Category Archives: Cisco

So much time wasted for such a stupid problem

Let me preface this by saying that remotely rebooting a router/firewall always has associated risks; however, this one may never cross your mind as I’ve found out the hard way.  Apparently, Juniper does not want you to have a Cisco terminal server (aka reverse telnet) connected to their devices’ console ports.

I had been planning on upgrading from JUNOS 11.4R1.6 to the latest 12.1 release because I’ve noticed some weird/undocumented issues with its DHCP server implementation (to make a long story short, DHCP acknowledgments were taking excessively long to process and send out in response to a request).  After the old “request system software add … reboot” command I sat and patiently waited for the box to come back to life; unfortunately, it never did.

Almost by accident, I stumbled upon Juniper KB17145 entitled “SRX reboot can have problems when console cable is connected to Cisco terminal server.”  My favorite sentence is: “misconfiguration on the Cisco port can cause SRX not to boot properly”

This is how Juniper wants you to configure the Cisco serial port:

line aux 0
  session-timeout 7200
  exec-timeout 0 0
  no exec
  transport preferred none
  transport input all
  stopbits 1

So I applied their recommended configuration, rebooted the SRX, and magically, it booted properly!

Utilize Cisco AUX Port for Reverse Telnet

Since I’m too cheap/poor to buy an asynchronous serial module (NM-16A/NM-32A) for a Cisco terminal server, or an OpenGear console server, I’ve figured out how to configure the AUX port to perform the same function.  Typically the AUX port is used to connect a dial-up modem to the device for dial-in access.  You can identify the line number by running “show line” from the command line:

#show line
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
      0 CTY              -    -      -    -    -      0       0     0/0       -
*     5 AUX   9600/9600  -    -      -    -    -      2       0     0/0       -
*     6 VTY              -    -      -    -    -      5       0     0/0       -
      7 VTY              -    -      -    -    -      0       0     0/0       -
      8 VTY              -    -      -    -    -      0       0     0/0       -
      9 VTY              -    -      -    -    -      0       0     0/0       -
     10 VTY              -    -      -    -    -      0       0     0/0       -

Line(s) not in async mode -or- with no hardware support:
1-4

As you can see, the AUX port is showing up as line 5.  This is important.

Next, put some configuration on the AUX port:

line aux 0
 transport input all
 flowcontrol hardware

Now you can either access the line from your device’s console, or from a remote host.  Assuming the device’s IP address is 172.30.1.2, from a remote host you can telnet to 172.30.1.2 on port 2005 (05 is the two digit line number), enter your credentials to the device, and gain access to the AUX port.  Once attached to the AUX port you have access to the console’s connection.  In this case, it is connected to a Juniper SRX which requires authentication for console access.

$ telnet 172.30.1.2 2005
Trying 172.30.1.2...
Connected to cme.
Escape character is '^]'.


User Access Verification

Username: eric
Password: 

ROUTER (ttyu0)

login: eric
Password:

--- JUNOS 11.1R2.3 built 2011-05-06 05:59:38 UTC
[email protected]>

15 Days of Hell Pays Off

Well it’s been a long two weeks but it’s finally over!  Goodbye Plano, TX!  Hello CCNP certification!  I’ve successfully passed all three exams (ROUTE 642-902, SWITCH 642-813, and TSHOOT 642-832) and now plan to study for my CCIE.