Router 2911 - no repsonse from console port

Similar Messages

• CISCO 1721 :// No Echo/Response from CONSOLE Port

  I have a CISCO 1721 I found in my 'stuff' when I was moving and I want to use it as a home router.  Connecting to the CONSOLE port I get nothing echo'ed back.  I confirmed connection hardware (USB=>Serial/Roll-Over cable, etc) by consoling into my CISCO 1841 lab router.  
  Other things I've tried are:  
  1) Wireshark'ed CONSOLE port - nothing;
  2.) Wireshark'ed the AUX port - nothing;
  3.) Wireshark'ed the ETH port - looks like 'normal' data.
  I wanted to see if I could access the CONFIG from the AUX port by directly connecting my Laptop w/ a Roll-Over cable but not sure how to do that w/out a modem.  Any suggestions from anyone??
  Best regards....
  J. David FIG
  [email protected]

  J. David FIG
  The aux port is not restricted to use for modem. Depending on how the router is configured you might be able to start an exec session, get into privilege mode, and access the configuration of the router. I have been successful on similar routers connecting the console cable to the aux port and accessing the router.
  HTH
  Rick

• Is It possible connect two router**from console port to console port

  Hi,
  I need this for doing reverse telnet.
  Thanks very much

  No
  you can connect router 1's aux port to router 2's console port.
  line aux 0
  password blablabla
  login
  modem InOut
  transport input all
  find the aux port's line number which depends on the router model then telnet to a live ip on router 1 on that port.
  Worc_3640#sh line
  Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
  0 CTY - - - - - 0 0 0/0 -
  129 AUX 9600/9600 - inout - - - 0 0 0/0 -
  * 130 VTY - - - - - 75 0 0/0 -
  so say 10.1.1.100 2129 if 10.1.1.100 is on that box.
  should get you going..
  Chris

• Unable to access console port

  Hi,
  i was unable to access my cat6509 neither from console port or telnet access since someone by mistake has modified the setting in the switch &now it become inaccessible so is there any suggestion to workaround without losing my current configuration .
  by the way when i connect to the concole port through terminal window nothing can by display in the terminal(blank)

  Hi,
  have you access to the MSFC?
  I don't understand the problem, but this maybe could help you:
  http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a00804ceb07.shtml
  HTH
  Andrea

• Changing the 10g EM Control console port from 5560  to 1158?

  Hi
  I have 2 instances of 10g running on server
  for the first Server and EM Control port 1158
  and 2nd is 5560
  i want to run both the EM controls on 1158
  Is it possible?How
  i know we need to play with emom.properties but in sysman/admin
  i see these files
  emomslogging.properties.template
  emoms.properties.template
  emomslogging.properties
  emoms.properties.emca
  emomsintg.xml
  i dont which exactly is that file
  and what entry we have to make?
  Thanks
  Gagan

  See my reply in your other post:
  change the EM console port 5560 to 1158?

• OOB management with console port

  I would like to do the setup according to the doc - http://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a00800941c9.shtml
  The only disadvantage I see is from the following excerpt from the article -
  "Warning: Unprotected modems should not be connected to the console port. The console ports do not log users off when the carrier detect is lost, which can leave a security hole. To avoid this, use a secure modem, or connect via the AUX port. For more information on the advantages and disadvantages of connecting a modem to the Console port, refer to the Modem-Router Connection Guide."
  I know I could set an exec-timeout of 1 minute but that would still leave a small window of time for security breaches if the line drops.
  Could someone tell me a particular modem that has a password built into it to overcome this problem? What is the best security practice in this case?
  I have setup modems before on the aux port, but you cannot access the router after reload if it boots into ROMMON mode for some reason.
  Thanks,
  RJ

  Hi,
  As a workaround you can try using an old junk PC with 2 serial ports, install Linux on that PC, connect via terminal session using the modem attached to serial COM1 (modem in autoanswer mode just like you're doing now), login with username/password on the Linux machine and then use a terminal emulation software like Minicom to open serial port COM2 to get the IOS prompt from the router.
  Maybe this option is too much hassle for your application, but it won´t cost you a dime and is not really that difficult.
  Regards.

• No AAA authentication on Console port

  I would like to configure our routers to use our ACS server for authentication and enable authorization for all telnet access but not use the ACS when connected to the console port. I was able to get the router configured so that console username and password access was local. However, when I attempt to go into enable mode from the console port the router still goes after the ACS server for the enble password. How do I get around this?

  --begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --
  Thanks this does help. However, I'm still running into and issue. My ultimate goal is to have all users authenticate and get enable access through our ACS server based on there corporate NT domain username/pw. If the ACS server is unavailable go to the local data base. This is working fine for user telneting to the routers and also works for the console port (if the ACS server is unavailable).
  However, with the ACS server active, when I console in I authenticate based on the local database admin/cisco. But when I attempt to go into enable mode the router still goes after the ACS server for a password. I would like console port users to always use the local enable password.
  I'm just trying to protect myself from a possible misbehaved ACS server.
  aaa new-model
  aaa authentication login default group tacacs+ local
  aaa authentication login console local
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec console local
  enable secret 5 --moderator edit--
  username --moderator edit--privilege 15 password 0 --moderator edit--
  line con 0
  exec-timeout 300 0
  authorization exec console
  login authentication console
  line aux 0
  line vty 0 4
  password --moderator edit--

• Noise on console port

  I noticed a number of failed console port logins in our tacacs logs from a couple of remote routers. In both cases the usernames are gibberish - random characters in one case; access-list logs in the other.
  logging in to these 2 routers (both 870s)I can see a lot of noise on the console ports. Anyone know what could be causing this?
  router#sh line
  Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
  0 CTY - - - - - 0 46524396 374144/0 -
  1 AUX 0/0 - - - - - 0 0 0/0 -
  * 2 VTY - - - - 61 5 0 0/0 -
  3 VTY - - - - 61 0 0 0/0 -
  4 VTY - - - - 61 0 0 0/0 -
  5 VTY - - - - 61 0 0 0/0 -
  6 VTY - - - - 61 0 0 0/0 -
  sample log:
  01/24/2007 11:19:35 Authen failed | ACCESSLOGP: list 101 denied udp 192.175.48.6(53) -> 87.42.147.10(54724) 4 packets | async | Invalid characters in username | tty0 | 192.168.20.62

  well there shouldn't actually be anything plugged into the console, though I have no way of checking this.
  #sh line con 0
  Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
  0 CTY - - - - - 0 46983615 374144/0 -
  Line 0, Location: "", Type: ""
  Length: 24 lines, Width: 80 columns
  Baud rate (TX/RX) is 9600/9600, no parity, 1 stopbits, 8 databits
  Status: Ready
  Capabilities: none
  Modem state: Ready
  Special Chars: Escape Hold Stop Start Disconnect Activation
  ^^x none - - none
  Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch
  02:00:00 never none not set
  Idle Session Disconnect Warning
  never
  Login-sequence User Response
  00:00:30
  Autoselect Initial Wait
  not set
  Modem type is unknown.
  Session limit is not set.
  Time since activation: never
  Editing is enabled.
  History is enabled, history size is 20.
  DNS resolution in show commands is enabled
  Full user help is disabled
  Allowed input transports are none.
  Allowed output transports are telnet.
  Preferred transport is none.
  No output characters are padded
  No special data dispatching characters
  looks ok to me.

• Constant Failed Attempts from ASYNC ports

  Our ACS 4.2 Failed Attempts log is being filled by "noise" on the async (tty0/tty1) from both our routers and switches. We have modems attached to our routers primarily on the console ports, in addition we have the aux port of our router connected to the console port of our LAN switch so we can reverse telnet into the switch. Both router & switch are TACACs enabled. In the user-name field of the ACS log, we get "noise" such as "interface up and down", "Press RETURN to get started", which the authen-failure-code indicates invalid characters or "ACS user unknown" in username field. What would cause this?  I know misconfigured modems can cause echo issues but why a switch console port?

  Dan/Greg,
  This issue occurs when terminal server device (like c2509, c2511 or other) connect to it and which is sending junk to console or aux lines of the Router/Switch.
  What may happen wrong with Terminal Server config:
  = Incorrect speed for the line (which is connected to console of the router)
  = possibly "exec" is running on that line on Terminal Server, thus sending unexpected prompt to the router console/aux.
  When you want to allow only an outgoing connection on a line, use the *no**exec* command.The *no exec* command allows you to disable the EXEC process for connections which may attempt to send unsolicited data to the router.
  (For example, the control port of a rack of modems attached to an auxiliary port of router.) When certain types of data are sent to a line connection, an EXEC process can start, which makes the line unavailable.
  The user will still be able to access the console of the device and be authenticated as well.  This puts extra burden on ACS and you may see some latency with legitimate authentications.  
  Let me know if you have any question.
  Regards,
  ~JG
  Do rate helpful posts

• Conect two routers over console port

  Hi Guys ,
  How conect two routers or firewall over console port for manager ?
  Thanks
  Jorge

  Hi Jorge,
  I do not believe that you can connect to devices over console ports.
  I have in the past connected from an aux port on a router to a console port on a switch using one of the old RJ45-RJ45 rollover cables Cisco used to ship with DB9-RJ45 adapters before they starting shipping DB9-RJ45 console cables.
  You should be able to use the configuration in the document at the link below as a starting point.
  http://www.cisco.com/en/US/tech/tk801/tk36/technologies_configuration_example09186a008014f8e7.shtml
  This document is for a terminal server with 16 async ports. The config below should be ok for an aux port.
  ip host switch 2001 172.21.1.1
  interface Loopback1
  ip address 172.21.1.1 255.0.0.0
  line aux 0
  session-timeout 20
  no exec
  exec-timeout 0 0
  Please rate if helpful.

• Router keeps initiating session on aux port

  Hi all,
  I have a situation where I telnet to routerA. This router has, via its AUX port, a connection to routerB on the console-port.
  So I can normally do a reverse telnet from routerA to routerB. (via the lo0 on port 2001 on routerA)
  Problem is, routerA keeps trying to connect to routerB, thereby causing line 1 (for the AUX port) to be busy most of the time.
  Ergo, I'm having trouble connecting to routerB (If I try a couple of times, I usually succeed after a while)
  I can also confirm the login attempts when I do "monitor traffic line 1" (line 1 being the aux-port), and also in the ACS I see a lot of Failed login attempts from routerA with caller-id async
  I don't understand why routerA is tryiing to login to routerB, nor how to stop it while leaving my access intact ofcourse
  routerA
  interface loopback0
  ip address x.x.x.x x.x.x.x
  line aux 0
  session time-out 5
  modem inout
  transport preffered none
  transport input all
  transport output all
  routerB
  line con 0
  logging synchronous
  login local
  Any suggestions would be welcome....

  Hi Richard,
  this has solved it indeed, thanks a lot! Though it's unclear why the routerA was setting up sessions in the first place, at least its not doing so anymore.
  regards

• Route decisions based on destination TCP port with EIGRP

  Need information and plausibility on making routing decisions within EIGRP based on different destination TCP port.  I have a third party partner that we communicate too and they are adding a second location which we will connect too.  They are wanting to use the same destination host IP but make route decision based on destination TCP port; i.e. if we target tcp 6123 they want us to route down link A to site A, if we target tcp 7123 we would route down link B to site B.  I have never had to make that happen so I am looking into whether it actually can and if so what is basic configuration to pursue.  We use static IP routes to/from them today and will in the future at the edge, those are distributed internally to our EIGRP.  Can EIGRP make decisions based on IP and Port?

  No routing protocol makes decisions based on port number as far as I know.
  You need to look into PBR (Policy Based Routing) for this where you can use acls to define the route that traffic takes.
  Depending on your connections you may well need to use tracking as well but it depends.
  If the only reason to use EIGRP is for these connections you probably don't need it as with PBR you are overriding the routing table anyway but you may want to run it for other connectivity.
  If you do a search on PBR you should find quite a few examples but if you get stuck then by all means come back.

• Listener actually up as seen from backend but from console gets error

  Hi
  My SCAN listener is shown running from backend but is shown down from console.
  response for listener shows below error.
  Any suggestions/hints
  Thanks
  LSNRCTL for Linux: Version 11.2.0.2.0 - Production on 06-JUNE-2011 11:44:54 Copyright (c) 1991, 2010, Oracle. All rights reserved. Welcome to LSNRCTL, type "help" for information. LSNRCTL> Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN1))) TNS-12541: TNS:no listener TNS-12560: TNS:protocol adapter error TNS-00511: No listener Linux Error: 2: No such file or directory LSNRCTL>

  Thank you for your help.
  I am using a RAC database and this is the status
  srvctl status scan_listenerSCAN Listener LISTENER_SCAN1 is enabled
  SCAN listener LISTENER_SCAN1 is running on node oradb123
  SCAN Listener LISTENER_SCAN2 is enabled
  SCAN listener LISTENER_SCAN2 is running on node oradb124
  SCAN Listener LISTENER_SCAN3 is enabled
  SCAN listener LISTENER_SCAN3 is running on node oradb124
  srvctl config scan_listenerSCAN Listener LISTENER_SCAN1 exists. Port: TCP:1730
  SCAN Listener LISTENER_SCAN2 exists. Port: TCP:1730
  SCAN Listener LISTENER_SCAN3 exists. Port: TCP:1730
  [ oradb469:/home/oracle ]
  srvctl config scanSCAN name: oemcrsp-xyz.net, Network:
  1/10.180.5.0/255.255.255.0/eth0
  SCAN VIP name: scan1, IP: /oemcrsp-xyz.net/10.180.5.186
  SCAN VIP name: scan2, IP: /oemcrsp-xyz.net/10.180.5.187
  SCAN VIP name: scan3, IP: /oemcrsp-xyz.net/10.180.5.185

• Ultra 60 console port gives OK Illegal Instruction

  I've got an Ultra 60 whose video no longer displays. The ethernet port had died a couple of weeks previously. I had been trying to swap in a couple of base 100 ethernet pci cards into, to see if they were recognized. I had installed one last week, but didn't have time to bring up the machine until this week. I discovered the video no longer displays but the monitor gets a signal as it refreshes during reboot. Tried a couple of monitors and 3 cables, no luck, everything works the same, just no video.
  Found a thread about an Ultra 10 with a similiar problem and they discussed going through the console port (serial port A). I tried hooking up a null modem cable to my thinkpad, installed TeraTerm, but when I try to connect (9600, 8, N, 1), I do get an OK prompt. When I try to press any key though, I get "Illegal Instruction".
  I've gone through the reference guide, service guide, and searched the forums, but I can't find anyone else that's had this problem. Would anyone have any ideas or suggestions?
  thanks,
  kevin

  Power cycle the box and watch if it comes back to the ok prompt (or boots).
  If you still get illegal instruction power off and remove any PCI cards and try again. could be a device corrupting the NVRAM.
  Also a setenv defaults (from ok prompt) might clear a corrupted NVRAM. this however will clearout any custom boot settings.
  If you can try to do a
  ok> printenv
  and capture the settings first.

• CATALYST 2820, console port config for modem

  Hi,
  I’m a 2nd semester CCNA student, and I purchased a old CATALYST 2820 switch for training purposes. I do not know the password and the console port has been configured for a modem. I thought that it would be easy to reset the password—but cannot find any way to do it with the 2820, and the console port configured for a modem.
  Does anyone know what the default factory password is? If the password has been changed (from the factory default), how can I reset the system?
  Thanks!

  I appreciate your help!
  I did look at that link several times—my 2820 has a mfg. date of Sept 97. I held in the Mode button, but the LED above port 1x does not come on (held it in for over a minute). I never see any info. using the console port.
  I did try attaching a modem to the console port—it works—I get a login prompt. I don’t know if it is the factory default password. I know that the rollover cable is working—tried a 827-4v.
  Am I doing something wrong???
  Thanks, David