How does this functionality work?
Product details say that Intermediary device support will allow me to use a terminal server to access devices.
The only configuration option I can see that is related to this in V4 is "Intermediary device support, Allow {yes|no}"
Is it also possible to point to a defined telnet port for a specific node?
Thanks!
-JP
I really hate to bump a topic, but I'm wondering if anyone is able to share experience with this feature. I was looking forward to using it to support configuration archives of devices like catalsyt 1900s with enterprise images.
Can someone comment on how this works?
The only reference I can find is enabling/disabling it, but no pointers on how to actually configure it to work. I went through the admin guide and I don't see any documentation beyond enabling it. I would assume that you would need to know the ip of the intermediary device, login creds for the intermediary device, command used to connect to the end device, etc. Would that be done in a device template? If so, what would it look like - how does Cirrus know not to telnet/ssh directly to the end device, but instead to telnet/ssh to the intermediary?
Sorry to keep bumping this topic, but can someone from Solarwinds respond? I submitted a support case with the above information and got back a quote from the admin guide (one line verbage on allow/disallow which I had already noted), they said that was the only information they had, and the case was closed. In order for this to actually work:
Cirrus -> device A (intermediary) -> device B (target)
there would have to be a place to specify the IP of device A, login creds of device A, and the command to connect from device A to device B. Where is that? If this isn't completely baked, I just want to know so we aren't going around in circles. Or is that not what this feature what intended to do? (It sounds like it is from the description in the release notes.)
Thanks
You're right, the documentation is a bit misleading and we're going to clear this up in doc for the next version (for internal folks this is #237).
An intermediary device is a terminal server. As you know, some configurations require a user to login to a terminal server to connect to a device. This feature will work for configurations where a user enters a username and password into the terminal server, hits enter, and then is connected to the network device where they enter the enable password commands.
To confingure terminal server (intermediary) download support you'll need to take the following steps:
NOTE: Nothing special is necessary for Command Scripts, Direct Transfers, or Indirect Transfers
Let me know if this clears up the intended use-case for this feature.
Thanks for clearing this up, but I do have one question. I understand that we enter the credentials for the terminal server (that works correctly, I can connect) but what about the second set of crendetials, the login to the console of the router? We require authentication to login to the device via the console port, just like a VTY line. It looks like this feature is setup with authentication only to the terminal server and once that is passed, you are expecting to be connected to the console of the device, already logged in at user exec mode ( > prompt ).
Chris - Thank you SO MUCH for the response! This absolutely clears up what this feature is and how to use it. It doesn't work for our use case, but for now we will just manually collect configs for those devices and add the files on to the devices in Cirrus.
In case there are plans to expand this feature in the future (or if we can ask for that) - here's what we would like to be able to do:
Cirrus -> device A -> device B
telnet deviceA IP; login to device A; issue a configurable command to connect to device B, such as telnet ${IP of device B} or possibly connect ${field with async port number defined}; login to device B
Sounds like there are others wanting to do this: telnet ${terminal server IP} ${async port unique to device B mapped to a tcp port on the TS}
With or without a login prompt from the TS in addition to a possible login prompt from the target device.
In this case, the terminal server IP would not be unique (multiple devices using that terminal server), although device B would have a unique IP configured (just not used for connection from Cirrus.)
Understood that snmp will not work to the target device without a direct connection to its IP.
The plan is for more secure portions of the network to only be accessible through something serving as a telnet or ssh proxy/"jumphost", so this is going to become a bigger issue down the road.
Thank you!
Thanks for the feedback guys! ceclark, you are correct in your interpretation of the feature. When we originally created intermediary device support, we assumed that the console would not have a password since you're already authenticating to the terminal server. We thought about adding this later, but it fell out of scope given limited requests. I'm going to add this to our tracking system and we'll absolutely consider this for a future version. For internal folks, these are being tracked as #2046 and #2047.
To help us prioritize, if you have similar intermediary device requirements, please chime in!
We would need the ability to add a port number to the telnet setup. Rather than logging into the TS and then connecting, you can telnet directly to a port which is unique for each connected device.
I suppose we could have 'marginal' success by adding some ${CRLF}'s to the Password field for said terminal server. I've had some limited success with this cheat on some other equipment but I haven't tried it in a while.
Username: solarwinds
Password: SuperSecretAdmin${CRLF}terminaluser${CRLF}terminalpassword