Connecting to Routers Remotely

Diesel423 · December 2007

Quick Question.
At the insistence of the good lady indoors my Lab equipment is kept downstairs in the basement. I use a warmer room upstairs to study.
I have 2 seperate lab configurations set up downstairs. Without using the worlds 2 longest console cables, what is the easiest way to be able to configure them both from upstairs? Trawling other posts I have seen mention of using an access router, am I on the right lines here?
Thank you.

dtlokee · December 2007

Diesel423 wrote:

I use a warmer room upstairs to study.

This just indicates that you lab isn't lage enough yet to heat the basement, I suggest upgrading

You will need some sort of access server, typically people use the 2509 or 2511 for this but there are others out there you can use. The 2509 can have up to 8 devices and the 2511 can have up to 16 devices connected to it.

Diesel423 · December 2007

Thanks.

On the cable coming from the access router (octal) do the RJ45 ends attach to the console ports of the routers as normal therefore allowing password recovery etc or do they have to be connected to an ethernet interface?
Thanks again.

beezee · December 2007

I think he's talking about trying to telnet to his lab from the internet while he's upstairs with his lab in the basement.

I know it can be done but I haven't gotten to that point yet but its on my my list of things to do.

beezee · December 2007

Diesel423 wrote:

Thanks.

On the cable coming from the access router (octal) do the RJ45 ends attach to the console ports of the routers as normal therefore allowing password recovery etc or do they have to be connected to an ethernet interface?
Thanks again.

You are correct. Each RJ-45 cable will go the the console port on each router/switch you have.

LOkrasa · December 2007

Diesel423 wrote:

Thanks.

On the cable coming from the access router (octal) do the RJ45 ends attach to the console ports of the routers as normal therefore allowing password recovery etc or do they have to be connected to an ethernet interface?
Thanks again.

Attach to the console port on each router.

LOkrasa · December 2007

dtlokee wrote:

Diesel423 wrote:

I use a warmer room upstairs to study.

This just indicates that you lab isn't lage enough yet to heat the basement, I suggest upgrading

Aint that the truth... I wish I had a seperate room for my lab. I cant stand sitting next to it even in the winter bc it gets sooo hot.

freetech · December 2007

If I understand the question, let me tell you what I did, which worked quite nicely.
First set up the 2509 or 2511 access router.
Once that is done and working, get an old computer (I used an old PII 200 IBM Thinkpad 770) and use it as a "console server".
Hook up the old computer to the 2509 or 2511 via the console cable and verify that it works. Remember to give the old computer a static address. Then just connect remotely to the old computer via Windows built-in Remote Desktop Connection. You can use the Remote Desktop wirelessly too.
It ain't fancy or expensive, but it worked great.
Let me know if you have questions.

Diesel423 · December 2007

Thanks beezee, yes what I was thinking was maybe being able to connect from the P.C upstairs by means of telnet or similar to an access router downstairs to control the labs.
Luckily when I moved in the place already had RJ45 sockets in each room connected to a central hub. Im assuming that I should be able to just connect the access router in to the basement wall jack and telnet to it from the P.C upstairs

:

Diesel423 · December 2007

freetech wrote:

If I understand the question, let me tell you what I did, which worked quite nicely.
First set up the 2509 or 2511 access router.
Once that is done and working, get an old computer (I used an old PII 200 IBM Thinkpad 770) and use it as a "console server".
Hook up the old computer to the 2509 or 2511 via the console cable and verify that it works. Remember to give the old computer a static address. Then just connect remotely to the old computer via Windows built-in Remote Desktop Connection. You can use the Remote Desktop wirelessly too.
It ain't fancy or expensive, but it worked great.
Let me know if you have questions.

Brilliant, got an old P.C that was about to be junked think i'll give that a go.

Thanks for everyones help.

beezee · December 2007

I'm sure there is a better way to do it and learn in the process. Talk to "itdaddy", He can access his entire home network from anywhere in the world.

freetech · December 2007

Again, let me know if you have questions.
The most difficult part for me was getting the 2509 working as an access server. I have some good instructions if you need them.
The old computer should have XP Pro or Win2k Pro. I'm not sure, but I don't think XP Home will work. If you use Win2k Pro, you'll need to download the Remote Desktop Connection software for Windows2000 Pro from Microsoft.

beezee · December 2007

freetech wrote:

If I understand the question, let me tell you what I did, which worked quite nicely.
First set up the 2509 or 2511 access router.
Once that is done and working, get an old computer (I used an old PII 200 IBM Thinkpad 770) and use it as a "console server".
Hook up the old computer to the 2509 or 2511 via the console cable and verify that it works. Remember to give the old computer a static address. Then just connect remotely to the old computer via Windows built-in Remote Desktop Connection. You can use the Remote Desktop wirelessly too.
It ain't fancy or expensive, but it worked great.
Let me know if you have questions.

That IS brilliant too. Never would have thought of doing that.

mikej412 · December 2007

Diesel423 wrote:

Im assuming that I should be able to just connect the access router in to the basement wall jack and telnet to it from the P.C upstairs :

Yep, that's the most common way.

Once you have your access server configured and working when you telnet into it, you can then also make telnet shortcuts to each of your routers on your study pc pointing to the access server IP plus the port the line is configured on -- that gives you individual telnet windows to each of the remote routers console ports through the access server.

The easiest way to remote access a home lab is to configure and use a VPN -- then it's just like when you're studying upstairs, even if you're halfway around the world.

A PC in the basement directly attached to the access router's console port is your "backup" if you have a problem with your access server.

JohnDouglas · December 2007

Anyone got a dunce's guide to setting up access servers?

Just got my first bit of real kit to get some real experience. I have have a console connection to R1 then an octal cable from the asyn to the console of R2.

I've wiped teh config on both routers so i'm starting from scratch.

If there's a good article somewhere please let me know. I shall head off to continue my google searches now. Wish i had this stuff when i was studying ccna rather than virtual routers. I mean i spent 20 minutes wondering why the hyperterminal wouldn't work then realised the dongle needed a driver. doh!

dtlokee · December 2007

You will need to do a bit of configuration on the lines, then you can telnet to them using reverse telnet.

Depending on the model the line numbers will vary but for a 2509 it ill be:

line 1 8
no exec

that's about it. I would also add some IP host statements using a bogus IP assigned to a loopback address

interface loop 0
ip address 1.1.1.1 255.255.255.255
no shut
!
ip host R1 2001 1.1.1.1
ip host R2 2002 1.1.1.1

As you can see the way to access the router is using the reverse telnet line numbers (2000 + the line number) you can also do this from your computer with telnet (or whatever terminal programe you prefer)

Telnet 192.168.1.1 2001

Just use whatever IP you assigned to the ethernet inteface of the router (access server). Also if you want to connect to the devices from the outside world you will need a defaule route on the access server and configure port forwarding on your Internet router.

freetech · December 2007

I feel your pain.
Here is the link that I found most helpful in setting up the console server:

http://mail.cynico.net/~hucke/network/notes-2511.html

Some people call it a "console server". If you search Google or any search engine, "console server and Cisco 2509, 2511" will typicaly get you the best results.

Let me know if I can help further.

mikej412 · December 2007

Check out Wildfire's post in this thread for a sample configuration. It includes access from a menu, which is handy when you are first starting out.

Once you get the hang of the access server, then you'd probably just use the CLI (and open all your routers in a logical sequence so R1 is on line 1, R2 is on line 2, etc.) or use individual telnet sessions through the access server to the console ports of each router and switch (like they do in the CCIE Lab).

JohnDouglas · December 2007

Excellent. Thanks for the responses guys. Time to sleep now but I'll be up to crack it first thing in the morning.

JohnDouglas · December 2007

dtlokee wrote:

You will need to do a bit of configuration on the lines, then you can telnet to them using reverse telnet.

Depending on the model the line numbers will vary but for a 2509 it ill be:

line 1 8
no exec

that's about it. I would also add some IP host statements using a bogus IP assigned to a loopback address

interface loop 0
ip address 1.1.1.1 255.255.255.255
no shut
!
ip host R1 2001 1.1.1.1
ip host R2 2002 1.1.1.1

As you can see the way to access the router is using the reverse telnet line numbers (2000 + the line number) you can also do this from your computer with telnet (or whatever terminal programe you prefer)

Telnet 192.168.1.1 2001

Just use whatever IP you assigned to the ethernet inteface of the router (access server). Also if you want to connect to the devices from the outside world you will need a defaule route on the access server and configure port forwarding on your Internet router.

Hmm, i've had a go but still the connection is refused by R1

host#telnet 1.1.1.1 2001
Trying 1.1.1.1, 2001 ...
% Connection refused by remote host

i'm probably missing something very obvious. will get back to it after a coffee.

JohnDouglas · December 2007

EDIT - got it to work!

Still not working. If anyone can tell me where my dumb mistake is please let me know.

Here's running config of the console server:

ConsoleServer#show run                      
Building configuration                     

Current configuration:                      
! 
version 12.0            
service timestamps debug uptime                               
service timestamps log uptime                             
no service password-encryption                              
! 
hostname ConsoleServer                      
! 
! 
ip subnet-zero              
ip host R2 2002 1.1.1.1                       
ip host R1 2001 192.168.10.10                             
! 
! 
interface Loopback0                   
 ip address 192.168.10.10 255.255.255.0                                       
 no ip directed-broadcast                         
! 
interface Ethernet0                   
 no ip address              
 no ip directed-broadcast                         
 shutdown         
! 
interface Serial0                 
 no ip address              
 no ip directed-broadcast                         
 no ip mroute-cache                   
 shutdown         
!
interface Serial1
 no ip address
 no ip directed-broadcast
 shutdown
!
ip classless
!
!
!
line con 0
 transport input none
line 1 8
 no exec
 international
 transport input all
line 9 16
 transport input all
line aux 0
line vty 0 4
!
end

Here's the running config of R1

R1#show run           
Building configuration...                         

Current configuration:                      
! 
version 12.0            
service timestamps debug uptime                               
service timestamps log uptime                             
no service password-encryption                              
! 
hostname R1           
! 
! 
ip subnet-zero              
! 
! 
interface Ethernet0                   
 no ip address              
 no ip directed-broadcast                         
 shutdown         
! 
interface Serial0                 
 no ip address              
 no ip directed-broadcast                         
 no ip mroute-cache                   
 shutdown
!
interface Serial1
 no ip address
 no ip directed-broadcast
 shutdown
!
ip classless
!
!
!
line con 0
 transport input none
line 1 8
 no exec
 transport input all
line 9 16
line aux 0
line vty 0 4
 login
!
end

Here's the output i get when i try to telnet from the console server to R1:

ConsoleServer#R1
Trying R1 (192.168.10.10, 2001)... Open

R1#

just noticed it actually bloody works! wooohooo. wtf does it suddenly work when i give up and post my woe on here! magic forum. oh, one significant problem i found earlier (not the reason it's suddenly worked now) is that the console server would be hard pressed to connect to R1 as it wasn't actually physically connected! i'd removed the octal connection to the console port and connected directly to R1 to play around with it. then i didn't replace teh octal connection again. think i'll push out my ccie lab by a couple of weeks eh.

Other useful links.
http://www.tech-recipes.com/cisco_router_tips719.html
http://www.ciscopress.com/articles/article.asp?p=27650&seqNum=5&rl=1

networker050184 · December 2007

Use the same IP address but different ports for all your routers. So for R2 use:

ip host R2 2002 192.168.10.10

JohnDouglas · December 2007

Will do networker. Not actually added a second router yet.

BTW - Thanks for everyones help with this. glad i finally sorted it out. cheers.

freetech · December 2007

Hmm, i've had a go but still the connection is refused by R1
Code:
host#telnet 1.1.1.1 2001
Trying 1.1.1.1, 2001 ...
% Connection refused by remote host

i'm probably missing something very obvious. will get back to it after a coffee

If you just try to re-connect by opening a telnet session, it will just refuse the connection because it already has an open session going.
It may have worked when you came back to it because the session on R1 timed out or you may have turned it off and then back on. Either of those things will break the session.

The connection is typically refused by R1 becasue it already has a session open to the console server. Just do

sh sessions

on the console server to see open sessions. Then just type in

resume 1

or

res 1

to open session 1 and get back on R1.

JohnDouglas · December 2007

freetech wrote:
Hmm, i've had a go but still the connection is refused by R1
Code:
host#telnet 1.1.1.1 2001
Trying 1.1.1.1, 2001 ...
% Connection refused by remote host

i'm probably missing something very obvious. will get back to it after a coffee

If you just try to re-connect by opening a telnet session, it will just refuse the connection because it already has an open session going.
It may have worked when you came back to it because the session on R1 timed out or you may have turned it off and then back on. Either of those things will break the session.

The connection is typically refused by R1 becasue it already has a session open to the console server. Just do
sh sessions
on the console server to see open sessions. Then just type in
resume 1
or
res 1
to open session 1 and get back on R1.

ah, i see. thanks for explaining that. i guess that's what happened.

beezee · February 2008

I assume(thinking out loud) this could also work using a 2600 series with LAN/WAN interfaces (2611) and NM-16A 16 port Async Module.

Configure WAN interface with dhcp/preferably static IP address from ISP, config LAN interface with a private range IP address, configure NAT overload. On the 2611, you would then go to "line vty 0 4" and set "transport input SSH". This will only allow secure shell connections which will be encrypted.
So, from Cable/DSL modem to 2611 router, then using your octal cable to all other routers and switches. Load an appropriate IOS version that on the 2600 that is capable of SSH1 or SSH2.

You would then be able to SSH directly into you router from anywhere in the world.

Ok, it seems a bit tedious but it would be fun

Back to Ebay for a NM-16A 16 port Async Module.

ravy2008 · May 2008

Hi Guys,

I too am trying to set up the same configuration where all my equipment is downstairs and I would like to telnet/ssh (not RDP) to my computer via the internet or wireless network. I was able to establish a VPN connection as per instructions on this thread but after that what are the next steps?

Any detailed help would be greatly appreciated. I have a terminal server (2511) connected to all my routers and switches. My laptop is connected to the terminal server and I have a VPN (XP Based) between my desktop and laptop.

Thanks,
Ravy

mikej412 · May 2008

ravy2008 wrote:

I would like to telnet/ssh (not RDP) to my computer via the internet or wireless network.

Is your computer a Linux System? If it isn't, then you'd need some to run a telnet server (or ssh server). And from there then you'd telnet into the access server?

If you have a VPN to your network, you should just be able to telnet/ssh to the terminal server.

If your VPN is host to host, then you need something like RDP or VPN to control the remote desktop -- unless you've configured both ends to route traffic.

If you're sitting upstairs, then you should just be able to route through the wireless network to the access server down stairs (or RDP or VPN to the PC attached to the console of the terminal server).

elegua · May 2008

Hi Guys,

The other way to do this is accessing the Access Server using SSH, if you want me to help you let me know, if you have a static IP at home will be better, if you have a dynamic IP the configuration will be a little different, this is what i have at home:

Internet

R1760

AS2610

LAB.

Hope this help.

ravy2008 · June 2008

Hello,

Yes can someone still assist me, it would be greatly appreciated.

So here is my setup.

1. Upstairs - Windows XP Professional 32 bit, internet connection and wireless router
2. Basement - Windows XP Professional 32 bit w/ wireless card, 2511 access terminal and some switches.

So what I would like to be able to do is from my upstairs computer, somehow be able to telnet into the 2511 and access my switches.

I'm OK when it comes to computers however not that familiar with Cisco gear at all so any help is welcomed.

Thanks,
Ravy

dynamik · June 2008

You could setup a telnet server on your basement machine, or you could simply remote desktop to it as well. You could do more complex things like bridge the wireless and wired (which I assume you have) network connections in that machine as well.

Connecting to Routers Remotely

Comments