Accessing Remote Devices
During routine maintenance, it is often desirable to access a device from another device. Cisco IOS Software provides a set of tools for this purpose. The following sections describe methods that you can use to access remote devices.
Establishing a Telnet or SSH Connection
Telnet or Secure Shell (SSH) applications are useful for connecting to remote devices. One way to obtain information about a remote network device is to connect to it using either the Telnet or SSH applications. Telnet and SSH are virtual terminal protocols that are part of the TCP/IP suite. The protocols allow connections and remote console sessions from one network device to one or more other remote devices. Figure 4-50 shows how to telnet to another device. Telnet on Cisco routers varies slightly from Telnet on most Cisco Catalyst switches.
To log on to a host that supports Telnet, use the telnet EXEC command:
RouterA# telnet host
Figure 4-50 Telneting to Another Device
To start an encrypted session with a remote networking device, use the ssh user EXEC command:
RouterA# ssh ip address
With Cisco IOS Software installed on a router, the IP address or host name of the target device is all that is required to establish a Telnet connection. The telnet command placed before the target IP address or host name is used to open a Telnet connection from a Catalyst switch.
For both routers and switches, a prompt for console login signifies a successful Telnet connection, if login is enabled on the vty ports on the remote device. When you are logged in to the remote device, the console prompt indicates which device is active on the console. The console prompt uses the host name of the device.
Use the show sessions command on the originating router or switch to verify Telnet connectivity and to display a list of hosts to which a connection has been established. This command displays the host name, IP address, byte count, amount of time the device has been idle, and connection name assigned to the session. If multiple sessions are in progress, the asterisk (*) indicates which was the last session and to which session the user will return to if the Enter key is pressed.
In Figure 4-51, using the show sessions command on Router A, the output shows that Router A has a suspended Telnet session with Router B. Then use the show users command on Router B to determine the last active session. The output shows that the user who was connected to the console port had the last active session.
Use the show users command to learn whether the console port is active and to list all active Telnet sessions with the IP address or IP alias of the originating host on the local device. In the show users output, the “con” line represents the local console and the “vty” line represents a remote connection. The “11” next to the vty value in Figure 4-51 indicates the vty line number, not its port number. If there are multiple users, the asterisk (*) denotes the current terminal session user.
Figure 4-51 show sessions Command
To display the status of SSH server connections, use the show ssh command in privileged EXEC mode, as shown in Example 4-18.
Example 4-18 show ssh Command
RouterB# show ssh
Connection Version Encryption State Username
0 1.5 3DES Session Started guest
Suspending and Resuming a Telnet Session
After connecting to a remote device, you might want to access a local device without terminating the Telnet session. Telnet allows temporary suspension and resumption of a remote session.
Figure 4-52 shows a Telnet session from Router A to Router B. The key sequence shown is entered to suspend the session. The output indicates that the Telnet session has been suspended.
Figure 4-52 Suspending a Telnet Session
To suspend a Telnet session and escape from the remote target system back to a local switch or router, use the command Ctrl-Shift-6 or Ctrl-^ (depending on your keyboard); then follow either command by the character x.
The methods to reestablish a suspended Telnet session are as follows:
- Press the Enter key.
- Enter the resume command if there is only one session. (Entering resume without session number will resume the last active session.)
- Enter the resume session number command to reconnect to a specific Telnet session. (Enter the show sessions command to find the session number.)
Closing a Telnet Session
You can end a Telnet session on a Cisco device by using the exit, logout, disconnect, or clear command. Figure 4-53 illustrates closing a Telnet connection.
Figure 4-53 Closing a Telnet Connection
You can close a Telnet session on a Cisco network device by using one of the following methods:
- From a remote device, by using the exit or logout command to log out from the console
session and return the session to the local device
- From the local device, by using the disconnect command (when there are multiple sessions) or the disconnect session session number command to disconnect a single session
If a Telnet session from a remote user is causing bandwidth or other types of problems, you should close the session. Alternatively, network staff can terminate the session from their console. To close a Telnet session from a foreign host, use the clear line line number command. The line number corresponds to the vty port of the incoming Telnet session. The show sessions command determines the line number. At the other end of the connection, the user will get a notice that the connection was “closed by a foreign host.”
Alternate Connectivity Tests
The ping and traceroute commands provide information about connectivity with and the path to remote devices. This topic describes the use of the ping and traceroute commands. You can verify connectivity to local and remote networks by using ping and traceroute. Example 4-19 shows how these commands are used, along with some typical output.
Example 4-19 ping and traceroute Commands
RouterA# ping 1 0. 1 . 1 . 1 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
RouterA# trace 1 92. 1 68. 1 01 . 1 01
Type escape sequence to abort.
Tracing the route to 192.168.101.101
1 p1r1 (192.168.1.49) 20 msec 16 msec 16 msec
2 p1r2 (192.168.1.18) 48 msec * 44 msec
Detailed information about how these tools operate are as follows:
- The ping command verifies network connectivity. Ping tells the minimum, average, and maximum times it takes for ping packets to find the specified system and return. This can validate the reliability of the path to a specified system.
Table 4-13 lists possible output characters from the ping command output.
- The traceroute command shows the routes that the packets take between network devices. A device, such as a router or switch, sends out a sequence of User Datagram Protocol (UDP) datagrams to an invalid port address at the remote host. Three datagrams are sent, each with a Time to Live (TTL) field value set to 1. The TTL value of 1 causes the datagram to time out as soon as it hits the first router in the path. The router then responds with an Internet Control Message Protocol (ICMP) Time Exceeded Message (TEM), indicating that the datagram has expired.
- Another three UDP messages are then sent, each with the TTL value set to 2, which causes the second router to return ICMP TEMs. This process continues until the packets reach the other destination. Because these datagrams are trying to access an invalid port at the destination host, ICMP Port Unreachable messages are received, indicating an unreachable port and signaling the traceroute program that it is finished. The purpose is to record the source of each ICMP TEM, to provide a trace of the path that the packet took to reach the destination.
Table 4-14 lists the characters that can appear in the traceroute command output.
NOTE If IP domain name lookup is enabled, the router will attempt to reconcile each IP address to a name, which can cause the traceroute command to slow down.