Education – Australia / New Zealand

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Aruba Employee

Configuring a Comware router to act as a terminal server

Overview
It can be really useful to have direct serial port access to devices. In the case of network devices, this enables bare metal access, including access to the boot-loader, service OS, etc. This was typically provided using a dedicated terminal server. You can provide essentially the same functionality using one of the HPE MSR routers and the appropriate async serial ports.

(Updated June 2019 with some extra settings.)

Router Components
This is the list of hardware I have used to provide 8 ports of serial console access:

 

  • HPE MSR 3012
  • 8 port async module (SIC-8AS)
  • 8 port RJ45 cable

2018-02-15 07.17.37.jpg

2018-02-15 07.19.25.jpg

 

Router Configuration
Configuration is very straighforward. Only a few CLI commands are required when most options are left at default.

Before you start, determine what ports are available, and what their identifiers are. For this router, the relevant ports are Async 1/0 to Async 1/7, with index 16-23, TTY 17-24.

 

[MSR3012]dis line
  Idx  Type     Tx/Rx      Modem Auth  Int          Location
  16   TTY 17   9600       -     N     Asy1/0       0/0
  17   TTY 18   9600       -     N     Asy1/1       0/0
  18   TTY 19   9600       -     N     Asy1/2       0/0
  19   TTY 20   9600       -     N     Asy1/3       0/0
  20   TTY 21   9600       -     N     Asy1/4       0/0
  21   TTY 22   9600       -     N     Asy1/5       0/0
  22   TTY 23   9600       -     N     Asy1/6       0/0
  23   TTY 24   9600       -     N     Asy1/7       0/0
  32   TTY 33   9600       inout N     Ser2/0:0     0/0
  176  AUX 0    9600       -     N     Aux0         0/0

Configure the async ports 

The phy and qos settings are new to this post; they are probably not required but the guys in L4 support have them on their routers.

interface Async1/0
description Remote Serial 0 port 4000
async-mode flow
undo detect dsr-dtr
phy-mru 8
qos fifo queue-length 1024
#
interface Async1/1
description Remote port 4001
async-mode flow
undo detect dsr-dtr
phy-mru 8
qos fifo queue-length 1024
#
interface Async1/2
description Remote port 4002
async-mode flow
undo detect dsr-dtr
phy-mru 8
qos fifo queue-length 1024
#
interface Async1/3
description Remote port 4003
async-mode flow
undo detect dsr-dtr
phy-mru 8
qos fifo queue-length 1024
#
interface Async1/4
description Remote port 4004
async-mode flow
undo detect dsr-dtr
phy-mru 8
qos fifo queue-length 1024
#
interface Async1/5
description Remote port 4005
async-mode flow
undo detect dsr-dtr
phy-mru 8
qos fifo queue-length 1024
#
interface Async1/6
description Remote port 4006
async-mode flow
undo detect dsr-dtr
phy-mru 8
qos fifo queue-length 1024
#
interface Async1/7
description Remote port 4007
async-mode flow
undo detect dsr-dtr
phy-mru 8
qos fifo queue-length 1024

Configure the TTY lines

These are common to all tty lines.

line tty 17 24
 undo shell
flow-control none user-role network-operator
idle-timeout 30 0 ssh redirect enable

Add the port number to each tty line, along with any speed setting different to the default of 9600.

 speed 115200
 ssh redirect listen-port 4004

Instead of SSH, you could use Telnet. These commands replace the equivalent ssh lines, and allow a direct connection without first logging in to the router. You can use connection type telnet, raw, rlogin with the port number from Putty, but not ssh.

redirect enable
redirect listen-port 4004 

Testing
Connect a rollover cable to one of the async ports; take a note of the ID on the cable. In the example below, cable ID 7 equates to interface Async 0/7, TTY 24, index 23. The default port number is 4000 added to the index (IDX) number. It is usually easier to define the port to make more sense (like the async number printed on the cable + 4000. eg async 4 = 4004.

Start a terminal emulator (eg Putty or Tera Term) and enter the IP and port details: 10.20.30.12:4023

 

tera term ssh redirect.png

You will now have remote access to the console port of the device connected to that async port. When you log out, you will see the normal console port sign-out screen

 

reverse telnet putty serial.png

Session details are available with the following commands. Note the Idx numbers (20-23 here) to match the configured async ports. (The other entry is a login to the console port of the router.)

[MSR3012]dis ssh server session
UserPid SessID Ver Encrypt State Retries Serv Username Idx
1472 0 2.0 aes256-ctr Established 0 Stelnet admin
1740 0 2.0 aes256-ctr Established 1 Stelnet admin 20
1746 0 2.0 aes256-ctr Established 0 Stelnet admin 21
1758 0 2.0 aes256-ctr Established 0 Stelnet admin 22
1764 0 2.0 aes256-ctr Established 0 Stelnet admin 23

[MSR3012]dis tcp
*: TCP connection with authentication
Local Addr:port Foreign Addr:port State Slot PCB
0.0.0.0:22 0.0.0.0:0 LISTEN 0 0xffffffffffffffae
0.0.0.0:4000 0.0.0.0:0 LISTEN 0 0xfffffffffffffff8
0.0.0.0:4001 0.0.0.0:0 LISTEN 0 0xfffffffffffffff5
0.0.0.0:4002 0.0.0.0:0 LISTEN 0 0xfffffffffffffff2
0.0.0.0:4003 0.0.0.0:0 LISTEN 0 0xffffffffffffffef
0.0.0.0:4004 0.0.0.0:0 LISTEN 0 0xffffffffffffffec
0.0.0.0:4005 0.0.0.0:0 LISTEN 0 0xffffffffffffffe9
0.0.0.0:4006 0.0.0.0:0 LISTEN 0 0xffffffffffffffe6
0.0.0.0:4007 0.0.0.0:0 LISTEN 0 0xffffffffffffffe2
10.20.30.12:22 10.20.30.103:50345 ESTABLISHED 0 0xffffffffffffffc1
10.20.30.12:4003 10.20.30.103:54705 TIME_WAIT 0 0xfffffffffffffffe
10.20.30.12:4004 10.20.30.103:54818 ESTABLISHED 0 0xffffffffffffffff
10.20.30.12:4005 10.20.30.103:54916 ESTABLISHED 0 0x0000000000000001
10.20.30.12:4006 10.20.30.103:55039 ESTABLISHED 0 0x0000000000000003
10.20.30.12:4007 10.20.30.103:55079 ESTABLISHED 0 0x0000000000000004

 Notes

  • Regular ethernet cables don't work - you have to use a serial/rollover cable
  • You can connect to an async port even if nothing is physically connected to it, but you will get nothing other than the username/password prompt
  • I have tested this with Comware 5, Comware 7, ProCurve, AOS-S, AOS-CX (with speed 115200)

 



Richard Litchfield, HPE Aruba
Consulting System Engineer
Network Ambassador
4 REPLIES 4
New Member

Re: Configuring a Comware router to act as a terminal server

Hi, I want to do similar configuration. I have router MSR954 with SIC-1SAE async module. When I show available lines, I can see ony 1 tty line. It is assigned to interface ser0/0. This line showed when I set int se0/0 to async mode. 

<HPE>dis line
  Idx  Type     Tx/Rx      Modem Auth  Int          Location
  0    TTY 1    9600       -     N     Ser0/0       0/0
  80   AUX 0    9600       -     N     Aux0         0/0
+ 81   VTY 0               -     A     -            0/0
.
  144  VTY 63              -     A     -            0/0

I can't see any Async interfaces. 

Do You have any ideas what the problem could be? 

Aruba Employee

Re: Configuring a Comware router to act as a terminal server

You might want to confirm the model of the router - the MSR95x models we have availabel in our APJ region (and I thought all regions) do not have any slots. Maybe you have another MSR router that does have a SIC module (like an MSR1000 or MSR3000).



Richard Litchfield, HPE Aruba
Consulting System Engineer
Network Ambassador
New Member

Re: Configuring a Comware router to act as a terminal server

Thanks for your reply. My router is HPE MSR954 Serial Dual 4G Router (Worldwide) - JH373A. 

Aruba Employee

Re: Configuring a Comware router to act as a terminal server

PS: Just updated with some additional settings and config options.

Tested successfully with both the 8400 and 8320 running AOS-CX. You should not often need a console port on the CX core/agg boxes - use the MGMT port - but it can be really useful if you need access to the Service-OS.



Richard Litchfield, HPE Aruba
Consulting System Engineer
Network Ambassador
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: