cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9368
Views
5
Helpful
6
Replies

CUE Telnet Access

Jed Renton
Level 1
Level 1

IS it possible to allow telnet access directly to the service-module address without going via the CME router and then using the session command

thanks

1 Accepted Solution

Accepted Solutions

What happens if you change "transport output pad telnet rlogin lapb-ta mop udptn v120 ssh" to "transport output all"?

Brandon

View solution in original post

6 Replies 6

Brandon Buffin
VIP Alumni
VIP Alumni

CUE uses a TTY port which will allow you to access the service module directly. When you type "service-module service-Engine 1/0 session", you something similar to:

Trying 172.19.153.41, 2033 ... Open

In this case 2033 is the TTY port. This will vary based on where the module is installed. So, if 172.19.153.41 is the address of the interface referenced in the ip unnumbered command for CUE, you could type "telnet 172.19.153.41 2033" from a PC and telnet directly to the CUE module. This is the reason CUE security best practices recommend securing this TTY port like any other. See the following link.

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e31.html

Hope this helps. If so, please rate the post.

Brandon

Brandon

I still get a RST from the router (PC sees connect failed) after applying all the commands on the line that are typically required for telnet access

So, you can telnet to the router, but when you add the port such as telnet "172.19.153.41 2033", the connection fails? Can you post your config?

Brandon

interface Loopback0

description Management Interface

ip address 172.23.200.1 255.255.255.252

!

interface Service-Engine0/0

ip unnumbered Loopback0

service-module ip address 172.23.200.2 255.255.255.252

service-module ip default-gateway 172.23.200.1

!

line 66

password xxx

login

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

--------------------------------------------------------------------------------------------------------

Telnet to service-engine

C:\>telnet 172.23.200.1 2066

Connecting To 172.23.200.1...Could not open connection to the host, on port 2066: Connect failed

IP: tableid=0, s=10.12.0.11 (Vlan12), d=172.23.200.1 (Loopback0), routed via RIB

IP: s=10.12.0.11 (Vlan12), d=172.23.200.1, len 48, rcvd 4

TCP src=1923, dst=2066, seq=1193143146, ack=0, win=65535 SYN

IP: s=172.23.200.1 (local), d=10.12.0.11 (Vlan12), len 40, sending

TCP src=2066, dst=1923, seq=0, ack=1193143147, win=0 ACK RST

--------------------------------------------------------------------------------------------------------

Telnet to Service-module

C:\>telnet 172.23.200.2 2066

Connecting To 172.23.200.2...Could not open connection to the host, on port 2066: Connect failed

No debug recorded

What happens if you change "transport output pad telnet rlogin lapb-ta mop udptn v120 ssh" to "transport output all"?

Brandon

Brandon

After a reboot and using the configuration show previously it now works thanks for the help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: