Task 1: Access Routers Using a Terminal Server

As described in the introduction, your JNCIP test bed consists of seven freshly flashed M-series routers, a terminal server, and a 100Mbps Fast Ethernet LAN segment that will serve as your network's Out of Band (OoB) management network. Because your routers have a factory-fresh default configuration, you will not be able to telnet to the routers until you have correctly configured the OoB management network. Therefore, you should plan on accessing the console ports of the routers assigned to your station using an IOS-based (2517 or similar) terminal server to perform your initial configuration task. Since the actual examination does not involve non-Juniper Networks products, you will be instructed on how to use the particular terminal server used at your testing center.

Note

Although you can use the router console ports for the duration of the examination, most candidates find that it saves time to open multiple telnet sessions (one per router) using the Out Of Band (OoB) management network that is configured during the examination. You should use the terminal server whenever you are performing router maintenance (such as upgrading JUNOS software), or when routing problems cause telnet access problems.

Console Connections

The OoB (Out of Band) management topology is illustrated in Figure 1.1. Based on this figure, you can see that the IP address of the terminal server is 10.0.1.101, and that its asynchronous interfaces are connected in ascending order to the console ports of each router that is associated with your test pod.

click to expand
Figure 1.1: The Out of Band (OoB) management network

The testing center will provide you with both user EXEC and privileged EXEC mode passwords for the terminal server (or their equivalents should a non-IOS-based terminal server be in use). You'll sometimes need the privileged EXEC mode login to reset connections when you receive error messages about ports being busy or when you see messages about connections being refused. The following is an example of a typical login session to the terminal server:

 telnet 10.0.1.101 Trying 10.0.1.101... Connected to 10.0.1.101. Escape character is ‘^]'. User Access Verification Password: cert-ts>enable Password: cert-ts#

Depending upon the specifics of your test bed, you may want to configure symbolic name mappings on the terminal server to simplify the task of reverse telnetting. This will enable you to use symbolic names in lieu of specifying the reverse telnet port and IP address on the command line. In the preceding example, these name-to-address mappings have already been configured on the terminal server:

ip host r1 2001 10.0.1.101 ip host r2 2002 10.0.1.101 ip host r3 2003 10.0.1.101 ip host r4 2004 10.0.1.101 ip host r5 2005 10.0.1.101 ip host r6 2006 10.0.1.101 ip host r7 2007 10.0.1.101

In this configuration, you can see that port 2001 on the terminal server, which maps to its first asynchronous port, is associated with the symbolic name of r1. Now, to establish a reverse telnet connection to the console port of router 1, the user need only enter r1 on the terminal server's command line. If host mappings have not been configured on your terminal server, you will need to specify the correct port identifier and IP address on the command line, as shown here:

cert-ts#telnet 10.0.1.101 2001 Trying 10.201.1.253, 2001 ... Open <operator hits "enter"> Amnesiac (ttyd0) login:

In the foregoing example, you can see that the reverse telnet session to r1 has succeeded, in that the router is now presenting its login prompt.

Note

The Amnesiac prompt shown in the previous example is indicative of a router that is booting from a factory-fresh JUNOS software load, which, by definition, will not have a hostname configured. When preparing the lab for JNCIP testing, it is standard practice for the proctor to flash every router using removable media (PCMCIA) cards at the end of each certification attempt. This ensures that each new candidate will begin his or her test from a known starting point and will prevent possible difficulties caused by a previous candidate's tampering with the system's binaries or file structure.

Initial Console Login

Because the router is booting from a factory-fresh load, the only existing login account will be the user root. Initially, this account has no associated password. When logging in as root, the user is presented with the shell prompt, so the JUNOS software command-line interface (CLI) must be started manually as shown here:

login: root --- JUNOS 5.2R1.4 built 2002-03-10 01:12:05 UTC Terminal type? [vt100] root@% cli root>

Switching Among Reverse Telnet Sessions

Although the reverse telnet sessions can be opened in any order, it is highly recommended that you open the sessions to your routers in a sequential fashion. This will make it easy to switch among sessions using session numbers that map directly to corresponding router numbers. To regain the IOS command prompt, the user must enter an escape sequence consisting of a simultaneous Ctrl+Shift+6 followed by pressing the x key (the escape sequence is not echoed back to the user but is shown in angle brackets in the following to illustrate use of the escape sequence):

root> <control-shift-6 x> pod2-ts#r2 Trying r2 (10.0.1.101, 2002)... Open Amnesiac (ttyd0) login:

After entering the escape sequence, the user is presented with an IOS prompt. If the user simply presses Enter at this point, the connection to r1 will be resumed. In this example, the user establishes a reverse telnet session to the next router (router 2) using the symbolic name r2. To switch between these two sessions, the user can now enter the escape sequence followed by the connection number, which will be either a 1 or a 2 at this stage:

login: <control-shift-6 x> pod2-ts#1 [Resuming connection 1 to 10.0.1.101 ... ] root>

Clearing Terminal Server Sessions

Although it's rarely necessary, sometimes you have to manually clear one or more reverse telnet sessions on the terminal server when connections cannot be correctly established to a given router's console port. This will require that you regain a privileged EXEC mode IOS command prompt to display and clear the problem line. Listing 1.1 is an example of this process. It demonstrates the clearing of Line 2 after a problem with access to r2 has been encountered:

Listing 1.1: Clearing Terminal Server Lines (IOS-Based Terminal Server)

pod2-ts#r2 Trying r2 (10.0.1.101, 2002)... % Connection refused by remote host pod2-ts#show line  Tty Typ   Tx/Rx    A Modem Roty AccO AccI Uses Noise Overruns    0 CTY            -    -    -     -    -    0     0      0/0  * 1 TTY 9600/9600  -    -    -     -    -    3     0      0/0  * 2 TTY 9600/9600  -    -    -     -    -    4  2031      0/0    3 TTY 9600/9600  -    -    -     -    -    3  1546      0/0    4 TTY 9600/9600  -    -    -     -    -    3     0      0/0    5 TTY 9600/9600  -    -    -     -    -    1     0      0/0    6 TTY 9600/9600  -    -    -     -    -    1 72050      3/0    7 TTY 9600/9600  -    -    -     -    -    1 19691      1/0    8 TTY 9600/9600  -    -    -     -    -    1     0      0/0    9 TTY 9600/9600  -    -    -     -    -    1     0      0/0   10 TTY 9600/9600  -    -    -     -    -    2     0      0/0   11 TTY 9600/9600  -    -    -     -    -    0     0      0/0   12 TTY 9600/9600  -    -    -     -    -    0     0      0/0   13 TTY 9600/9600  -    -    -     -    -    0     0      0/0   14 TTY 9600/9600  -    -    -     -    -    0     0      0/0   15 TTY 9600/9600  -    -    -     -    -    0     0      0/0   16 TTY 9600/9600  -    -    -     -    -    0     0      0/0   17 AUX 9600/9600  -    -    -     -    -    0     0      0/0 * 18 VTY            -    -    -     -    -   26     0      0/0   19 VTY            -    -    -     -    -    0     0      0/0   20 VTY            -    -    -     -    -    0     0      0/0   21 VTY            -    -    -     -    -    0     0      0/0   22 VTY            -    -    -     -    -    0     0      0/0 pod2-ts#clear line 2 [confirm]y [OK] pod2-ts#r2 Trying r2 (10.0.1.101, 2002)... Open <user hits enter> Amnesiac (ttyd0) login:

Reverse telnet sessions connect the user to a tty (asynchronous terminal line) on the terminal server. You will want to focus on tty sessions that have an asterisk (*) next to them, because this character indicates the line is in use. To clear a line, enter the clear line n command at the privileged EXEC mode prompt, and confirm the clear by entering y when prompted.

A Caution About Clearing Sessions

The 'failure' described in Listing 1.1 was simulated by trying to open a second telnet session to port 2002 on the terminal server without first clearing the existing session. The operator should have simply entered the session number (2 in this case) to switch back to the previously established connection to resume the connection to router r2. Clearing sessions in the manner described can result in session numbers that are no longer directly related to router numbers, which can be very confusing-for example, the session associated with r2 might end up being number 8. When reverse telnet problems are detected, many candidates find it simpler to simply log out of an IOS-based terminal server, which causes the terminal server to clear all existing connections (after the user confirms). After reconnecting to the terminal server, the telnet sessions to all routers can be reestablished in the correct numeric sequence.