11-11-2019 03:03 PM
Hi all,
is there any reason why I don't see telnet as option on ISE 2.4? Do I need to enable somewhere as feature?
It's really annoying if you want to test some connections from ISE. I have ACS 5.8 and telnet is there.
ise02/admin# t?
tech terminal traceroute
Version:
Cisco Identity Services Engine
---------------------------------------------
Version : 2.4.0.357
Build Date : Thu Mar 22 20:01:26 2018
Install Date : Thu Dec 20 23:15:50 2018
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 10
Install Date : Thu Nov 07 23:41:04 2019
Thanks,
N
Solved! Go to Solution.
11-11-2019 04:17 PM
Hi @nenadl
I have bemoaned the removal of this useful command some time ago. As you say, it used to exist in ACS but I have not seen it since ISE 2.2. ACS also had a useful tcpdump command that you can add to your list of commands you'll miss in ISE, not to mention the primitive reporting capabilities in ISE (versus ACS's report generator).
Telnet is not an evil command. It's a very useful command to test the presence of TCP ports in remote hosts. Running a telnet daemon, on the other hand, is not so clever these days. I think whoever removed the telnet command didn't fully grasp the difference.
You could ask to have it included again in a future ISE release.
06-04-2020 06:36 PM
11-11-2019 04:17 PM
Hi @nenadl
I have bemoaned the removal of this useful command some time ago. As you say, it used to exist in ACS but I have not seen it since ISE 2.2. ACS also had a useful tcpdump command that you can add to your list of commands you'll miss in ISE, not to mention the primitive reporting capabilities in ISE (versus ACS's report generator).
Telnet is not an evil command. It's a very useful command to test the presence of TCP ports in remote hosts. Running a telnet daemon, on the other hand, is not so clever these days. I think whoever removed the telnet command didn't fully grasp the difference.
You could ask to have it included again in a future ISE release.
11-11-2019 04:55 PM
Hi @Arne Bier,
thanks for replying. Didn‘t know they removed telnet, for me unnecessary but this is how it is.
For TCP dump there is option from GIU where you can specify on which node (if you have deployment) and choose on which interface you want to run it. You can also specify some filters what is interested for you and open file in Wireshark. I used it couple of times and works very well, helped me for troubleshooting.
Regards,
Nenad
11-11-2019 08:25 PM
Sure, the tcpdump is available via the GUI and it's ok for doing one node at a time. If you have anything more complex and you're trying to capture on more than one node at a time then you can't do this in ISE. Hence, why ACS CLI tcpdump was so useful. Case in point, when using a load balancer and you want to capture traffic on x number of PSNs ... you have no idea where the load balancer will send the traffic.
06-04-2020 11:15 AM
not sure if someone has already replied, we can generate traffic on any port by ssh command
ssh x.x.x.x <port number>
I hope this helps
06-04-2020 06:36 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide