Telnetting to specific vty port

Answered Question
Feb 24th, 2003

I know that it is possible to reverse-telnet to a specific serial port on some routers by telnetting to a specific tcp port. For example:

to reverse-telnet to Interface Async 5 with a tty line identifier of 5 you would telnet to the routers local IP address at port 2005

I'd like to have the same capability with vty ports.

I have a router that uses Cisco Lock-and-Key authentication to add a dynamic access list entries for any host ip which logs into port vty 0. I also want the ability to log into the router itself to establish an EXEC session. To do this currently I must open a second telnet session before the one to vty 0 terminates.

To make a long story short here is how I'd like it to work.

move Lock and Key authentication to port vty 4

telnet to <router IP> port 20004 to go login to port vty 4

generic telnet to <router IP> port 23 will rotate through preceding vty ports 0 through 3 as usual to establish EXEC session.

Is this doable? If so provide a sample configuration and/or instructions.

Thank you.

I have this problem too.
0 votes
Correct Answer by Erick Bergquist about 11 years 2 months ago

Actually, you can by configuring the vty as a rotary group.

line vty 4

transport input all

rotary 4

Lets you telnet to router on port 3004. 23 is also open though, but you can use an access-class to restrict use to vty 4 if needed.

Or by using NAT (more dirty):

ip nat inside source static tcp 172.16.55.1 23 172.16.55.1 2002 extendable

interface Ethernet0

ip address 172.16.55.1 255.255.255.0

interface ...

ip address 10.0.0.1 255.255.255.0

ip nat outside

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
tepatel Mon, 02/24/2003 - 20:41

There is no way to telnet to specific vty port on a router. Vty ports will be picked upon availability.

Correct Answer
Erick Bergquist Mon, 02/24/2003 - 22:08

Actually, you can by configuring the vty as a rotary group.

line vty 4

transport input all

rotary 4

Lets you telnet to router on port 3004. 23 is also open though, but you can use an access-class to restrict use to vty 4 if needed.

Or by using NAT (more dirty):

ip nat inside source static tcp 172.16.55.1 23 172.16.55.1 2002 extendable

interface Ethernet0

ip address 172.16.55.1 255.255.255.0

interface ...

ip address 10.0.0.1 255.255.255.0

ip nat outside

kevtown Tue, 02/25/2003 - 07:56

Thank you ebergquist. This is exactly what I was looking for.

Actions

Login or Register to take actions

This Discussion

Posted February 24, 2003 at 4:04 PM
Stats:
Replies:3 Avg. Rating:5
Views:1259 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard