2511 line break

Mailman List Mirror (Read Only)
1

From owner-nanog@merit.edu Mon Jul 26 14:38:49 2004
From: Randy Bush <randy@psg.com>
Date: Mon, 26 Jul 2004 08:54:38 -1000
To: "Robert E. Seastrom" <rs@seastrom.com>
Cc: nanog@nanog.org
Subject: Re: 2511 line break

> rs@valhalla [6] % telnet scrapheap 2003
> Trying 10.1.1.25
> Connected to 10.1.1.25.
> Escape character is '^]'.
>
>
> User Access Verification
>
> Password:
> Password OK
>
> installhost console login:
> installhost console login:
> > send break
> Type 'go' to resume
> ok
> > quit
> Connection closed.
> rs@valhalla [7] %

i am seriously shocked by the number of folk in this forum who not
only seem to use telnet over the internet, but seem willing to
advertise it.

I am seriously shocked by the number of folk in this forum who not
only seem to be unaware that 'Net 10' is not part of the Internet,
but seem willing to advertize it.

*grin*

2

rs@valhalla [6] % telnet scrapheap 2003
Trying 10.1.1.25
Connected to 10.1.1.25.
Escape character is '^]'.

User Access Verification

Password:
Password OK

installhost console login:
> send break
Type 'go' to resume
ok
> quit
Connection closed.
rs@valhalla [7] %

i am seriously shocked by the number of folk in this forum who not
only seem to use telnet over the internet, but seem willing to
advertise it.

I am seriously shocked by the number of folk in this forum who not
only seem to be unaware that 'Net 10' is not part of the Internet,
but seem willing to advertize it.

*grin*

if there is an ssh enabled ios (i presume thats an cisco 2511), then you could do an flash and mem upgrade before login.

*evilgrin*

also telnet is sometimes the last chance over "full" lines (encryption likes packetloss)

bye,
   Ingo

3

There are ssh loads for the 2511, because I've downloaded them and loaded them onto 2511s before. There are no ssh loads for the 2511 that allow you to actually use ssh with a non-null cypher without triggering watchdog timers on the router though, last time I checked. The 2511's small brain is easily overwhelmed.

I don't have any 2511s in my network right now, but (unless I'm mistaken) ssh isn't an option for remote access to those routers.

Joe

4

I don't have any 2511s in my network right now, but (unless I'm
mistaken) ssh isn't an option for remote access to those routers.

i assure you that you are, in this case, mistaken. see appended.

when composing my original post, i did not even consider that one
would use anything but ssh to access a router over the net.

randy

5

Randy,

when composing my original post, i did not even consider that one
would use anything but ssh to access a router over the net.

Based on your inability to configure NTP and send a break to a 2500,
most of us would naturally be led to believe you cannot configure SSH
on a Cisco either. =)

Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-K4P-L), Version 12.0(21)S1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Yes, you've demonstrated you can download and install an IOS image
with crypto. Now, try using your router for basic tasks, like serial
console, while processing 3DES/Blowfish crypto without the poor
Motorola 68k CPU surging to 100% utilization and becoming really
untsable really quickly.

As they say in home country: "bueno es hablar, pero mejor es callar".

---Rico

6

I found a 2511. Turns out that the small brain *is* easily overwhelmed, but not so much that it can't handle single ssh connects, at least to return a prompt to a client. I get these on the console:

31w6d: %SYS-3-CPUHOG: Task ran for 2008 msec (0/0), process = SSH Process, PC = 3814BB4.
-Traceback= 31F59FC 3814BBC 3871260 3871DDE 386BDE0 386BC52 386218A 385CF34 385EAB0 385E2F2 3867DE8 3867128 387BC42 3878936 3879E0A
31w6d: %SYS-3-CPUHOG: Task ran for 2008 msec (0/0), process = SSH Process, PC = 3814BB4.
-Traceback= 31F59FC 3814BBC 3871260 3871DDE 386BDE0 386BC52 386218A 385CF34 385EAB0 385E2F2 3867DE8 3867128 387BC42 3878936 3879E0A

but the ssh client session does actually complete, and I can type commands. This is on a 2511 which is doing precisely nothing else -- no routing protocols, just a single async port connected to the console on a FreeBSD box.

So, it *is* possible to use ssh to connect to a 2511, at least a 2511 with absolutely nothing else to do. Whether or not this will be useful will depend on how busy your router is.

Joe

Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-K4P-L), Version 12.0(25.4)S, EARLY DEPLOYMENT MAINTENANCE INTERIM SOFTWARE
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Mon 30-Jun-03 19:57 by nmasa
Image text-base: 0x0304D258, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
BOOTLDR: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWARE (fc1)

xxxxxxx uptime is 31 weeks, 6 days, 23 hours, 7 minutes
System returned to ROM by reload
System image file is "flash:/c2500-k4p-l.120-25.4.S"

cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory.
Processor board ID 03004308, with hardware revision 00000000
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

7

So, it *is* possible to use ssh to connect to a 2511, at least a 2511
with absolutely nothing else to do. Whether or not this will be useful
will depend on how busy your router is.

as i said in my original post, i am using the 2511 as the terminal
server for a bunch of out-of-band console ports. works great. a
lot of folk have been doing the same for a long time. ssh to the
2511 and then async out to the broken devices. and you can put a
modem on the con or aux for an other path way in.

i was not recommending using it as a router. though this one is
participating in my very local (one rack) ospf mesh.

randy