Re: NO EXEC command

From: Brian Hescock (bhescock@xxxxxxxxx)
Date: Wed Jan 17 2001 - 10:32:32 GMT-3

• Next message: Chuck Larrieu: "RE: Code for Voice?"
• Previous message: Barry J. Bocaner: "RE: Classical IP with SVC : how to apply traffic parameters"
• Maybe in reply to: Patrick Bikar: "NO EXEC command"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Another good reason to use "no exec" is in the real world it can cause problems
 for
your TACACS server. Noise on the lines can cause an incorrect TACACS request f
rom
the router. Multiply that times say 500 remotes sites that each have a termin
al
server and this can cause a real problem for the TACACS server. "No exec" sol
ved
the problem.

Brian

Jay Hennigan wrote:

> On Tue, 16 Jan 2001, Patrick Bikar wrote:
>
> > Hi Jay,
> >
> > Thanks for the enlightened response.
> >
> > So practicaly, let's say you are asked on day to configure a couple of rout
er +
> > a terminal server ;-), would you put the "no exec" only on the auxiliary po
rts
> > of all routers + all the lines of the terminal server that are not used ?
>
> You would put it on the async lines of the terminal server that are used
> to connect to the console ports of the routers.
>
> The physical wiring would be such that the console ports of each router
> that you want to access would go to an async line (much like an AUX port)
> of the terminal server. You don't want the routers trying to run EXEC
> on the terminal server, so you set it for NO EXEC on those lines going to
> the routers. You DO want to EXEC the routers themselves via their consoles,
> and you DO want to EXEC the terminal server from your connected PC to
> its console.
>
> The AUX ports on the routers don't come in to play, at least not for
> this part of the config.
>
> Think of a terminal server as a router with a whole bunch of AUX ports,
> each of which connects to a console port on a router. The terminal
> server doesn't participate in the routing process. It works like a
> keyboard/video switch to allow you to move around among the actual
> routers without unplugging console cables.
>
> This is REALLY essential for the lab. If you can't do it practically
> blindfolded, it's likely to be a show-stopper.
>
> BTW, the words "terminal server" in this context have nothing whatsoever
> to do with Microsoft's lame software that attempts to reinvent an Xterm
> for Windows. That choice of terminology has caused lots of confusion.
>
> --
> Jay Hennigan - Network Administration - jay@west.net
> NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
> WestNet: Connecting you to the planet. 805 884-6323
>

• Next message: Chuck Larrieu: "RE: Code for Voice?"
• Previous message: Barry J. Bocaner: "RE: Classical IP with SVC : how to apply traffic parameters"
• Maybe in reply to: Patrick Bikar: "NO EXEC command"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:32 GMT-3