NCOS: Out of Band Management
Products Supported: AER31x0, AER21x0, MBR1400v2, MBR1400v1, IBR11x0, IBR6x0B, IBR6x0, CBA850, CBA750B. Click here to identify your router.
NCOS Version: 6.1 - for information on upgrading NCOS Versions, click here.
This document is intended to guide an administrator through configuring the Serial Redirector feature on Cradlepoint routers for out-of-band management and troubleshooting of devices with an RS232 console interface. Once turned on, this feature is used by establishing a telnet client session with the router, which then redirects the telnet traffic to the attached console cable.
Configuration Difficulty: Intermediate
Obtain the necessary equipment.
- IBR11x0: When initiating serial redirect from this router model, a DB9 Male to Male serial adapter is required. An example is located here. This product is not sold by Cradlepoint.
- Supported Products for USB to Serial: COR IBR600/IBR650, COR IBR600B/IBR650B, COR IBR1100/IBR1150; AER1600/AER1650, AER2100: A USB-to-serial adapter that uses an FTDI chip set such is required to use the Serial Redirect feature. For more information on finding the right kind of adapter, consult the guide located here.
- Optional: 1-to-4 USB to RS232 serial adapter for support of multiple out of band devices.
- NOTE: It is possible to get the CBA850 and AER3100/AER3150 to work with a USB to serial cable (with one or more serial connections) if a high-speed USB hub is connected between the router and the USB to serial cable.
- Supported Products with RJ45 Console: CBA850 (for OOBM of connected device), AER3100/AER3150 (to be managed)
- Note: Not all Cisco RJ45 serial console ports are standard. Usually TX/RX is the same, but the control signals (such as RTS/CTS for HW handshaking) vary by product. While doing simple out of band management is often fine, using advanced control signals varies. Either avoid these advanced signals, or make custom cables to match that Cisco model's RJ45 serial console port.
Make all the appropriate physical connections before beginning the configuration.
Note: Not required for Cradlepoints using RJ45 Console port
- Step 1: Log into the router's NCOS Page. For help with logging in please click here.
- Step 2: Click on System tab on the left and select Serial Redirector.
- Step 3: Place a check mark next to Enabled and click the Submit button. Wait for Server Status to become "Ready".
- Note: The Server Status will read Starting and never change if there is a problem with the detection of the adapter. This usually means the adapter is not supported by the router.
- Step 4: In the USB Serial Adapter Configuration section, set the values to match those used by your device.
- NOTE: Some routers require slightly different settings than Cradlepoint's defaults. If you find that the console window does not appear to be displaying the data correctly (such as inserting a blank row between each line of text), try changing the Cradlepoint's "Line Feed" option to a different value and then try again.
- Step 5: Click Submit again if additional changes were made.
NOTE: Cradlepoint highly recommends using the SSH-to-Serial access option instead because it is encrypted and requires a username and password. We recommend NOT using telnet-to-serial access unless the device is on a private network and not accessible from the Internet.
Using your system's telnet client software, establish a session to the Cradlepoint.
The example below shows a local connection through PuTTY.
- Specify the Cradlepoint's LAN or WAN IP address.
- (Note: the WAN connection will not work unless WAN is enabled within the router's System Settings>Serial Redirect>Telnet to Serial Configuration section. This option is highly insecure and should not be used unless the Cradlepoint router is on a private network and not accessible from the Internet.)
- Specify the telnet port specified on the router's System Settings>Serial Redirect>Telnet to Serial Configuration page.
Once the session is established, you may interact directly with your hardware.
On the CBA850 a Console port is available to use for Out of Band Management (OOBM) to a third party device. To be able to access the CLI of the third party router/firewall, you will need to have the following.
- SSH Client installed on your computer (for example: PuTTY).
- Public Static/Dynamic IP address with your ISP.
- A router/firewall with a console port.
NOTE: The CBA850 console port requires the use of a rollover cable.
- Step 1: Pull up your SSH Client (PuTTY) and type in the public IP address for the CBA850.
- Step 2: Once logged into the CBA850's CLI you will type the command of serial. This will start session to your router/firewall that is connected to the console port of the CBA850.
Out of Band Management with the Console port only allows one connection at a time.
An alternate, and secure, way to access your hardware would be to establish a SSH session to the Cradlepoint. This can be done in one of three ways:
Once you have access to the router's CLI, you can issue the serial command to create a console session to your hardware.
Use the following command to initiate the serial redirect:
If you are using a 1-to-4 USB to Serial Adapter, utilize the following command to initiate a serial connection to a specific client device:
serial # - for example - serial 3
After the session is established, you will be able to access the console of your device.
Use the following commands to end the session:
CTRL + W to break connection to the device, but keep the SSH session up
CTRL + Q to break connection to the device and end the SSH session
Users are able to SSH into any device on either the WAN or LAN that is running an SSH Server.
Configurable Options: - Port - Login name - Data compression - Session ciphers
Supported ciphers: -
Client uses the below ciphers by default for PCI-Compliance:
Required arguments: hostname Either the hostname or a user@hostname pair
- -v Debug level. May be specified up to 3 times (-v, -vv, -vvv).
- -C Requests compression of all data.
- -1 Force ssh to try protocol version 1 only.
- -2 Force ssh to try protocol version 2 only.
- -l Specifies login name.
- -p Specifies port.
- -c Comma separated list of ciphers (e.g. aes256-ctr,aes192-ctr,aes128-ctr,).
NOTE: When asked if your trust the host key; make sure to type "yes" and not "y"
NOTE: Only one session can be active at the a time. If a new session is opened (if the device is accessed by a different method, or by a second user) before the original one is stopped, you may receive garbled feedback.
NCM Out of Band Management
From NCM if the device is connected to a serial splitter, profiles and names can be created.
- Reboot the hardware, including the Cradlepoint router and its client serial device.
- Reseat the connectors.
- Disable/re-enable the Serial Redirect feature on the Cradlepoint router.
- Ensure you are able to access your device’s console directly through the USB-to-Serial adapter.
- Check the RS232 settings on your device and make sure they match.
Published Date: 07/14/2017