The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
Configuring the diagnostic and wait banners is optional, but recommended. The banners are especially useful as indicators to users about the status of their Telnet or SSH attempts.
The console port on the router is an EIA/TIA-232 asynchronous, serial connection with no flow control and an RJ-45 connector. The console port is used to access the router and is located on the front panel of the Route Processor.
For information on accessing the router using the console port, see Using Cisco IOS XE Software.
If you are using the console port to access the router, you are automatically directed to the Cisco IOS command-line interface (CLI).
If you are trying to access the router through the console port and send a break signal (by entering Ctrl-C or Ctrl-Shift-6, or by entering the send break command at the Telnet prompt) before connecting to the CLI, you are directed to a diagnostic mode if the non-RPIOS subpackages are accessible. These settings can be changed by configuring a transport map for the console port and applying that transport map to the console interface.
Telnet and SSH on the router can be configured and handled like Telnet and SSH on other Cisco platforms. For information on traditional Telnet, see the line command in the Cisco IOS Terminal Services Command Reference, Release 12.2 document.
For information on configuring traditional SSH, see the “Configuring Secure Shell” chapter in the Cisco IOS Terminal Services Command Reference, Release 12.2 document.
The Reset button functionality is configured on all Cisco 1000 Series Integrated Services Routers (ISRs) by default. You can use the Reset button to recover Cisco 1000 Series ISRs that become non-responsive due to incorrect configuration or when users are unable to login due to incorrect credentials.
To enable the Reset button functionality on these devices, configure the device with the password recovery service using the service password-recovery command, and to disable the feature, use either the no service password-recovery command or the no service password-recovery strict command.
You can enable the Reset button feature on the device only under any of these scenarios:
during hardware initialization, or
after the device is powered on, or
at the reload command
In Cisco IOS XE Gibraltar 16.12 releases and earlier, you can enable the Reset button feature only if you use service password-recovery configuration. However, to disable the feature, use the no service password-recovery or no service password-recovery strict configurations.
From Cisco IOS XE Amsterdam 17.2.1r release and later, the Reset button feature is entirely disabled with the no service password-recovery strict configuration.
Below are the tables that show the behavior of the Reset button feature in various possible combinations under service password recovery and no service password recovery:
|
Press Reset Button (STATUS) |
Behavior |
||||||
|
Sl. No |
Golden Image |
Golden Config |
Start up config |
Image |
Config |
Extra |
|
|
1 |
Exists |
Exists |
Exists |
Golden |
Golden |
- |
|
|
2 |
Exists |
Exists |
None |
Golden |
Golden |
- |
|
|
3 |
Exists |
None |
Exists |
Golden |
PnP |
Delete startup |
|
|
4 |
Exists |
None |
None |
Golden |
PnP |
- |
|
|
5 |
None |
Exists |
Exists |
Standard |
Golden |
- |
|
|
6 |
None |
Exists |
None |
Standard |
Golden |
- |
|
|
7 |
None |
None |
Exists |
Standard |
PnP |
Delete startup |
|
|
8 |
None |
None |
None |
Standard |
PnP |
- |
|
|
Press Reset Button (STATUS) |
Behavior |
||||||
|
Sl. No |
Golden Image |
Golden Config |
Start up config |
Image |
Config |
Extra |
|
|
1 |
Exists |
In NVRAM |
Exists |
Golden |
PnP |
Wipe |
|
|
2 |
Exists |
In Bootflash |
Exists |
Golden |
Golden |
Wipe |
|
|
3 |
Exists |
In NVRAM |
None |
Golden |
PnP |
Wipe |
|
|
4 |
Exists |
In Bootflash |
None |
Golden |
Golden |
Wipe |
|
|
5 |
Exists |
None |
Exists |
Golden |
PnP |
Wipe |
|
|
6 |
Exists |
None |
None |
Golden |
PnP |
Wipe |
|
|
7 |
None |
In NVRAM |
Exists |
Standard |
PnP |
Wipe |
|
|
8 |
None |
In Bootflash |
Exists |
Standard |
Golden |
Wipe |
|
|
9 |
None |
In NVRAM |
None |
Standard |
PnP |
Wipe |
|
|
10 |
None |
In Bootflash |
None |
Standard |
Golden |
Wipe |
|
|
11 |
None |
None |
Exists |
Standard |
PnP |
Wipe |
|
|
12 |
None |
None |
None |
Standard |
PnP |
Wipe |
|
Ensure that the ROMmon version on the device is at least 17.2(1r)
Ensure to configure the golden.bin image and golden.cfg configuration.
The Cisco 1000 Series Integrated Service Routers do not support the Reset button functionality in the controller mode Therefore, the reset button does not function to restore a gloden image or configuration in the controller mode.
The Reset button feature is disabled if the Cisco 1000 ISRs go into ROMMON mode or into the IOS mode.
This task describes how to enable Reset button feature on the Cisco 1000 Series ISR device:
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
||
| Step 2 |
service password-recovery Example: |
Configures the password recovery service on the device. |
||
| Step 3 |
no service password-recovery Example: |
(Optional) Disables the Reset button feature on the device. You can recover the non-responsive device; however, the device is reconfigured because all user configurations and keys are deleted.
|
||
| Step 4 |
exit Example: |
Exits the configuration mode and returns to the priviledge exec mode. |
||
| Step 5 |
no service recovery-service strict Example: |
Disables the Reset button feature on the device.
|
Device# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Device(config)# service password-recovery
Executing this command enables the password recovery mechanism.
Device(config)#
Device# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Device(config)# no service password-recovery
WARNING:
Executing this command will disable the password recovery mechanism.
Do not execute this command without another plan for password recovery.
Are you sure you want to continue? [yes]: yes
Device(config)#
This task describes how to configure a transport map for a console port interface on the router.
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
||
| Step 2 |
configure terminal Example: |
Enters global configuration mode. |
||
| Step 3 |
transport-map type console transport-map-name Example: |
Creates and names a transport map for handling console connections, and enters transport map configuration mode. |
||
| Step 4 |
connection wait [allow [interruptible] | none [disconnect]] Example: |
Specifies how a console connection will be handled using this transport map.
|
||
| Step 5 |
(Optional) banner [diagnostic | wait] banner-message Example: |
(Optional) Creates a banner message that will be seen by users entering diagnostic mode or waiting for the Cisco IOS VTY line because of the console transport map configuration.
|
||
| Step 6 |
exit Example: |
Exits transport map configuration mode to re-enter global configuration mode. |
||
| Step 7 |
transport type console console-line-number input transport-map-name Example: |
Applies the settings defined in the transport map to the console interface. The transport-map-name for this command must match the transport-map-name defined in the transport-map type console command. |
The following example shows how to create a transport map to set console port access policies and attach to console port 0:
Router(config)# transport-map type console consolehandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# banner diagnostic X
Enter TEXT message. End with the character 'X'.
--Welcome to diagnostic mode--
X
Router(config-tmap)# banner wait X
Enter TEXT message. End with the character 'X'.
Waiting for IOS vty line
X
Router(config-tmap)# exit
Router(config)# transport type console 0 input consolehandlerUse the following commands to view console port, SSH, and Telnet handling configurations:
show transport-map
show platform software configuration access policy
Use the show transport-map command to view transport map configurations.
show transport-map [all | name transport-map-name | type [console ]]
This command can be used either in user EXEC mode or privileged EXEC mode.
The following example shows transport maps that are configured on the router: console port (consolehandler):
Router# show transport-map allTransport Map:
Name: consolehandler Type: Console Transport
Connection:
Wait option: Wait Allow Interruptable Wait banner:
Waiting for the IOS CLI bshell banner:
Welcome to Diagnostic Mode
Router# show transport-map type consoleTransport Map:
Name: consolehandler
REVIEW DRAFT - CISCO CONFIDENTIAL
Type: Console Transport
Connection:
Wait option: Wait Allow Interruptable Wait banner:
Waiting for the IOS CLI Bshell banner:
Welcome to Diagnostic Mode
Router# show transport-map type persistent sshTransport Map:
Name: consolehandler Type: Console Transport
Connection:
Wait option: Wait Allow Interruptable Wait banner:
Waiting for the IOS CLI Bshell banner:
Welcome to Diagnostic Mode
Use the show platform software configuration access policy command to view the current configurations for handling the incoming console port, SSH, and Telnet connections. The output of this command provides the current wait policy for each type of connection (Telnet, SSH, and console), as well as information on the currently configured banners.
Unlike the show transport-map command, the show platform software configuration access policy command is available in diagnostic mode so that it can be entered in scenarios where you need transport map configuration information, but cannot access the Cisco IOS CLI.
The following example shows the show platform software configuration access policy command.
Router# show platform software configuration access policyThe current access-policies
Method : telnet
Rule : wait with interrupt Shell banner:
Welcome to Diagnostic Mode
Wait banner :
Waiting for IOS Process
Method : ssh Rule : wait Shell banner: Wait banner :
Method : console
Rule : wait with interrupt Shell banner:
Wait banner :
Cisco 1100 Series router supports connecting a modem to the router console port for EXEC dial in connectivity. When a modem is connected to the console port, a remote user can dial in to the router and configure it. To configure a modem on the console port, perform these steps:
| Step 1 |
Connect the RJ-45 end of the adapter cable to the console port on the router. |
| Step 2 |
Use the show line command to determine the async interface of the console port: |
| Step 3 |
Use the following commands to configure the router console line:: |
| Step 4 |
Use the reverse telnet method on the modem to verify the modem connectivity and configuration string: |
| Step 5 |
Use an analog phone to verify that the phone line is active and functions properly. Then, connect the analog phone line to the modem. |
| Step 6 |
Initialize an EXEC modem call to the router from another device (PC) to test the modem connection. |
| Step 7 |
When the connection is established, the dial in client is prompted for a password. Enter the correct password. Note: This password should match the one that is configured on the console port line. |
Feedback