Need access directly to the routers connected to access server not into the access-server

Hi All,

   I wish into loginto the routers connected to acces router on my CCIE rack remotely. I dont want to allow one line port of every router on my FIOS router to connect directly to each of them. in stead I want to allow one ssh connectionon the FIOS router and use autocommand feature on accessserver to telnet into the rescpective router.

    The problem im facing is when I ssh2 using credentials say for router 1, r1/cisco for the public ip, i log into accessserver not into the router r1. How can i skip logging into the access-server and login directly into the router on a given tab on securecrt. I dont want to login to accesserver on every tab of securecrt again to loginto the router that I want to. Please help.

Here is my config:

 

Current configuration : 3801 bytes
!
! Last configuration change at 18:33:51 UTC Wed May 18 2016 by r1
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ACCESSSERVER2851
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$JGW3$pukojo7HEBDO9IlDi.oP0.
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
ip domain name praveen.com
ip host R21 2087 10.10.10.10
ip host R1 2066 10.10.10.10
ip host R2 2067 10.10.10.10
ip host R3 2068 10.10.10.10
ip host R4 2069 10.10.10.10
ip host R5 2070 10.10.10.10
ip host R6 2071 10.10.10.10
ip host R7 2072 10.10.10.10
ip host R8 2073 10.10.10.10
ip host R16 2082 10.10.10.10
ip host R17 2083 10.10.10.10
ip host R18 2084 10.10.10.10
ip host R19 2085 10.10.10.10
ip host R20 2086 10.10.10.10
ip host R22 2088 10.10.10.10
ip host R23 2089 10.10.10.10
ip host R9 2074 10.10.10.10
ip host R10 2075 10.10.10.10
ip host Breakoutswitch 2076 10.10.10.10
no ipv6 cef
!
multilink bundle-name authenticated

username r1 password 0 cisco
username r1 autocommand telnet 10.10.10.10 2066
username r2 password 0 cisco
username r2 autocommand telnet 10.10.10.10 2067
!
redundancy

ip ssh port 8083 rotary 1
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.10.10.10 255.255.255.255
!
interface GigabitEthernet0/0
 ip address dhcp
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!        
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
alias exec r2 telnet 10.10.10.10 2067
alias exec r1 telnet 10.10.10.10 2066
!
line con 0
 logging synchronous
line aux 0
 no exec
 transport input all
 transport output none
 speed 2400
line 1/0 1/31
 session-timeout 40
 exec-timeout 0 0
 login local
 no exec
 transport preferred none
 transport input telnet ssh
 transport output all
 stopbits 1
line vty 0 4
 login local
 rotary 1
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

 

Comments

  • switch to using aaa using local authentication and authorization

    aaa new-model
    !
    !
    aaa authentication login local_authentication local
    aaa authorization exec local_author local
    !
    line vty 0 4
     authorization exec local_authorization
     login authentication local_authentication

    Should
    be able to then telnet/ssh into your access server using r1/cisco which
    would then run your autocommand to telnet over to 10.10.10.10 2066 or log in
    as r2 to get to 10.10.10.10 2067

  • Thanks for your rely. I tried this configuration but still ends up in access server.Highlighted your configuration to have a look.

    Current configuration : 4514 bytes
    !
    ! Last configuration change at 19:12:41 UTC Thu May 19 2016 by r1
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname ACCESSSERVER2851
    !
    boot-start-marker
    boot-end-marker
    !
    !
    enable secret 5 $1$.AlE$LN7JMiOX5/xen3aEScqra0
    !
    aaa new-model
    !
    !
    aaa authentication login local_authentication local
    aaa authorization exec local_author local

    !
    !
    !
    !
    !
    aaa session-id common
    !
    !
    dot11 syslog
    ip source-route
    !
    !
    ip cef
    !
    !
    !
    no ip domain lookup
    ip domain name praveen.com
    ip host R21 2087 10.10.10.10
    ip host R1 2066 10.10.10.10
    ip host R2 2067 10.10.10.10
    ip host R3 2068 10.10.10.10
    ip host R4 2069 10.10.10.10
    ip host R5 2070 10.10.10.10
    ip host R6 2071 10.10.10.10
    ip host R7 2072 10.10.10.10
    ip host R8 2073 10.10.10.10
    ip host R16 2082 10.10.10.10
    ip host R17 2083 10.10.10.10
    ip host R18 2084 10.10.10.10
    ip host R19 2085 10.10.10.10
    ip host R20 2086 10.10.10.10
    ip host R22 2088 10.10.10.10
    ip host R23 2089 10.10.10.10
    ip host R9 2074 10.10.10.10
    ip host R10 2075 10.10.10.10
    ip host Breakoutswitch 2076 10.10.10.10
    no ipv6 cef
    !
    multilink bundle-name authenticated
    !

    !
    voice-card 0
    !

    !
    !

    !
    !
    license udi pid CISCO2851 sn FTX1017A07R
    username R1 password 0 cisco
    username R1 autocommand telnet 10.10.10.10 2066
    username r3 password 0 cisco
    username r3 autocommand telnet 10.10.10.10 2068
    username r4 password 0 cisco
    username r4 autocommand telnet 10.10.10.10 2069
    username r5 password 0 cisco
    username r5 autocommand telnet 10.10.10.10 2070
    username r6 password 0 cisco
    username r6 autocommand telnet 10.10.10.10 2071
    username r7 password 0 cisco
    username r7 autocommand telnet 10.10.10.10 2072
    username r8 password 0 cisco
    username r8 autocommand telnet 10.10.10.10 2073
    username r9 password 0 cisco
    username r9 autocommand telnet 10.10.10.10 2074
    username r10 password 0 cisco
    username r10 autocommand telnet 10.10.10.10 2075
    username r2 password 0 cisco
    username r2 autocommand telnet 10.10.10.10 2067
    !
    redundancy
    !
    !
    ip ssh port 8083 rotary 1
    !
     
    interface Loopback0
     ip address 10.10.10.10 255.255.255.255
    !
    interface GigabitEthernet0/0
     ip address dhcp
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/1
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    ip forward-protocol nd
    ip http server
    ip http secure-server
    !
    !
    ip route 0.0.0.0 0.0.0.0 192.168.1.1
    !

    control-plane
    !
    !
    !
    !
    mgcp profile default
    !

    line con 0
     logging synchronous
    line aux 0
     no exec
     transport input all
     transport output none
     speed 2400
    line 1/0 1/31
     session-timeout 40
     exec-timeout 0 0
     no exec
     transport preferred none
     transport input telnet ssh
     transport output all
     stopbits 1
    line vty 0 4
     authorization exec local_authorization
     login authentication local_authentication

     rotary 1
     transport input telnet ssh
    !
    scheduler allocate 20000 1000
    end

  • sorry.  "aaa authorization exec local_author local" should be "aaa authorization exec local_authorization local"

  • it works, Awesome. Thanks. Now I dont need to have 20 port-forwarding rules for each router on my FIOS router and just one ssh rule to replace them all.

Sign In or Register to comment.