr-01 2033
menu ddras01 text 2 Connect to DDSWS01
menu ddras01 command 2 resume ddsws01 /connect telnet ddsws01 2034
menu ddras01 text 3 Connect to DDSWS04
menu ddras01 command 3 resume ddsws04 /connect telnet ddsws04 2035
menu ddras01 text 8 Connect to DDCE565
menu ddras01 command 8 resume ddce565 /connect telnet ddce565 2040
menu ddras01 text 9 Exit
menu ddras01 command 9 menu-exit
menu ddras01 clear-screen
menu ddras01 status-line
menu ddras01 line-mode
tacacs-server host 10.2.0.50
tacacs-server directed-request
tacacs-server key 7 <removed>
control-plane
privilege exec level 15 write terminal
privilege exec level 15 write
privilege exec level 1 ping
privilege exec level 10 undebug ip icmp
privilege exec level 10 undebug ip
privilege exec level 10 undebug all
privilege exec level 10 undebug
privilege exec level 10 terminal monitor
privilege exec level 10 terminal
privilege exec level 15 show running-config
privilege exec level 5 show configuration
privilege exec level 5 show
privilege exec level 10 debug ip icmp
privilege exec level 10 debug ip
privilege exec level 10 debug all
privilege exec level 10 debug
privilege exec level 10 clear interface
privilege exec level 10 clear counters
privilege exec level 10 clear
line con 0
password 7 <removed>
logging synchronous
line 33 64
no exec-banner
exec-timeout 0 0
no activation-character
no exec
transport preferred telnet
transport input all
escape-character 27
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7 <removed>
logging synchronous
autocommand menu ddras01
line vty 5 181
password 7 <removed>
logging synchronous
autocommand menu ddras01
ntp clock-period 17208487
ntp source FastEthernet0/0
ntp server <removed>
end

Hi Jesse
I have made the changes you recommended however i'm still getting prompted to reauthenticate each time I choose a menu entry,
I have included a updated copy of the config, any help you can provide if greatly appreaciated.
Thanks
DDRAS01(config)#do sh runnin
Building configuration...
Current configuration : 7371 bytes
! Last configuration change at 17:55:22 AEST Sun Feb 21 2010 by david
! NVRAM config last updated at 11:07:30 AEST Sun Feb 21 2010 by david
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service linenumber
service sequence-numbers
hostname DDRAS01
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 informational
logging rate-limit all 10000
logging console critical
enable password 7
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login if_needed local
aaa authentication login NOAUTH none
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization exec NOAUTH none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
clock timezone AEST 10
clock summer-time AEST recurring last Sun Oct 2:00 last Sun Mar 3:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
ip domain list
ip domain list
ip domain name
ip host dd-cr-01 2033 172.16.1.1
ip host ddsws01 2034 172.16.1.1
ip host ddsws04 2035 172.16.1.1
ip host ddce565 2040 172.16.1.1
ip name-server
ip name-server
username netops privilege 15 password 7
ip ssh source-interface FastEthernet0/0
ip ssh logging events
ip ssh version 2
interface Loopback0
ip address 172.16.1.1 255.255.255.255
interface FastEthernet0/0
ip address 255.255.255.0
speed 100
full-duplex
interface Serial0/0
no ip address
shutdown
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0
ip http server
no ip http secure-server
ip tacacs source-interface FastEthernet0/0
ip radius source-interface FastEthernet0/0
logging facility local6
logging
snmp-server community RO
snmp-server community RW
snmp-server location
snmp-server contact
menu ddras01 title ^C
Cisco Terminal Server
Select the number from the list below
Use 'ctrl+shift+6' then 'x' to switch back to the menu
^C
menu ddras01 text 1 Connect to DD-CR-01
menu ddras01 command 1 resume dd-cr-01 /connect telnet dd-cr-01 2033
menu ddras01 text 2 Connect to DDSWS01
menu ddras01 command 2 resume ddsws01 /connect telnet ddsws01 2034
menu ddras01 text 3 Connect to DDSWS04
menu ddras01 command 3 resume ddsws04 /connect telnet ddsws04 2035
menu ddras01 text 8 Connect to DDCE565
menu ddras01 command 8 resume ddce565 /connect telnet ddce565 2040
menu ddras01 text a Clear connection to DD-CR-01
menu ddras01 command a clear line 33
menu ddras01 text b Clear connection to DDSWS01
menu ddras01 command b clear line 34
menu ddras01 text c Clear connection to DDSWS04
menu ddras01 command c clear line 35
menu ddras01 text h Clear connection to DDCE565
menu ddras01 command h clear line 40
menu ddras01 text x Exit Menu
menu ddras01 command x menu-exit
menu ddras01 text l Logout
menu ddras01 command l logout
menu ddras01 clear-screen
menu ddras01 status-line
tacacs-server host
tacacs-server directed-request
tacacs-server key 7
control-plane
privilege exec level 15 write terminal
privilege exec level 15 write
privilege exec level 1 ping
privilege exec level 10 undebug ip icmp
privilege exec level 10 undebug ip
privilege exec level 10 undebug all
privilege exec level 10 undebug
privilege exec level 10 terminal monitor
privilege exec level 10 terminal
privilege exec level 15 show running-config
privilege exec level 5 show configuration
privilege exec level 5 show
privilege exec level 10 debug ip icmp
privilege exec level 10 debug ip
privilege exec level 10 debug all
privilege exec level 10 debug
privilege exec level 10 clear interface
privilege exec level 10 clear counters
privilege exec level 10 clear
line con 0
password 7
logging synchronous
line 33 64
no exec-banner
exec-timeout 0 0
no activation-character
no exec
transport preferred telnet
transport input all
escape-character 27
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7
logging synchronous
autocommand menu ddras01
line vty 5 181
password 7
authorization exec NOAUTH
logging synchronous
login authentication NOAUTH
autocommand menu ddras01
ntp clock-period 17208478
ntp source FastEthernet0/0
ntp server
end

2611xm Terminal Server + ACS + duplicate login when using menu options

Hi,
I'm trying to set up ACS on my 2611xm router, so far I have been able to do this, however when you login,
I have a autocommand setup to run a menu. My problem is when you select the option on the menu it
reauthenicated against the router again before connecting to the line, can any one tell me how to stop this from happening.
Thanks for your time and effort in advance, I have enclosed a config below.
DDRAS01#sh running-config
Building configuration...
Current configuration : 6854 bytes
! Last configuration change at 10:28:49 AEST Sun Feb 21 2010 by <removed>
! NVRAM config last updated at 19:25:53 AEST Sat Feb 20 2010 by <removed>
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service linenumber
service sequence-numbers
hostname DDRAS01
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 informational
logging rate-limit all 10000
logging console critical
enable password 7 <removed>
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login if_needed local
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ local if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
clock timezone AEST 10
clock summer-time AEST recurring last Sun Oct 2:00 last Sun Mar 3:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
ip domain list <removed>
ip domain list <removed>
ip domain name <removed>
ip host dd-cr-01e 2033 172.16.1.1
ip host ddsws01 2034 172.16.1.1
ip host ddsws04 2035 172.16.1.1
ip host ddce565 2040 172.16.1.1
ip name-server <removed>
ip name-server <removed>
username netops privilege 15 password 7 <removed>
ip ssh source-interface FastEthernet0/0
ip ssh logging events
ip ssh version 2
interface Loopback0
ip address 172.16.1.1 255.255.255.255
interface FastEthernet0/0
ip address <removed> 255.255.255.0
speed 100
full-duplex
interface Serial0/0
no ip address
shutdown
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 <removed>
ip http server
no ip http secure-server
ip tacacs source-interface FastEthernet0/0
ip radius source-interface FastEthernet0/0
logging facility local6
logging <removed>
snmp-server community <removed> RO
snmp-server community <removed> RW
snmp-server location <removed>
snmp-server contact NetOps
menu ddras01 title ^C
Cisco Terminal Server
Select the number from the list below
Use 'ctrl+shift+6' then 'x' to switch back to the menu
^C
menu ddras01 text 1 Connect to DD-CR-01
menu ddras01 command 1 resume dd-cr-01 /connect telnet dd-cr-01 2033
menu ddras01 text 2 Connect to DDSWS01
menu ddras01 command 2 resume ddsws01 /connect telnet ddsws01 2034
menu ddras01 text 3 Connect to DDSWS04
menu ddras01 command 3 resume ddsws04 /connect telnet ddsws04 2035
menu ddras01 text 8 Connect to DDCE565
menu ddras01 command 8 resume ddce565 /connect telnet ddce565 2040
menu ddras01 text 9 Exit
menu ddras01 command 9 menu-exit
menu ddras01 clear-screen
menu ddras01 status-line
menu ddras01 line-mode
tacacs-server host 10.2.0.50
tacacs-server directed-request
tacacs-server key 7 <removed>
control-plane
privilege exec level 15 write terminal
privilege exec level 15 write
privilege exec level 1 ping
privilege exec level 10 undebug ip icmp
privilege exec level 10 undebug ip
privilege exec level 10 undebug all
privilege exec level 10 undebug
privilege exec level 10 terminal monitor
privilege exec level 10 terminal
privilege exec level 15 show running-config
privilege exec level 5 show configuration
privilege exec level 5 show
privilege exec level 10 debug ip icmp
privilege exec level 10 debug ip
privilege exec level 10 debug all
privilege exec level 10 debug
privilege exec level 10 clear interface
privilege exec level 10 clear counters
privilege exec level 10 clear
line con 0
password 7 <removed>
logging synchronous
line 33 64
no exec-banner
exec-timeout 0 0
no activation-character
no exec
transport preferred telnet
transport input all
escape-character 27
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7 <removed>
logging synchronous
autocommand menu ddras01
line vty 5 181
password 7 <removed>
logging synchronous
autocommand menu ddras01
ntp clock-period 17208487
ntp source FastEthernet0/0
ntp server <removed>
end

Hi,
I'm trying to set up ACS on my 2611xm router, so far I have been able to do this, however when you login,
I have a autocommand setup to run a menu. My problem is when you select the option on the menu it
reauthenicated against the router again before connecting to the line, can any one tell me how to stop this from happening.
Thanks for your time and effort in advance, I have enclosed a config below.
DDRAS01#sh running-config
Building configuration...
Current configuration : 6854 bytes
! Last configuration change at 10:28:49 AEST Sun Feb 21 2010 by <removed>
! NVRAM config last updated at 19:25:53 AEST Sat Feb 20 2010 by <removed>
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service linenumber
service sequence-numbers
hostname DDRAS01
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 informational
logging rate-limit all 10000
logging console critical
enable password 7 <removed>
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login if_needed local
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ local if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
clock timezone AEST 10
clock summer-time AEST recurring last Sun Oct 2:00 last Sun Mar 3:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
ip domain list <removed>
ip domain list <removed>
ip domain name <removed>
ip host dd-cr-01e 2033 172.16.1.1
ip host ddsws01 2034 172.16.1.1
ip host ddsws04 2035 172.16.1.1
ip host ddce565 2040 172.16.1.1
ip name-server <removed>
ip name-server <removed>
username netops privilege 15 password 7 <removed>
ip ssh source-interface FastEthernet0/0
ip ssh logging events
ip ssh version 2
interface Loopback0
ip address 172.16.1.1 255.255.255.255
interface FastEthernet0/0
ip address <removed> 255.255.255.0
speed 100
full-duplex
interface Serial0/0
no ip address
shutdown
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 <removed>
ip http server
no ip http secure-server
ip tacacs source-interface FastEthernet0/0
ip radius source-interface FastEthernet0/0
logging facility local6
logging <removed>
snmp-server community <removed> RO
snmp-server community <removed> RW
snmp-server location <removed>
snmp-server contact NetOps
menu ddras01 title ^C
Cisco Terminal Server
Select the number from the list below
Use 'ctrl+shift+6' then 'x' to switch back to the menu
^C
menu ddras01 text 1 Connect to DD-CR-01
menu ddras01 command 1 resume dd-cr-01 /connect telnet dd-cr-01 2033
menu ddras01 text 2 Connect to DDSWS01
menu ddras01 command 2 resume ddsws01 /connect telnet ddsws01 2034
menu ddras01 text 3 Connect to DDSWS04
menu ddras01 command 3 resume ddsws04 /connect telnet ddsws04 2035
menu ddras01 text 8 Connect to DDCE565
menu ddras01 command 8 resume ddce565 /connect telnet ddce565 2040
menu ddras01 text 9 Exit
menu ddras01 command 9 menu-exit
menu ddras01 clear-screen
menu ddras01 status-line
menu ddras01 line-mode
tacacs-server host 10.2.0.50
tacacs-server directed-request
tacacs-server key 7 <removed>
control-plane
privilege exec level 15 write terminal
privilege exec level 15 write
privilege exec level 1 ping
privilege exec level 10 undebug ip icmp
privilege exec level 10 undebug ip
privilege exec level 10 undebug all
privilege exec level 10 undebug
privilege exec level 10 terminal monitor
privilege exec level 10 terminal
privilege exec level 15 show running-config
privilege exec level 5 show configuration
privilege exec level 5 show
privilege exec level 10 debug ip icmp
privilege exec level 10 debug ip
privilege exec level 10 debug all
privilege exec level 10 debug
privilege exec level 10 clear interface
privilege exec level 10 clear counters
privilege exec level 10 clear
line con 0
password 7 <removed>
logging synchronous
line 33 64
no exec-banner
exec-timeout 0 0
no activation-character
no exec
transport preferred telnet
transport input all
escape-character 27
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7 <removed>
logging synchronous
autocommand menu ddras01
line vty 5 181
password 7 <removed>
logging synchronous
autocommand menu ddras01
ntp clock-period 17208487
ntp source FastEthernet0/0
ntp server <removed>
end

Cisco 2611 Terminal Server

Hi,
I have one of the 16 spider cables from my 2611 Terminal Server plugged into a console port of a device that exists behind the firewall. But, it does not appear to be working.
Config of 2611 Terminal Server below and output of show line when an attempt is made to connect the remote cisco router. I already have this solution working for other routers and all works.
Config of line 33 48 on terminal server:-
line 33 48
session-timeout 5
timeout login response 15
no exec
transport input telnet
transport output all
BunkerA_2nd_TS#sh host
Default domain is not set
Name/address lookup uses static mappings
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host Port Flags Age Type Address(es)
XIT 2041 (perm, OK) 0 IP 10.64.8.40
BunkerA_2nd_TS#
BunkerA_2nd_TS#sh line 41
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
* 41 TTY 9600/9600 - - - - - 15 0 0/0 -
Line 41, Location: "", Type: "SUN-CMD"
Length: 34 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600, no parity, 2 stopbits, 8 databits
Status: Ready, Connected, Active
Capabilities: EXEC Suppressed
Modem state: Ready
Modem hardware state: noCTS DSR DTR RTS
Special Chars: Escape Hold Stop Start Disconnect Activation
^^x none - - none
Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch
00:10:00 00:05:00 none not set
Idle Session Disconnect Warning
never
Login-sequence User Response
00:00:15
Autoselect Initial Wait
not set
Modem type is unknown.
Session limit is not set.
Time since activation: 00:01:51
Editing is enabled.
History is enabled, history size is 20.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed input transports are telnet.
Allowed output transports are pad v120 telnet rlogin udptn.
Preferred transport is telnet.
No output characters are padded
No special data dispatching characters

Mary
I wonder about this line of output:
Status: Ready, Connected, Active
and wonder what happens if you issue the command clear line 41 from privilege mode of the terminal server?
The output shows that it has been used 15 times. Has it worked before or has it ALWAYS failed?
If you remove the terminal server cable and connect directly to the router console port with a PC does it work?
If you connect a different cable from the terminal server to the router and attempt access with the different reverse telnet port does it work?
If you can provide answers to these we might be closer to having answers to your issue.
HTH
Rick

Terminal Server Licensing 2003 to 2012 mixed environment - issue

We have 1 2003 Terminal Server and 1 2012 RDSH. We recently
migrated 2003 Terminal License Server to new 2012 RD Licensing Server.
On 2012 RD Licensing Server we have been instaled 20 - 2012 RDS Per Device Cal and 20 - 2003 TS Per Device Cal.
I sometimes works on Terminal
Server 2003 or 2012. And here is a problem with issued Terminal license for Device. When I Logoff from
2003 TS and then I log in to 2012 RDS - the 2012 RD Licensing Server issued new license for my computer on this same name. When I do the same in the reverse order - the 2012
RD Licensing Server issued next new license for my computer. I do this several times and now I have 10 permanent 2012 RDS license issued for this same computer with this same name, and 5 temporary 2012 RDS license issued for this same computer and 1 temporary
2003 TS for this same computer.
I have no idea how resolve this problem.
Thanks in advance for any help anyone can provide.
Lukas

Hi,
I probably tested everything.
- reinstalling license server
- reactivate license server
http://technet.microsoft.com/en-us/library/cc739075(WS.10).aspx
http://support.microsoft.com/default.aspx?scid=kb;EN-US;983385
http://social.technet.microsoft.com/Forums/windowsserver/en-US/ca458045-fb99-4c63-ad55-b738f2d5f49d/ts-license-manager-problem
And still I have the same problem.
From my Event Viewer:
Log Name: System
Source: Microsoft-Windows-TerminalServices-Licensing
Date:
Event ID: 42
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer:
Description:
An error occurred in policy module "Policy Module for company Microsoft Corporation product A02 has denied new license request with error code 14.
I searched for everywhere to solving this problem. Without positive results :(
Please help!

CISCO1921/K9 terminal server problem

Hi,
i have router 1921/k9 configured as terminal server with HWIC-8A card.
Problem is that one of serial lines where I have ASA connected (to console) is trying authenticate all the time to ASA.
Output seems like this:
1921#host asa1
Trying asa1 (1.1.1.1, 2005)... Open
Username:
Password: ********************************************************************************************************************************
Username:
Password: ********************************************************************************************************************************
Username:
Password: ********************************************************************************************************************************
Username:
and so on .....
Problem is solved after reboot of router. I tried reset line and it does not work. I would like to stop this flood authentication but I have no idea how. Is it possible that it is HW failure or bug?
Thanks for any advice.
Jan

Hi Richard,
thanks for reply. I cannot provide you all the confirg but i will cut interesting part what would interest us:
no ip domain lookup
ip domain name taccess.com
ip host cat3750-1 2003 1.1.1.1
ip host cat3750-2 2004 1.1.1.1
ip host asa1 2005 1.1.1.1
ip host asa2 2006 1.1.1.1
ip host ace1 2007 1.1.1.1
ip host ace2 2008 1.1.1.1
ip host acs 2009 1.1.1.1
ip host fw-int-1 2019 1.1.1.1
ip host fw-int-2 2020 1.1.1.1
ip host cat2960-1 2021 1.1.1.1
ip host cat2960-2 2022 1.1.1.1
ip host fw-vpn 2023 1.1.1.1
ip host ntp 2001 1.1.1.1
multilink bundle-name authenticated
interface Loopback1
ip address 1.1.1.1 255.255.255.255
interface Async0/0/0
no ip address
encapsulation slip
interface Async0/1/0
no ip address
encapsulation slip
interface Async0/0/1
no ip address
encapsulation slip
interface Async0/1/1
no ip address
encapsulation slip
interface Async0/0/2
no ip address
encapsulation slip
interface Async0/1/2
no ip address
encapsulation slip
interface Async0/0/3
no ip address
encapsulation slip
interface Async0/1/3
no ip address
encapsulation slip
interface Async0/0/4
no ip address
encapsulation slip
interface Async0/1/4
no ip address
encapsulation slip
interface Async0/0/5
no ip address
encapsulation slip
interface Async0/1/5
no ip address
encapsulation slip
interface Async0/0/6
no ip address
encapsulation slip
interface Async0/1/6
no ip address
encapsulation slip
interface Async0/0/7
no ip address
encapsulation slip
interface Async0/1/7
no ip address
encapsulation slip
line con 0
logging synchronous
line aux 0
no exec
transport preferred telnet
transport input telnet
transport output telnet
telnet transparent
stopbits 1
speed 38400
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0 0/0/7
login authentication lines
no exec
transport preferred telnet
transport input telnet
telnet transparent
flowcontrol software
line 0/1/0 0/1/7
login authentication lines
no exec
transport preferred telnet
transport input telnet
telnet transparent
flowcontrol software
line vty 0 4
exec-timeout 120 0
logging synchronous
transport input ssh
line vty 5 31
exec-timeout 120 0
logging synchronous
transport input ssh
Thanks,
Jan

Config of 2600 as a terminal server router?

Where can I find a template for configuring a 2600 router as a terminal server router to reverse telnet? The 2600 has a Asyc module on it.
Thanks
Gary

Here you go
http://www.cisco.com/warp/public/793/access_dial/comm_server.html

Issue in a Terminal server config

Hi
I am configuring a 2511 as a terminal server. I have two 2511s. One 2511 is OK. The other one gives me an error when I try to paste the same configuration that I have in notepad.
For the command:
line 1 16
modem InOut
it says that, "line 2 does not support modem control"
Then I typed:
(config)#line 0 17
(config-line)#modem InOut
it says, "line 0 does not support modem control.
Now it doesn't talk about line 2, instead it says that line 0 does not support modem control.
In here, the main problem is that, when I type:
(config)#line 1 16
(config-line)#no exec
and when I telnet, the router doesn't even prompt for anything. But when I again say, "exec" in line mode, then the router prompts me for the username.
But when I enter the username, it says:
traying 192.168.1.1, 2001.....
Destination unreachable; gateway or host is down.
Below I will paste the configuration that works in the other 2511 router.
line con 0
logging synchronous
login
transport input none
line 1 4
session-timeout 20
no exec
exec-timeout 0 0
no flush-at-activation
logging synchronous
modem InOut
transport input all
line 5 16
session-timeout 20
no exec
exec-timeout 0 0
no flush-at-activation
modem InOut
transport input all
line aux 0
password xxx
logging synchronous
login
line vty 0 4
exec-timeout 20 0
logging synchronous
login local
line vty 5 15
exec-timeout 20 0
logging synchronous
login local
In this setup, I have a loopback interace configured. Basically, everything is OK. The only difference are these two commands don't work like in the 1st router:
no exec
modem InOut
A very confusing scenario.
Any help on this would be highly appreciated.
Thanks in advance!

Response marked with
line 1 16
modem InOut
it says that, "line 2 does not support modem control"
- can you please try only one line at a time, that is:
line 1
modem inout
then try line 2 and so on and see if we see errors for specific lines only (which we can investigate further)
Then I typed:
(config)#line 0 17
(config-line)#modem InOut
it says, "line 0 does not support modem control. Now it doesn't talk about line 2, instead it says that line 0 does not support modem control.
This error is ok since line 0 is console and does not support modem control, mind you IOS spills out errors one after another so probably would have given error for line 2 next.
In here, the main problem is that, when I type:
(config)#line 1 16
(config-line)#no exec
and when I telnet, the router doesn't even prompt for anything. But when I again say, "exec" in line mode, then the router prompts me for the username.
Do you mean reverse telnet out of these lines? Not sure I understand what you are trying to do here.
A few things to check:
1. Is the router completely up, means its not in boot mode etc.
2. Are the IOS images different or same on the working vs non working 2511?
Thanks, Mak

2511 Terminal server setup

I'm trying to setup a 2511 as a terminal server. I've connected the ethernet port to the console port of the device I need remote access to. Followed all the steps on this page http://www.cisco.com/en/US/tech/tk801/tk36/technologies_configuration_example09186a008014f8e7.shtml#cs
I've given the loopback a non routable IP (172.22.2.1) and used the same to define my IP host
ip host router 2008 172.22.2.1
but when I telnet from the 2511 using the command telnet 172.22.2.1 2008 it telnets to the 2511 itself and hangs!!! what am I doing wrong? Do I need to do anything on the device that I want to have remote access to?

Hi Guys,
I'm reading this with great interest, as I have the same problem as Uzma, and could really do with some help. First of all, I have a 2511 access server (IOS 10.2) with two octal cables connected to a stack 11 routers and switches (various flavours of IOS from 11.x to 12.3). I've also have followed the configuration instructions in the following link : http://www.cisco.com/en/US/tech/tk801/tk36/technologies_configuration_example09186a008014f8e7.shtml#cs
However, when I reverse telnet to a device from the access server (via a PC connected to the Ethernet port), I have the same problem i.e. Telnet opens, and the cursor drops to the next line with no response from the device. CTRL+SHIFT+6 X returns me to the access server prompt.
I have taken care to do the following:
1. Connect the correct rolled cable to the target device console port in line with the port configured in the host table.
2. Configured the access servers tty lines 1 16 in the manner prescribed.
3. Configured the target devices console port in the manner prescribed.
I've yet to try upgrading the access server, and replacing one or other octal cable.
This is troubling me as this should be a straight forward setup, but is proving otherwise. Help would be much appreciated.
Nevski

Reverse SSH Tunnel problem?

I'm trying to do a reverse SSH tunnel for a VNC project. I'm successful when I do it on a Linux box or Cygwin under Windows, but I'm having problems under Mac OS.
Here's what I do:
Terminal 1:
ssh -nNTvvv -R 5500:localhost:5500 -l my_username myhost.com
Then, to see what's going on, I run in terminal 2:
nc -l -p 5500
Then, in a third terminal, I ssh over to myhost.com, and telnet to localhost 5500.
If I initiate this whole setup on other platforms, I can then type stuff in my in the third terminal and see it echoed happily in terminal 2.
Under Mac OS, everything goes fine until I do the telnet on myhost.com. The diagnostic in terminal 1 is:
debug1: channel 0: new [::1]
debug1: confirm forwardeded-tcpip
debug3: channel 0: waiting for connection
debug1: channel 0: not connected: Connection refused
It's not a firewall issue, as I can telnet directly to port 5500 on the Mac from myhost.com without any problem.
Google gives me no help here. Any ideas?
Thanks!
12" G4 Powerbook Mac OS X (10.4.8)

Figured it out - did a no ip ssh v 2 and hey presto started working

1811 as a terminal server?

I've heard that you can configure an 1811 router as a terminal server for remote console work.
I have several of them in the lab and would love to try it out.
Has anyone done this?
Thanks!
Ven

Easy to do.. just use the AUX port (BTW, this can be done using any Cisco IOS router that has an AUX port). For the 1811, I suggest the following (this is how I normally do it):
! presume you have aaa new-model configured
aaa new-model
! suggest making a "none" type of method for login
aaa authentication login my-none none
! configure the aux port
line aux 0
! this is just a sanity setting to force a port release every 60 mins. remove this if you want long lived
! terminal server sessions, or adjust as needed
session-timeout 3600
! this will prevent the 1811 itself from soliciting a login on the reverse telnet session. if you want the 1811
! to enforce a login (aka if you want to protect the attached device via an 1811 based login sequence),
! then adjust this to a different aaa login method. In my case, I enforce login on the attached serial device
! and find having the IOS 1811 doing a login to be a nusiance.
login authentication my-none
! subtle but important step here.. turn off the aux line "exec" processing. if you do not do this, it will still work
! but when you connect, do not be surprised to find a ton of junk coming out... as if the exec is on, the anytime
! the attached device output.. aka inputs to the aux.. then the "exec" will try to process it like an IOS CLI command.
no exec
! at minimum, one has to allow telnet (as that is really the only thing that can attach via reverse telnet)
transport input telnet
! adjust this if needed, note 9600 baud is the default so it will not show up
speed 9600
Also suggest the following:
! putting this at the top of the global config will help prevent "hung" sessions. basically if
! someone abruptly disconnects, within 5 mins the reverse-telnet session will be released on the
! 1811. aka, prevents one from having to do tedious "clear line" on the 1811 for a hung reverse-telnet
service tcp-keepalives-in
Once you have this in place.. do a "show line"
1811#show line
   Tty Typ     Tx/Rx    A Modem Roty AccO AccI   Uses   Noise Overruns   Int
      0 CTY              -    -      -    -    -      0       0     0/0       -
      1 TTY              - inout     -    -    -      0       0     0/0       -
      5 AUX   9600/9600 -    -      -    -    -      3       0     0/0       -
The AUX port should be line "5" on an 1811. As such, the reverse-telnet port to use for this port is "2005" (aka 2000 + line#). Thus do a telnet to your 1811, but change the TCP port from 23 to 2005.
QED.
~G
the

Reverse SSH

I have configured these setting on the router for reverse SSH
line 0/0/0 0/0/7
rotary 1
no exec
transport input ssh
and ip ssh port 2002 rotary 1
When I try to connect example 172.16.1.15 2002 via using SSH it connect to the router not the devices at the end of the serial cable.
Thanks

Follow these steps to configure reverse ssh for console access:
1. enable
2. configure terminal
3. line line-number [ending-line-number]
4. no exec
5. login authentication listname
6. transport input ssh
7. exit
8. exit
9. ssh -l userid:{number} {ip-address}
Following link may help you
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804831b6.html#wp1027188

Sm32-a in Cisco 3925 terminal server

Hi,
I have a SM-32A module installed in slot 1 in a Cisco 3925 router to act as a terminal server providing reverse telnet sessions to various other device console ports. My understanding is that the ports on the SM-32A are referenced as "slot/port" - in my case 1/0-31. The terminal server L0 address is 100.1.1.1 What I cannot determine is do I need to configure an ip host table with conventional port numbers to facilitate connections e.g.
ip host R 2000 100.1.1.1
ip host R1 2001 100.1.1.1
ip host R3 2003 100.1.1.1
ip host R31 2031 100.1.1.1
If so, are the port numbers 2000 to 2031 or is another convention used?
Many thanks.
Ed

Duplicate posts.
Go here: https://supportforums.cisco.com/discussion/12213596/sm32-cisco-3925-terminal-server

Reverse SSH ona terminal server

Similar Messages

Maybe you are looking for