Cisco WAN :: 2901 Terminal Server And Restricting Access
Apr 19, 2011
I have a Cisco 2901 Terminal server with AAA authentication via ACS server. I create twoaccounts on the acs server, cciesec2011 and vendor. Both accounts can log into the Cisco 2901 Terminal Server without any issues. By the way, I am NOT using AAA authorization on the Cisco Terminal Server. Once cciesec2011 or vendor accounts are authenticated, theseaccounts can access all the async line on the Cisco Terminal Server.
Now I have a new requirements. I would like to allow cciesec2011, once this account is successfully authenticated, this account has access to ALL async line on the Terminal Server. The "vendor" account, I want to restrict this account access only to async line 35 (there are 32 async lines available on the Cisco Terminal Server) and nothing else.
How can I accomplish without using AAA authorization on the Cisco Terminal Server?Is it possible to use "privlege level" to accomplish this? if so, how?
I have just purchased 2901 with HWIC-16A and 2 CAB-HD8-ASYNC Terminal Server to manage 16 (connect via console) cisco deivces.
Plese find attached the config file. I could not find proper docs on setting up this device as a terminal server. I have followed the following link but did not work.
[URL]
There are 16 Async (0/0/0 - 15) interfaces and also the following lines. line 2line 0/0/0 0/0/1line 0/0/2 0/0/15
How can I connect to other Cisco devices via the terminal router?
I have verizon wireless router to connect to the internet via FIOS. The public IP on the wireless router is DHCP assigned. I have my home lab with cisco 2511 and octal cables. I would like to be able to access the terminal server remotely via the internet when I'm not in. I'm concerned cause the wireless router is DHCP assigned IP. Even if I have a static IP on the ethernet port of the 2511 connected to the wireless router, I'm not sure if the NAT will work so it can be accessible from the internet.
I am a networking student so have access to a free copy of Windows Server 2012. I want to setup and get experience with AD, DHCP, and DNS, among other services. Right now I have a Netgear router attached to a Cisco switch. (studying for CCENT cert) I have my desktop and server plugged into switch. I want my desktop to connect to the domain for testing and messing aroudn with. My wife has a netboook, smartphone, and wireless ipod. I'd like her 3 devices to get an IP from the DHCP server without having her authenticate to the server. Will the Netgear router allow this since wirless access is on? Or will she need to authenticate with the server to get a DHCP IP? I am gonig to disable the router's DHCP service.
What command sequence disconnects you from a TS session? My setup is as followsr1 > TS > 2009-2621XM 2010-3825-R1 2011-3825-R2I can connect from the TS to any of the devices. The issue is that I am telnet'd to r1 and from there telnet'd to the TS. So when I type "Crtl+Shft+6, x" I go directly back to r1 and not the TS. Furthermore if I resume the session on r1 the TS is still connected to whatever session I was in prior to disconnecting. I've experimented with the disconnect and escape characters but I'm at a loss what it is that changes this.
We have the 16-port (NM-16A) and 32-port (NM-32A) asynchronous (async) network modules which provides 16 or 32 EIA/TIA-232 (formerly know as RS-232) data terminal equipment (DTE) serial interfaces at speeds up to 134.4 kbps . Few of the interfaces are connected to the console of cisco switches and routers , now we need to know that the remaining interfaces can be connected to console ports of devices other then cisco Systems to manage them , Will it work with them ?
Since Cisco 2511 is out of sale now and Cisco 1900 series are recommended to replace for the purpose of terminal/comm server. How to configure terminal server on HWIC-8A module?
I want to build up cisco 3800 series router as terminal server , i have Asycs 32A module in cisco 3825. Here is show version of device.Do i need to installed any specific IOS in Cisco 3825 device ? how to configure cisco 3825 as terminal server.
I am running ASA 5505 release 8.2(4) using a clientless SSL vpn to connect my assessors to the server via RDP to a Terminal server. Everything was working fine until last week when we had a Internet outage. During the outage some of the assessors claimed to have accepted a Cisco add-on to get into the site. once the internet came backup they could not connect to the terminal servers - what would happen is they would click on the link - say OK to connect the clipboard and the screen would pause for a few seconds then right back to the select options page.
they can get to other servers (non-terminal servers) but not to the ones they need. I can recreate the issue by waiting a REALLY long time before replying to a prompt to install an cisco add-on. I have users that can connect and others than can not. Also this only seems to affect Internet Explorer 8 and 9 does not affect Firefox
I've heard that you can configure an 1811 router as a terminal server for remote console work.I have several of them in the lab and would love to try it out.
I have rolled out Terminal Services on Server 2008 R2 for a company I used to work for, it worked perfect the users could go home and browse to our web domain and login and use apps straight from the server.there'd be no Microsoft stuff to be accessed just pure Linux Servers but probarbly if users access the online terminal services on Linux they'd be using a Windows PC
Im having some printing issues whenever im working on the terminal server. If I try to print a document out in "landscape", it will print out "portrait", seen though it displays properly in landscape in the print preview. If Im working locally on my PC, it prints out fine.
PC-1 connect to printer as local printer but shared for other PC.
PC-2 through TS can see the shared printer. This is OK. But when the printer move and connect to PC-3.
PC-3 connect to the server through TS and want to have print out some document from the server to the printer. But unfortunately the Printer cannot be seen through TS. Even the printer already shared.
I have a cisco 2600 router with 4A/S module, can it become the terminal server? If yes, which kind of octal cable should I choose to connect to other cisco routers console ports?
Using EMM as a nice friendly interface for their terminal server (ie router with NM-16A and octal cables)?when I ask the framework to run the following command it gets stuck will a blinking cursor and clear screen
i trying to set up a terminal server, 2811 with an HWIC-16A und two octo cables. [code] connect and sometimes not. It seems the connection is established but i don't get a prompt von the target device.The target devices are cisco 2811 and cisco catalysts 3560.
I've a RV082 with 2 internet connections.The idea is to permit external connections to my server and if one Internet line falls, automatically switch to the other.
We have configured the router in Smart Link backup.We try to connect with WAN1 and WAN2 enabled and all works fine.
We try to connect with WAN1 disabled and automatically WAN2 is activated.The problem start here...if WAN1 is activated while there are connections using WAN2, these connections falls!
How I must configure the router to permit that active connections are not disconnected from WAN2 even when WAN1 connection come back?
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is 192.168.1.107 and my exchange 2007 is 192.168.1.222 along with this OWA does not work.
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected
Below is my congig
ASA Version 8.3(1)!hostname wsigatewaydomain-name wsystems.comenable password yVSkMxWRc/S396FB encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXXinterface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.0.0!interface Ethernet0/2 shutdown no nameif no security-level no ip address!interface Ethernet0/3 [Code]....
Any example of router config for a terminal server.In fact I need a configuration for a router with multiple, low speed, asynchronous ports that are connected to other serial devices, for example,modems or console ports on routers or switches.With this router I would like to use a reverse telnet to connect with my devices using the serial connection.I find many examples on the Cisco web site but none with my router hardware configuration.My router is a 3620 router with a 8 port async (NM-8A/S) network module and I would like to use the 8 serial interfaces, each of them connecting a serial device.
Here is the show run and show ver :Router#show ver Cisco Internet work Operating System Software IOS (tm) 3600 Software (C3620-I-M), Version 12.3(25), RELEASE SOFTWARE (fc1)Copyright (c) 1986-2008 by Cisco Systems, Inc.Compiled Mon 28-Jan-08 20:16 by alnguyen
ROM: System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Router up time is 1 minute System returned to ROM by reload System image file is "flash:c3620-i-mz.123-25.bin" [Code]...
I am trying to block access to facebook and twitter on my router, to a certain range of ips, 192.168.1.8 - 254. I have been digging around and trying stuff but all I do seems to restrict everyone access to the internet.
Not sure If I am asking this correct. I want to install a wireless access point into a switch and out the WAN. Going to PW access into the wireless access point. Can I restrict the user from entering the LAN from wireless access point? Change subnets, what to do? Would not mind resticting speed, etc. I think I can through my switch.
I have installed a video security system into my home/office and several IP cameras are connected via my wired cat5 network which connects to my router and switcher into a PC with internet access. This will allow me to record any break ins and alert me of this event and view it in real time.I would like to restrict access to these devices for anyone else on the network, with either dedicated access or password protection.
got myself the Netgear internal PCI wifi adapter today & it works just fine on my Windows XP SP3 desktop.
The only problem I have is the question of restricting complete internet access to kids @ home. If it was an external USB adapter, I could have just taken it away but the concern is the device being an internal & always available one.
The user configuration on the PC is such that there is 1 main administrator (The actual windows "administrator" account) that no one uses. Apart from that,
- 1 user with admin privileges (me)
- 1 limited account for the kid
- 1 admin privilege account for the kid again (for purposes like installation of games which require an admin account as mandatory)
I would like for the wifi PCI card to work only when I login to my user account. There must be someway by which I could disable the device or make the internet inaccessible in the other accounts,, (but pls bear that 1 of the account that the kid uses also has admin privilege)
I tried disabling the device from control panel but in vain.. (tried something like the sys admins do in corporates ..) disabling the usb ports on the PC's in my office..!
I have a 2611XM that I am using as a terminal server for my lab setup. Async is using octal cables. It works great with routers of all different models, but when I connect a switch of any model, it does not work. The connectivity LEDs don't even light (they do for the routers). The switches in question are 3750s and 3560s.
I have tried straight through from the octal cable to the console port of the switch, as well as a rollover with a converter, no luck. This does seem to be independent of configuration on the console port - even before the console port of the routers were properly configured, I at least had indication of physical connectivity.
I have an annoying problem with networked printers disconnecting/disappearing when TS users logoff. Current configuration is: SQL server (WinSvr 2K8 R2 Std) has printers installed on it (standard TCP/IP Port) and printer is shared, there are also some printers installed on the DNS server and a couple of satellite offices. Users connect to TS servers (WinSvr 2K8 R2 & WinSvr 2K3) printers are connected and work fine until they logoff, when they log on the printers are gone "sometimes some printers are still there!?" I have tried logging onto the server as domain administrator and connecting printers but they won't even stay for administrator (have had this with win7 client machines) and tried directly 'console' at the server. I have looked at the printers on the SQL server and sharing properties, it is stoping printers from coming back at login on TS Note that local (client machines) connecting to the same shared printer from the SQL server don�t have the problem it's just on the TS server.
This is my scenario. I have my IP as 172.16.1.1 (aaaa.bbbb.cccc.dddd) which has full internet access. Now when i am not available in the office, i noticed some one assigning my IP in to his workstation and gaining full internet access. How do i restrict such things? i.e. even if some one assigning my IP on the network, they shouldnt access LAN or WAN.I tried 'arp 172.16.1.1 aaaa.bbbb.cccc.dddd arpa' configuring on my L3 Cisco 3750X switch assuming i can acheive, but that did not work.
I have Configured a WLAN with WiSM2 Controller installed on a 6500 series, Aironet 3600series APs and ACS 5.3 for userauthentication. The ACS is connected to Active directory so users are authenticating using the AD (802.1x is used and not a pre-shared key) on SSID A. I have created a separate SSID B for guest users. I have put restrictions on this SSID. Guest users are also created on the same AD where internal users are created. How can I force Guest users to connect to SSID B and not be able to connect to SSID A? Currently they can connect to both.
I have an ASA firewall and I have never configured an FTP server for a large scale network (well large in my opinion). I want to ensure we have the highest level of security available for the FTP and to limit only the specific users designated by an ACL. Would SFTP be the best available option for security measures? Should I only use Passive FTP and what range of ports above 1023 should I open for only 1 or 2 FTP clients at a time? Also if I use Passive mode do I need to use protocol inspection for FTP?Also, Currently I'm unsure of what files need to be accessed on our network but should the SFTP Server always only be installed within the DMZ?
We have recently ordered a laptop along with a docking station with the intention of connecting it with the desktop PC in the office. We want the documents folders of both computers to be synchronized and to that end we want to share the folders between each computer. However, to do so we will have to connect the laptop to the larger network in our office. Given the sensitive nature of the documents we only want the desktop PC and the laptop to be able to access these files and synchronize them.
Is there anyway in Windows 7 to specify exactly which computers are allowed access to shared folders on a computer? What's the best way to achieve the file synchronization between the two?
I have a set-up with multiple C2960 and C3750 switches. All these devices are being managed remotely. So basically I login to C2901, which is used as a Terminal Server, and reverse SSH to the console of each device. That's - I have assigned an IP to each port of the terminal server so that I can SSH directly to the desired device through via the mapped IP.
Now, recently I had to restart couple of switches - one C2960 and C3750. I initiated the reboot via console connection remotely. I could see the device logs for some time and then the logs stopped and there was no reaction from the console irrespective of any command I tried to enter.
I tried resetting the line on the terminal server, but that didn't work.
Now when I try to SSH the IP mapped to console of that particular device - i dont get any login prompt and there is no effect on device after giving any command. Although i can see the logs on the console session - but cant do anything.
I have a second way of connecting the device via inband- management, and checked the device config found it correct. It is same as other devices which are working correctly.
Both C3750 and C2960 are behaving exactly same - can see logs on console but see effect of even pressing enter - not getting login prompt as well.
Is there a way to restrict wireless access to my router from wireless pc's in my home. Two grandsons are off from school now, and are playing online games to the wee hours of the morning. Can I do something to have the routher shut off their connection at a certain time? Is that possible. If I have to go back to dd-wrt to do that, fine. I have lynksis wrt54g with their 4.2.1 firmware.
