On physical layer AUX port works on asynchronous serial RS-232 protocol. However, one can specify various application layer protocols like telnet or SSH as allowed input protocols under AUX line configuration. Am I correct that those protocols are specified only to enable or disable reverse-telnet or reverse-SSH?
How to Use ‘transport input’ for AUX Port in Cisco Routers
ciscocisco-commandscisco-isrmanagement
Related Solutions
Best practice wise - should I let the router or the ASA handle NAT (Overloading)?
In the most general of design best practices NAT is performed between an inside and outside network. NAT overloading is generally performed at the edge when there is limited public IP address space. You can learn more about NAT overloading, also known as Port Address Translation or PAT, in RFC 2663 (PAT is referred to as Network Address Port Translation (NAPT) in section 4.1.2).
In this particular scenario you can argue that you have two inside and outside networks and will need to perform some form of NAT on both the ASA (whether that is the NAT overloading you're using now, NAT exemption, static NAT, etc) and the Cisco Router.
I can ping the
172.16.2.2interface but not172.16.2.1from a pc connected to one of the layer 2 switches (proves intervlan routing is working -- i have a172.20.100.8address on the PC). Why can't I ping172.16.2.1from a PC but I can from the Layer 3 Switch?
The ASA 172.16.2.2 is receiving the ICMP echo-request but does not have a route back to 172.20.100.0/27. The echo-reply is actually being forwarded to the Router 172.16.1.1 via the default route.
And most of all -- Why can't I get out to the Internet from the Layer 3 switch?
Currently your ASA and Cisco Router do not have routes to internal devices other than their connected routes.
Your ASA configuration:
route outside 0.0.0.0 0.0.0.0 172.16.1.1 1
This will provide a default route via the outside interface, but how will the ASA know how to reach subnets residing behind the Layer 3 Distribution Switch?
You'll need to add routes to the internal subnets via the inside interface using the Layer 3 Distribution Switch as the next-hop IP address.
ASA static routing example:
route inside 172.19.12.0 255.255.255.240 172.16.2.2
route inside 172.19.3.0 255.255.255.0 172.16.2.2
route inside 172.20.100.0 255.255.255.224 172.16.2.2
Further reading: ASA static routing
Your Cisco Router's configuration:
ip route 0.0.0.0 0.0.0.0 200.200.200.200
Additionally, how will your border router know how to reach subnets other than it's connected routes, and the catch all default route via the outside interface's next-hop address 200.200.200.200?
Router static routing example:
ip route 172.19.12.0 255.255.255.240 172.16.1.10
ip route 172.19.3.0 255.255.255.0 172.16.1.10
ip route 172.19.100.0 255.255.255.224 172.16.1.10
ip route 172.16.2.0 255.255.255.224 172.16.1.10
Further reading: ISR static routing
I cannot get an ip address right now from the DHCP server (Windows). Any insight into why?
Ensure you have end-to-end IP reachability between the client(s) sending DHCP discover messages and the DHCP server.
From what I can gather from your topology and configuration, the subnets 172.19.3.0/24, 172.19.12.0/28 and 172.20.100.0/27 should have no issues connecting to each other (assuming they are configured to use their respective default gateways) from a networking perspective.
You can remove the ip helper-address syntax from the SVI 100 given that the DHCP server is on the same segment and that command is used for a DHCP server(s) that is on a different segment.
interface Vlan100
ip address 172.20.100.1 255.255.255.224
ip helper-address 172.20.100.27
Yes, just telnet to a local (up) interface using port 2001. Aux 0 is (always?) line 1.
int loopback0
ip address 192.168.1.1 255.255.255.255
!
line aux 0
transport input all
transport output all
Telnet 192.168.1.1 2001.
Best Answer
Short Answer:
On an aux line,
transport inputtells the router what protocols are permitted to reverse-telnet on the aux line.Example:
I have the following lab setup...
A "rolled cable" is just a normal Cisco console cable, which has
If you have some older Cisco cables lying around, it usually looks like this...
These days, Cisco doesn't ship rolled cables with two RJ45 connectors; now they have DB9 on one end. I made my rolled cable with some crimpers.
Lab Configuration:
I have the following configured on a Cisco 1841 lab router (
transport input noneis default on aux in my IOS)...The
auxreverse-telnet port is tcp/2001 on the c1841 (you have to add 2000 to whatever line is shown below)...Example 1 (without
transport input ...):If I try to telnet to that router without
transport input telnet, then it fails...Example 2 (using
transport input ...):However, if I configure this on the c1841's aux port, reverse-telnet and reverse-ssh work...
Now I telnet again to port 2001...
SSH reverse telnet is a little strange...
ssh -p 2001 rt1), but that fails; use port 22 and see the next bullet.<username>:<line_number>... in my case, I have to use line 1 to get to the aux (fromshow line, above)Example... I have username
mpenningconfigured on rt1, and I'm making a reverse-ssh to aux 0 (which is line number 1)...