Using Telnet for Virtual Terminal Access
Objective:
- Verify device configuration and network connectivity using ping, traceroute, telnet, SSH or other utilities
Telnet is widely used as an in-band management protocol today for remotely administering Cisco devices. As long as you have IP connectivity to the Cisco device and have configured a password on the vty lines, you can remotely administer your Cisco switches and routers.
However, it is possible to limit the devices that can Telnet into your devices based upon their IP addresses, which is discussed later in Chapter 19, “Using Cisco Access Lists.” In User EXEC and Privilege EXEC of the IOS, it is possible to Telnet from your Cisco device to another device. By typing telnet followed by the IP address that you are trying to reach, you initiate a Telnet session from your local router or switch. In all actuality, you do not even need to use the telnet keyword. If you just type an IP address or a hostname (assuming name resolution), the IOS automatically assumes you are attempting to Telnet to that host. For example, if you Telnet from the 28111 router to the remote 1801, the output would look
similar to the following:
CCNA2811>telnet 192.168.100.5 Trying 192.168.100.5 ... Open User Access Verification Password: Engineering1801>
At this point, you can configure the Engineering1801 router as if you were directly consoled into it. However, there may be a time where you need to jump back to your original router to incorporate additional configurations, verify connectivity, or Telnet into other devices. While connected to the remote device, you can suspend your Telnet session temporarily and return to the origin of the Telnet session (CCNA2811 in our example). The useful, but strangely awkward keystroke to suspend a Telnet session in Ctrl+Shift+6 followed by hitting the x key. Keep in mind that this only suspends the Telnet session; the session is still connected and running in a background process.
EXAM ALERT
Know that the keystroke combination Ctrl+Shift+6, x suspends a Telnet session. As shown in Figure 8.3, you can verify the Telnet sessions that have originated from the local device by using the show sessions command. This example initiates and suspends two separate Telnet sessions from the CCNA2811 router.
Notice that each session connection is numbered and there is an asterisk next to connection 2. This is the last Telnet session that was suspended and it is the session that will be resumed if you hit the Enter key without typing a command. You can also choose which Telnet session to resume by typing resume, followed by the connection number.
Ctrl+Shift+6, x suspends the Telnet session, but how do you actually close the Telnet session when you are finished? The answer is twofold. You can close a Telnet session from the originating local device by typing the keyword disconnect followed by the connection number. From the device into which you are Telnetted, you can also type exit or logout from User EXEC or Privileged EXEC.
EXAM ALERT
Be familiar with the multiple ways you can resume and disconnect a Telnet session.
Terminal Monitor
By default, your Cisco devices send their notification messages such as debug outputs, interface alerts, and system error messages to the console port. This means that you cannot send these notifications over a Telnet session to another device by default.
To have these messages copied to the vty lines, you need to use the terminal monitor command in Privileged EXEC mode of the device to which you are telnetted. For instance, in the configuration shown, Router A Telnets into Router B and enters Privileged EXEC mode to type the terminal monitor command. debug outputs, notifications, and errors messages are then sent over the vty lines to be viewed by the remote terminal.
RouterA>telnet 10.1.1.1 Trying 10.1.1.1 ... Open User Access Verification Password: RouterB>enable Password: Router#terminal monitor
EXAM ALERT
The terminal monitor command copies debug outputs and error messages to the vty terminal lines.
STEP BY STEP
8.2 Telnet Practice
- Telnet into your neighbor router by typing telnet, followed by the IP address.
- Suspend that Telnet session by using the Ctrl+Shift+6, x keystroke.
- Verify that suspended Telnet session by typing show sessions.
- Disconnect the Telnet session by typing disconnect, followed by the connection number (should be 1).
IOS DHCP
Objectives:
- Configure, verify and troubleshoot DHCP and DNS operation on a router (including: CLI/SDM)
- Implement static and dynamic addressing services for hosts in a LAN environment
One of Cisco’s many goals is to make their routers more versatile than simply just routing packets. Case in point, Cisco has incorporated security, switching, wireless, and/or voice in their line of Integrated Service Routers to provide multi-functionality out of a single device. In that same vein, the Cisco IOS has some convenient features that can provide services to small-to-medium size businesses minimizing the reliance on other devices and servers. One of those services that the Cisco router can provide is to act as DHCP server for a LAN to assign DHCP-enabled devices an IP address, address of the default gateway, domain name, and the DNS server address.
To start the configuration for this service, you have to configure your ethernet interface and make sure that it is up, administratively enabled, and assigned an IP address as described in this chapter. This makes logical sense since this is the interface that is connected to the DHCPenabled clients. The next step is to logically define the DHCP address pool using the ip dhcp pool poolname command. Once you enter this command, the router prompt will indicate that
you have entered a DHCP sub-configuration mode that looks like the following:
CCNA2811(config)#ip dhcp pool examprep CCNA2811(dhcp-config)#
Once in dhcp-config, you can specify the parameters that will be passed to the requesting clients. For instance, to define the IP network scope that the router will use when leasing IPs, you use the network command followed by the subnet (not single IP) and the subnet mask in decimal form:
CCNA2811(dhcp-config)#network 172.16.0.0 255.255.0.0 ou can also use CIDR notation for the subnet mask as demonstrated here: CCNA2811(dhcp-config)#network 172.16.0.0 /16
Now, when devices with DCHP enabled come online and send a DHCP request for an IP, the Cisco router will receive that information and respond with an IP from the 172.16.0.0 network. In addition it can also be configured to assign the default gateway (which is probably the router), the address of the DNS server, the domain name of the LAN, and specify the length of time the IP is leased by the client. The configurations for these parameters are as follows:
CCNA2811(dhcp-config)#default-router 172.16.100.1 CCNA2811(dhcp-config)#dns-server 172.16.100.50 CCNA2811(dhcp-config)#domain-name examprep.com CCNA2811(dhcp-config)#lease 7 2 45 CCNA2811(dhcp-config)#exit
Given the preceding configuration, DHCP-enabled clients will be assigned to the examprep.com domain and have a default gateway of 172.16.100.1, use 172.16.100.50 as a DNS server to resolve domain names to IP, and DHCP lease of this information will last for 7 days, 2 hours, and 45 minutes.
Since we already statically assigned the IP address of 172.16.100.1 to our default gateway and 172.16.100.50 to our DNS server, we want to make sure the router does not assign these IP addresses to device or else it would cause an IP conflict in our network. To exclude an IP address or an IP address range, use the ip dhcp excluded-address ip-address in Global Configuration for a single IP or define a range of IPs using the same command but defining a start IP an end IP. In our example, we want to exclude the IP’s 172.16.100.1 and 172.16.100.50, so our configuration would look like:
CCNA2811(config)#ip dhcp excluded-address 172.16.100.1 CCNA2811(config)#ip dhcp excluded-address 172.16.100.50 If we used that 172.16.100.x range for other statically assigned devices, we could simply just exclude all IP addresses from 172.16.100.1 through 172.16.100.254 like this: CCNA2811(config)#ip dhcp excluded-address 172.16.100.1 172.16.100.254 To verify what devices are assigned IP’s from our router’s address scope, use the show ip dhcp binding command: CCNA2811#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type Hardware address/ User name 172.16.100.2 01e0.041f.a632.a2 Dec 27 2007 11:59 PM Automatic
DHCP Can Cause Router Amnesia When I say router amnesia, I am referring to the loss of memory that can occur when you enable DHCP, especially in larger networks. Since this service requires maintaining all the IP leases it administers, it is possible to consume all of your router’s memory resources if your net work is too large and you have a lengthy lease time. In other words, use this service sparingly if your network fits the small-to-medium sized mold. In addition, if you have not done so already, upgrade the router’s memory to whatever level or whatever budget you can afford to help unburden some of the infor
mation it will need to retain when DHCP is enabled. Some of you may be reading this DHCP functionality and realize that you do not need it because you already have a configured and fully functional DHCP server. The Cisco IOS also gives you the option to configure your router’s interfaces to be a DHCP client as well; allowing you to use your existing DHCP server and have it assign an IP address to your interface.
The command to do this is similar to statically assigning an IP address to your interface, except you specify the keyword dhcp instead of an actual IP address:
CCNA2811(config)# interface FastEthernet 0/0 CCNA2811(config-if)# ip address dhcp
The address that is assigned to the router’s interface cannot be seen by using the show running-config command since it is a temporary address. Instead, you can verify it by using the show dhcp lease command:
CCNA2811#show dhcp lease Temp IP addr: 172.16.100.2 for peer on Interface: FastEthernet0 Temp sub net mask: 255.255.0.0 DHCP Lease server: 172.16.1.1, state: 3 Bound DHCP transaction id: 1967 Lease: 16000 secs, Renewal: 3000 secs, Rebind: 16000 secs Temp default-gateway addr: 172.16.1.1 Next timer fires after: 00:00:32 Retry count: 0 Client-ID: cisco-0019.e86a.6fc0-Vl1 Hostname: CCNA2811