The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The console port on the router is an EIA/TIA-232 asynchronous, serial connection with no flow control and an RJ-45 connector. The console port is used to access the router and is located on the front panel of the router.
For information on accessing the router using the console port, see the Cisco ASR 920 Hardware Installation Guide.
For information about connecting console cables to the Cisco ASR 920 Series Router, see the Cisco ASR 920 Series Aggregartion Services Router Hardware Installation Guide.
For instructions on how to install device drivers in order to use the USB console port, see the ASR 920 Series Aggregartion Services Router Hardware Installation Guide.
Users using the console port to access the router are automatically directed to the IOS XE command-line interface, by default.
If a user is trying to access the router through the console port and sends a break signal (a break signal can be sent by entering Ctrl-C or Ctrl-Shift-6 , or by entering the send break command at the Telnet prompt ) before connecting to the IOS XE command-line interface, the user is directed into diagnostic mode by default if the non-RPIOS sub-packages can be accessed.
These settings can be changed by configuring a transport map for the console port and applying that transport map to the console interface.
Telnet and Secure Shell (SSH) on the router can be configured and handled like in any other Cisco platforms. For information on traditional Telnet, see the line command in the Cisco IOS Terminal Services Command Reference guide.
For information on configuring traditional SSH, see the Secure Shell Configuration Guide.
The router also supports persistent Telnet. Persistent Telnet allows network administrators to more clearly define the treatment of incoming traffic when users access the router through the Management Ethernet port using Telnet. Notably, persistent Telnet provides more robust network access by allowing the router to be configured to be accessible through the Ethernet Management port using Telnet even when the IOS XE process has failed.
In traditional Cisco routers, accessing the router using Telnet is not possible in the event of an IOS failure. When Cisco IOS fails on a traditional Cisco router, the only method of accessing the router is through the console port. Similarly, if all active IOS processes have failed on a router that is not using persistent Telnet, the only method of accessing the router is through the console port.
With persistent Telnet however, users can configure a transport map that defines the treatment of incoming Telnet traffic on the Management Ethernet interface. Among the many configuration options, a transport map can be configured to direct all traffic to the IOS command-line interface, diagnostic mode, or to wait for an IOS vty line to become available and then direct users into diagnostic mode when the user sends a break signal while waiting for the IOS vty line to become available. If you use Telnet to access diagnostic mode, the Telnet connection will be usable even in scenarios when no IOS process is active. Therefore, persistent Telnet introduces the ability to access the router via diagnostic mode when the IOS process is not active.
This task describes how to configure a transport map for a console port interface on the router.
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
||
| Step 2 |
configure terminal Example: |
Enters global configuration mode. |
||
| Step 3 |
transport-map type console transport-map-name Example: |
Creates and names a transport map for handling console connections, and enter transport map configuration mode. |
||
| Step 4 |
connection wait [allow interruptible | none ] Example:Example: |
Specifies how a console connection will be handled using this transport map:
|
||
| Step 5 |
banner [diagnostic | wait] banner-message Example: |
(Optional) Creates a banner message that will be seen by users entering diagnostic mode or waiting for the IOS vty line as a result of the console transport map configuration.
|
||
| Step 6 |
exit Example: |
Exits transport map configuration mode to re-enter global configuration mode. |
||
| Step 7 |
transport type console console-line-number input transport-map-name Example: |
Applies the settings defined in the transport map to the console interface. The transport-map-name for this command must match the transport-map-name defined in the transport-map type console comm and. |
In the following example, a transport map to set console port access policies is created and attached to console port 0:
Router(config)# transport-map type console consolehandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# banner diagnostic X
Enter TEXT message. End with the character 'X'.
Welcome to diagnostic mode X
Router(config-tmap)# banner wait X
Enter TEXT message. End with the character 'X'.
Waiting for IOS vty line X
Router(config-tmap)# exit
Router(config)# transport type console 0 input consolehandler
This task describes how to configure persistent Telnet on the router.
For a persistent Telnet connection to access an IOS vty line on the router, local login authentication must be configured for the vty line (the login command in line configuration mode). If local login authentication is not configured, users will not be able to access IOS using a Telnet connection into the Management Ethernet interface with an applied transport map. Diagnostic mode will still be accessible in this scenario.
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
||
| Step 2 |
configure terminal Example: |
Enters global configuration mode. |
||
| Step 3 |
transport-map type persistent telnet transport-map-name Example: |
Creates and names a transport map for handling persistent Telnet connections, and enters transport map configuration mode. |
||
| Step 4 |
connection wait [allow {interruptible }| none {disconnect }] Example: |
Specifies how a persistent Telnet connection will be handled using this transport map:
|
||
| Step 5 |
banner [diagnostic | wait] banner-message Example: |
(Optional) Creates a banner message that will be seen by users entering diagnostic mode or waiting for the IOS vty line as a result of the persistent Telnet configuration.
|
||
| Step 6 |
transport interface gigabitethernet 0 Example: |
Applies the transport map settings to the Management Ethernet interface (interface gigabitethernet 0). Persistent Telnet can only be applied to the Management Ethernet interface on the router. This step must be taken before applying the transport map to the Management Ethernet interface. |
||
| Step 7 |
exit Example: |
Exits transport map configuration mode to re-enter global configuration mode. |
||
| Step 8 |
transport type persistent telnet input transport-map-name Example: |
Applies the settings defined in the transport map to the Management Ethernet interface. The transport-map-name for this command must match the transport-map-name defined in the transport-map type persistent telnet comm and. |
In the following example, a transport map that will make all Telnet connections wait for an IOS vty line to become available before connecting to the router, while also allowing the user to interrupt the process and enter diagnostic mode, is configured and applied to the Management Ethernet interface (interface gigabitethernet 0).
A diagnostic and a wait banner are also configured.
The transport map is then applied to the interface when the transport type persistent telnet input command is entered to enable persistent Telnet.
Router(config)# transport-map type persistent telnet telnethandler
Router(config-tmap)#
connection wait allow interruptible
Router(config-tmap)# banner diagnostic X
Enter TEXT message. End with the character 'X'.
--Welcome to Diagnostic Mode-- X
Router(config-tmap)# banner wait X
Enter TEXT message. End with the character 'X'.
--Waiting for IOS Process-- X
Router(config-tmap)# transport interface gigabitethernet 0
Router(config-tmap)# exit
Router(config)# transport type persistent telnet input telnethandlerUse the show transport-map all name transport-map-name | type console telnet ]]] EXEC or privileged EXEC command to view the transport map configurations.
In the following example, a console port and persistent Telnet transport are configured on the router and various forms of the show transport-map command are entered to illustrate the various ways the show transport-map command can be entered to gather transport map configuration information.
Router# show transport-map all
Transport Map:
Name: consolehandler
Type: Console Transport
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Waiting for the IOS CLI
bshell banner:
Welcome to Diagnostic Mode
Interface:
GigabitEthernet0
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Waiting for IOS prompt
Bshell banner:
Welcome to Diagnostic Mode
SSH:
Timeout: 120
Authentication retries: 5
RSA keypair: sshkeys
Transport Map:
Name: telnethandler
Type: Persistent Telnet Transport
Interface:
GigabitEthernet0
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Waiting for IOS process
Bshell banner:
Welcome to Diagnostic Mode
Transport Map:
Name: telnethandling1
Type: Persistent Telnet Transport
Connection:
Wait option: Wait Allow
Router# show transport-map type console
Transport Map:
Name: consolehandler
Type: Console Transport
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Waiting for the IOS CLI
Bshell banner:
Welcome to Diagnostic Mode
Router# show transport-map type persistent telnet
Transport Map:
Name: telnethandler
Type: Persistent Telnet Transport
Interface:
GigabitEthernet0
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Waiting for IOS process
Bshell banner:
Welcome to Diagnostic Mode
Transport Map:
Name: telnethandling1
Type: Persistent Telnet Transport
Connection:
Wait option: Wait Allow
Router# show transport-map name telnethandler
Transport Map:
Name: telnethandler
Type: Persistent Telnet Transport
Interface:
GigabitEthernet0
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Waiting for IOS process
Bshell banner:
Welcome to Diagnostic Mode
Router# show transport-map name consolehandler
Transport Map:
Name: consolehandler
Type: Console Transport
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Waiting for the IOS CLI
Bshell banner:
Welcome to Diagnostic Mode
Router# show transport-map name sshhandler
Interface:
GigabitEthernet0
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Waiting for IOS prompt
Bshell banner:
Welcome to Diagnostic Mode
SSH:
Timeout: 120
Authentication retries: 5
RSA keypair: sshkeys
Router#
The show platform software configuration access policy command can be used to view the current configurations for the handling of incoming console port, SSH, and Telnet connections. The output of this command provides the current wait policy for each type of connection, as well as any information on the currently configured banners. Unlike show transport-map , this command is available in diagnostic mode so it can be entered in cases when you need transport map configuration information but cannot access the IOS CLI.
Router# show platform software configuration access policy
The current access-policies
Method : telnet
Rule : wait
Shell banner:
Wait banner :
Method : ssh
Rule : wait
Shell banner:
Wait banner :
Method : console
Rule : wait with interrupt
Shell banner:
Wait banner :
The show platform software configuration access policy output is given both before the new transport map is enabled and after the transport map is enabled so the changes to the SSH configuration are illustrated in the output.
Router# show platform software configuration access policy
The current access-policies
Method : telnet
Rule : wait with interrupt
Shell banner:
Welcome to Diagnostic Mode
Wait banner :
Waiting for IOS Process
Method : ssh
Rule : wait
Shell banner:
Wait banner :
Method : console
Rule : wait with interrupt
Shell banner:
Wait banner :
Persistent SSH is not supported on Cisco ASR 920 IOS XE release.
The Telnet settings made in the transport map overrides any other Telnet settings when the transport map is applied to the Management Ethernet interface.
Only local usernames and passwords can be used to authenticate users entering a Management Ethernet interface. AAA authentication is not available for users accessing the router through a Management Ethernet interface using persistent Telnet.
Applying a transport map to a Management Ethernet interface with active Telnet sessions can disconnect the active sessions. Removing a transport map from an interface, however, does not disconnect any active Telnet sessions.
Configuring the diagnostic and wait banners is optional but recommended. The banners are especially useful as indicators to users of the status of their Telnet or SSH attempts.
Feedback