Options
Need help to log directly into routers connected to access-server& not intoaccesssrvr
Hi All,
I wish into loginto the routers connected to acces router on my CCIE rack remotely. I dont want to allow one line port of every router on my FIOS router to connect directly to each of them. in stead I want to allow one ssh connectionon the FIOS router and use autocommand feature on accessserver to telnet into the rescpective router.
The problem im facing is when I ssh2 using credentials say for router 1, r1/cisco for the public ip, i log into accessserver not into the router r1. How can i skip logging into the access-server and login directly into the router on a given tab on securecrt. I dont want to login to accesserver on every tab of securecrt again to loginto the router that I want to. Please help.
Here is my config:
Current configuration : 3801 bytes
!
! Last configuration change at 18:33:51 UTC Wed May 18 2016 by r1
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ACCESSSERVER2851
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$JGW3$pukojo7HEBDO9IlDi.oP0.
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
ip domain name praveen.com
ip host R21 2087 10.10.10.10
ip host R1 2066 10.10.10.10
ip host R2 2067 10.10.10.10
ip host R3 2068 10.10.10.10
ip host R4 2069 10.10.10.10
ip host R5 2070 10.10.10.10
ip host R6 2071 10.10.10.10
ip host R7 2072 10.10.10.10
ip host R8 2073 10.10.10.10
ip host R16 2082 10.10.10.10
ip host R17 2083 10.10.10.10
ip host R18 2084 10.10.10.10
ip host R19 2085 10.10.10.10
ip host R20 2086 10.10.10.10
ip host R22 2088 10.10.10.10
ip host R23 2089 10.10.10.10
ip host R9 2074 10.10.10.10
ip host R10 2075 10.10.10.10
ip host Breakoutswitch 2076 10.10.10.10
no ipv6 cef
!
multilink bundle-name authenticated
username r1 password 0 cisco
username r1 autocommand telnet 10.10.10.10 2066
username r2 password 0 cisco
username r2 autocommand telnet 10.10.10.10 2067
!
redundancy
ip ssh port 8083 rotary 1
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
interface GigabitEthernet0/0
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
alias exec r2 telnet 10.10.10.10 2067
alias exec r1 telnet 10.10.10.10 2066
!
line con 0
logging synchronous
line aux 0
no exec
transport input all
transport output none
speed 2400
line 1/0 1/31
session-timeout 40
exec-timeout 0 0
login local
no exec
transport preferred none
transport input telnet ssh
transport output all
stopbits 1
line vty 0 4
login local
rotary 1
transport input telnet ssh
!
scheduler allocate 20000 1000
end
I wish into loginto the routers connected to acces router on my CCIE rack remotely. I dont want to allow one line port of every router on my FIOS router to connect directly to each of them. in stead I want to allow one ssh connectionon the FIOS router and use autocommand feature on accessserver to telnet into the rescpective router.
The problem im facing is when I ssh2 using credentials say for router 1, r1/cisco for the public ip, i log into accessserver not into the router r1. How can i skip logging into the access-server and login directly into the router on a given tab on securecrt. I dont want to login to accesserver on every tab of securecrt again to loginto the router that I want to. Please help.
Here is my config:
Current configuration : 3801 bytes
!
! Last configuration change at 18:33:51 UTC Wed May 18 2016 by r1
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ACCESSSERVER2851
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$JGW3$pukojo7HEBDO9IlDi.oP0.
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
ip domain name praveen.com
ip host R21 2087 10.10.10.10
ip host R1 2066 10.10.10.10
ip host R2 2067 10.10.10.10
ip host R3 2068 10.10.10.10
ip host R4 2069 10.10.10.10
ip host R5 2070 10.10.10.10
ip host R6 2071 10.10.10.10
ip host R7 2072 10.10.10.10
ip host R8 2073 10.10.10.10
ip host R16 2082 10.10.10.10
ip host R17 2083 10.10.10.10
ip host R18 2084 10.10.10.10
ip host R19 2085 10.10.10.10
ip host R20 2086 10.10.10.10
ip host R22 2088 10.10.10.10
ip host R23 2089 10.10.10.10
ip host R9 2074 10.10.10.10
ip host R10 2075 10.10.10.10
ip host Breakoutswitch 2076 10.10.10.10
no ipv6 cef
!
multilink bundle-name authenticated
username r1 password 0 cisco
username r1 autocommand telnet 10.10.10.10 2066
username r2 password 0 cisco
username r2 autocommand telnet 10.10.10.10 2067
!
redundancy
ip ssh port 8083 rotary 1
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
interface GigabitEthernet0/0
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
alias exec r2 telnet 10.10.10.10 2067
alias exec r1 telnet 10.10.10.10 2066
!
line con 0
logging synchronous
line aux 0
no exec
transport input all
transport output none
speed 2400
line 1/0 1/31
session-timeout 40
exec-timeout 0 0
login local
no exec
transport preferred none
transport input telnet ssh
transport output all
stopbits 1
line vty 0 4
login local
rotary 1
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Comments
-
Options
clarson
Member Posts: 903 ■■■■□□□□□□
not sure what your doing. But, you ssh/telnet to the ip address of your access server using the port of the router you want to connect. -
Options
balireddi
Registered Users Posts: 3 ■□□□□□□□□□
I have access to routers on my rack using the following rules on my FIOS router. Is this a safe way or is there a better way soemone can suggest. i tried autocommand telnet with username for the routers on access server but didnt work.Ideally, i want o create just one port forwarding rule to the access server and access all routers from the access server using something similar to username R1 autoccommand telnet 1.2.3.4 2222. this isnt working for me.
ACCESSSERVER2851
192.168.1.154
Destination Ports 22
TCP Any -> 22
Active
ACCESSSERVER2851
192.168.1.154
Destination Ports 2066
TCP Any -> 2066
Active
ACCESSSERVER2851
192.168.1.154
Destination Ports 2067
TCP Any -> 2067
Active