Discovered this trick and it’s definitely one for the Networking Admin cook books.

1. You need to make sure the router1 AUX port is configured with the following lines:

line aux 0
exec-timeout 5 0
modem InOut
no exec
transport input all
transport output none
stopbits 1
 

2. Determine the AUX line number using CLI command “show line”:

router1#show line

Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
0 CTY              –    –      –    –    –      0       0     0/0       –
* 1 AUX   9600/9600  – inout     –    –    –    265       0  2607/0       –
* 2 VTY              –    –      –    –   20   1147       0     0/0       –
* 3 VTY              –    –      –    –   20    727       0     0/0       –
4 VTY              –    –      –    –   20     15       0     0/0       –
5 VTY              –    –      –    –   20      1       0     0/0       –
6 VTY              –    –      –    –   20      0       0     0/0       –
7 VTY              –    –      –    –   20      0       0     0/0       –

The output above was from router 1, and it tells you the AUX is at line 1.

3. Determine the router loopback interface using “show ip int brief”:

router1#sh ip int bri

Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0/0   unassigned      YES NVRAM  up                    up
Gi0/0/0.10             10.0.1.4     YES NVRAM  up                    up
GigabitEthernet0/0/1   unassigned      YES NVRAM  up                    up
Loopback0              192.168.255.152  YES NVRAM  up                    up

The loopback 0 address 192.168.255.152 will be used for the AUX console connection.

4. Use reverse telnet to connect to the neighbour device console port

The AUX to console connection is via reverse telnet; effectively you are launching telnet against the localhost on the reverse telnet port.

Therefore you need to telnet to the local device on TCP port 2000 + line number

For ROUTER1, you need to run the following command:

router1#telnet 192.168.255.152 2001

Where 192.168.255.152 is the loopback 0 address, 2001 is TCP port 2000 + 1 (line number 1).
Once you have connection, you need to authenticate again on router 1 (using local password or TACACS). Once authenticated you will then to connected to the remote device console port.

The console log below will give you an example of reverse telnet connection to Router 2 from Router 01:

router1#telnet 192.168.255.20 2001

Trying 192.168.255.152, 2001 … Open

router1

*************************************************************************

Access to this computer system is limited to authorised users only.
Unauthorised users may be subject to prosecution.

*************************************************************************

username: blah  ———-> This is the re-authentication to router1
password:
Username:blah  ———-> This is the console authentication to router1
Password: ********

*********************************************************************

This device is for authorise users only.
All access and use may be monitored.
Use of the system implies consent to these conditions.

*********************************************************************

Type help or ‘?’ for a list of available commands.

ROUTER2>