You might probably know that it's possible to send messages from one vty line to another on a single Cisco router.
R1#send ?
* All tty lines
<0-17> Send a message to a specific line
aux Auxiliary line
console Primary terminal line
log Logging destinations
qdm Send a message to QDM client
vty Virtual terminal
xsm Send a message to XSM client
R1#send 1
Enter message, end with CTRL/Z; abort with CTRL/C:
Hi
^Z
Send message? [confirm]
R1#
***
***
*** Message from tty0 to tty1:
***
Hi
The last few days i'm trying to find a way to send automatically some custom-made udp packets from a Cisco router to a specific destination, in order to emulate the heartbeat mechanism of SixXS. Tcl seemed like a nice option, but as far as i know its implementation in Cisco IOS doesn't support extensions (Tcl doesn't have a builtin command for udp channels, so we must use an extension to enable it).
Asynchronous Serial Traffic Over User Datagram Protocol or UDPTN (UDP Telnet) is an IOS feature that provides the ability to encapsulate asynchronous data into UDP packets, and then unreliably transmit this data without needing to establish a connection with a receiving device. UDPTN is similar to Telnet in that both are used to transmit data, but UDPTN is unique in that it does not require that a connection be established with a receiving device.
Its usage is quite simple. You just have to enable udptn as an output transport under your vtys and then open a connection to the remote end.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#line vty 0 15
R1(config-line)#transport output ssh udptn
R1(config-line)#^Z
R1#
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#line vty 0 15
R2(config-line)#transport output ssh udptn
R2(config-line)#^Z
R2#
You have various options regarding the role of each device, but usually one end is transmitting and the other end is receiving. If you need 2-way communication, then you need to enable both directions. You can use any port above 1024 or just the default 57.
R1#udptn 1.1.1.2 3740 /transmit /receive
Trying 1.1.1.2, 3740 ... Open
R2#udptn 1.1.1.1 3740 /transmit /receive
Trying 1.1.1.1, 3740 ... Open
It becomes more interesting if you send packets to a multicast/broadcast address, so everyone having an open connection there will see the data.
There are some annoying things, like that you can't see locally the entered chars, or that you get chars on top of the previous chars (you can use spaces in order to clear the line), but you can't expect the full thing.
R2#udptn 1.1.1.1 3740 /transmit /receive
Trying 1.1.1.1, 3740 ... Open
How are you doing today? ! This was typed on R1
R1#udptn 1.1.1.2 3740 /transmit /receive
Trying 1.1.1.2, 3740 ... Open
Fine, thanks ! This was typed on R2
Voila! You just made it possible to have a chat with your friend at a remote Cisco router! If you want to stop the session, you can use Ctrl-Shift-6 + x and then enter the "disconnect" command.
There are 2 terminal options that can be configured under source vtys and can change the behavior of text output:
dispatch-timeout 10000 : This one makes the packets be transmitted every 10 secs
dispatch-character 13 : This one causes the current number of typed chars to be sent after you press Enter (ASCII 13). By default each char is sent immediately.
Note : Because of its ability to send raw UDP datagrams that might conflict with other protocols, UDPTN has an implicit access list that only allows UDPTN connections to UDP port 57 (default) or UDP ports greater than 1024.
If only now i could find a way to send such messages automatically, i would probably solve my initial issue. EEM doesn't provide a mechanism to feed chars into a remote session and the Tcl "typeahead/exec" solution makes the process get stuck (and i can't find a way to clear it). Any idea how to send Ctrl-Shift-6 + x?
With Tcl, you can open a TCP Telnet session to the local device and then do whatever you wish with it (it's a pure VTY session, no limitations).
ReplyDeleteAndrew Yourtchenko had a great idea a while ago: you can write to syslog: file system ("documented" somewhere in my blog) and if you configure ESM (to prevent the regular syslog servers from receiving these messages) and a bogus syslog host, you could send a pattern in a UDP packet.
Our "project" was a WOL packet; I got a proof-of-concept (UDP packet with data I've specified) but never got beyond that. If what you need requires a pattern anywhere inside the packet, you just might make this work ;)
Enjoy ... and let us know the outcome ... I would love to see someone running UDP from Tcl on Cisco IOS, I just don't have the time to play with it at the moment.
drop to the linux backend(if your on a 10000), and use a bash/telnet script to ios?
ReplyDeleteI know it sounds like a hack, but im sure theres worse in the wild...
The best way for interview :)
ReplyDeletevery helpful post...... thank you so much
ReplyDeletecan we access router console by using the bash scripting language,what's the procedure for doing that,
ReplyDelete