Education - Australia / New Zealand

last person joined: 25 days ago 

A local community of Aruba education customers across Australia/NZ. This group will be moderated by Aruba staff and kept up to date with any upcoming training or events that are relevant to the EDU space.
Expand all | Collapse all

Configuring a Comware router to act as a terminal server

This thread has been viewed 7 times
  • 1.  Configuring a Comware router to act as a terminal server

    Posted Feb 14, 2018 09:47 PM

    Overview
    It can be really useful to have direct serial port access to devices. In the case of network devices, this enables bare metal access, including access to the boot-loader, service OS, etc. This was typically provided using a dedicated terminal server. You can provide essentially the same functionality using one of the HPE MSR routers and the appropriate async serial ports.

    (Updated June 2019 with some extra settings.)

    Router Components
    This is the list of hardware I have used to provide 8 ports of serial console access:

     

    • HPE MSR 3012
    • 8 port async module (SIC-8AS)
    • 8 port RJ45 cable

    2018-02-15 07.17.37.jpg

    2018-02-15 07.19.25.jpg

     

    Router Configuration
    Configuration is very straighforward. Only a few CLI commands are required when most options are left at default.

    Before you start, determine what ports are available, and what their identifiers are. For this router, the relevant ports are Async 1/0 to Async 1/7, with index 16-23, TTY 17-24.

     

    [MSR3012]dis line
      Idx  Type     Tx/Rx      Modem Auth  Int          Location
      16   TTY 17   9600       -     N     Asy1/0       0/0
      17   TTY 18   9600       -     N     Asy1/1       0/0
      18   TTY 19   9600       -     N     Asy1/2       0/0
      19   TTY 20   9600       -     N     Asy1/3       0/0
      20   TTY 21   9600       -     N     Asy1/4       0/0
      21   TTY 22   9600       -     N     Asy1/5       0/0
      22   TTY 23   9600       -     N     Asy1/6       0/0
      23   TTY 24   9600       -     N     Asy1/7       0/0
      32   TTY 33   9600       inout N     Ser2/0:0     0/0
      176  AUX 0    9600       -     N     Aux0         0/0

    Configure the async ports 

    The phy and qos settings are new to this post; they are probably not required but the guys in L4 support have them on their routers.

    interface Async1/0
    description Remote Serial 0 port 4000
    async-mode flow
    undo detect dsr-dtr
    phy-mru 8
    qos fifo queue-length 1024
    #
    interface Async1/1
    description Remote port 4001
    async-mode flow
    undo detect dsr-dtr
    phy-mru 8
    qos fifo queue-length 1024
    #
    interface Async1/2
    description Remote port 4002
    async-mode flow
    undo detect dsr-dtr
    phy-mru 8
    qos fifo queue-length 1024
    #
    interface Async1/3
    description Remote port 4003
    async-mode flow
    undo detect dsr-dtr
    phy-mru 8
    qos fifo queue-length 1024
    #
    interface Async1/4
    description Remote port 4004
    async-mode flow
    undo detect dsr-dtr
    phy-mru 8
    qos fifo queue-length 1024
    #
    interface Async1/5
    description Remote port 4005
    async-mode flow
    undo detect dsr-dtr
    phy-mru 8
    qos fifo queue-length 1024
    #
    interface Async1/6
    description Remote port 4006
    async-mode flow
    undo detect dsr-dtr
    phy-mru 8
    qos fifo queue-length 1024
    #
    interface Async1/7
    description Remote port 4007
    async-mode flow
    undo detect dsr-dtr
    phy-mru 8
    qos fifo queue-length 1024

    Configure the TTY lines

    These are common to all tty lines.

    line tty 17 24
     undo shell
    flow-control none user-role network-operator
    idle-timeout 30 0 ssh redirect enable

    Add the port number to each tty line, along with any speed setting different to the default of 9600.

     speed 115200
     ssh redirect listen-port 4004

    Instead of SSH, you could use Telnet. These commands replace the equivalent ssh lines, and allow a direct connection without first logging in to the router. You can use connection type telnet, raw, rlogin with the port number from Putty, but not ssh.

    redirect enable
    redirect listen-port 4004 

    Testing
    Connect a rollover cable to one of the async ports; take a note of the ID on the cable. In the example below, cable ID 7 equates to interface Async 0/7, TTY 24, index 23. The default port number is 4000 added to the index (IDX) number. It is usually easier to define the port to make more sense (like the async number printed on the cable + 4000. eg async 4 = 4004.

    Start a terminal emulator (eg Putty or Tera Term) and enter the IP and port details: 10.20.30.12:4023

     

    tera term ssh redirect.png

    You will now have remote access to the console port of the device connected to that async port. When you log out, you will see the normal console port sign-out screen

     

    reverse telnet putty serial.png

    Session details are available with the following commands. Note the Idx numbers (20-23 here) to match the configured async ports. (The other entry is a login to the console port of the router.)

    [MSR3012]dis ssh server session
    UserPid SessID Ver Encrypt State Retries Serv Username Idx
    1472 0 2.0 aes256-ctr Established 0 Stelnet admin
    1740 0 2.0 aes256-ctr Established 1 Stelnet admin 20
    1746 0 2.0 aes256-ctr Established 0 Stelnet admin 21
    1758 0 2.0 aes256-ctr Established 0 Stelnet admin 22
    1764 0 2.0 aes256-ctr Established 0 Stelnet admin 23

    [MSR3012]dis tcp
    *: TCP connection with authentication
    Local Addr:port Foreign Addr:port State Slot PCB
    0.0.0.0:22 0.0.0.0:0 LISTEN 0 0xffffffffffffffae
    0.0.0.0:4000 0.0.0.0:0 LISTEN 0 0xfffffffffffffff8
    0.0.0.0:4001 0.0.0.0:0 LISTEN 0 0xfffffffffffffff5
    0.0.0.0:4002 0.0.0.0:0 LISTEN 0 0xfffffffffffffff2
    0.0.0.0:4003 0.0.0.0:0 LISTEN 0 0xffffffffffffffef
    0.0.0.0:4004 0.0.0.0:0 LISTEN 0 0xffffffffffffffec
    0.0.0.0:4005 0.0.0.0:0 LISTEN 0 0xffffffffffffffe9
    0.0.0.0:4006 0.0.0.0:0 LISTEN 0 0xffffffffffffffe6
    0.0.0.0:4007 0.0.0.0:0 LISTEN 0 0xffffffffffffffe2
    10.20.30.12:22 10.20.30.103:50345 ESTABLISHED 0 0xffffffffffffffc1
    10.20.30.12:4003 10.20.30.103:54705 TIME_WAIT 0 0xfffffffffffffffe
    10.20.30.12:4004 10.20.30.103:54818 ESTABLISHED 0 0xffffffffffffffff
    10.20.30.12:4005 10.20.30.103:54916 ESTABLISHED 0 0x0000000000000001
    10.20.30.12:4006 10.20.30.103:55039 ESTABLISHED 0 0x0000000000000003
    10.20.30.12:4007 10.20.30.103:55079 ESTABLISHED 0 0x0000000000000004

     Notes

    • Regular ethernet cables don't work - you have to use a serial/rollover cable
    • You can connect to an async port even if nothing is physically connected to it, but you will get nothing other than the username/password prompt
    • I have tested this with Comware 5, Comware 7, ProCurve, AOS-S, AOS-CX (with speed 115200)

     



  • 2.  RE: Configuring a Comware router to act as a terminal server

    Posted Apr 11, 2018 07:51 AM

    Hi, I want to do similar configuration. I have router MSR954 with SIC-1SAE async module. When I show available lines, I can see ony 1 tty line. It is assigned to interface ser0/0. This line showed when I set int se0/0 to async mode. 

    <HPE>dis line
      Idx  Type     Tx/Rx      Modem Auth  Int          Location
      0    TTY 1    9600       -     N     Ser0/0       0/0
      80   AUX 0    9600       -     N     Aux0         0/0
    + 81   VTY 0               -     A     -            0/0
    .
      144  VTY 63              -     A     -            0/0

    I can't see any Async interfaces. 

    Do You have any ideas what the problem could be? 



  • 3.  RE: Configuring a Comware router to act as a terminal server

    Posted Apr 14, 2018 04:40 AM

    You might want to confirm the model of the router - the MSR95x models we have availabel in our APJ region (and I thought all regions) do not have any slots. Maybe you have another MSR router that does have a SIC module (like an MSR1000 or MSR3000).



  • 4.  RE: Configuring a Comware router to act as a terminal server

    Posted Apr 15, 2018 03:42 AM

    Thanks for your reply. My router is HPE MSR954 Serial Dual 4G Router (Worldwide) - JH373A. 



  • 5.  RE: Configuring a Comware router to act as a terminal server

    Posted Jun 22, 2019 10:25 AM

    PS: Just updated with some additional settings and config options.

    Tested successfully with both the 8400 and 8320 running AOS-CX. You should not often need a console port on the CX core/agg boxes - use the MGMT port - but it can be really useful if you need access to the Service-OS.



  • 6.  RE: Configuring a Comware router to act as a terminal server

    Posted Aug 05, 2021 03:21 AM
    Hi All, Good post! This thread goes back a few years but i just so happens that i am looking for a terminal server solution to hook up switches and APs in my lab.

    I was wondering if since then, new (aruba/HPE) products have emerged that can support 8+ async serial connections?