Category     

NCOS: Out of Band Management

« Go Back

Information

 
Content

NCOS: Out of Band Management

Products Supported: AER31x0, AER21x0, MBR1400v2, MBR1400v1, IBR11x0, IBR6x0B, IBR6x0, CBA850, CBA750B. Click here to identify your router.

NCOS Version: 6.1 - for information on upgrading NCOS Versions, click here.


Quick Links

Summary

Configuration

Usage

Direct Connection

Console Cable

Secure Connection

SSH Hopping

Troubleshooting

Related Articles


Summary

This document is intended to guide an administrator through configuring the Serial Redirector feature on Cradlepoint routers for out-of-band management and troubleshooting of devices with an RS232 console interface. Once turned on, this feature is used by establishing a telnet client session with the router, which then redirects the telnet traffic to the attached console cable.


Configuration

Configuration Difficulty: Intermediate

Physical Setup

  1. Obtain the necessary equipment.

  • IBR11x0: When initiating serial redirect from this router model, a DB9 Male to Male serial adapter is required. An example is located here. This product is not sold by Cradlepoint.
  • Supported Products for USB to Serial: COR IBR600/IBR650, COR IBR600B/IBR650B, COR IBR1100/IBR1150; AER1600/AER1650, AER2100: A USB-to-serial adapter that uses an FTDI chip set such is required to use the Serial Redirect feature. For more information on finding the right kind of adapter, consult the guide located here.  
    • Optional: 1-to-4 USB to RS232 serial adapter for support of multiple out of band devices.
    • NOTE: It is possible to get the CBA850 and AER3100/AER3150 to work with a USB to serial cable (with one or more serial connections) if a high-speed USB hub is connected between the router and the USB to serial cable.
  • Supported Products with RJ45 Console: CBA850 (for OOBM of connected device), AER3100/AER3150 (to be managed)
  • Note: Not all Cisco RJ45 serial console ports are standard. Usually TX/RX is the same, but the control signals (such as RTS/CTS for HW handshaking) vary by product. While doing simple out of band management is often fine, using advanced control signals varies. Either avoid these advanced signals, or make custom cables to match that Cisco model's RJ45 serial console port.
  1. Make all the appropriate physical connections before beginning the configuration.

Place 1601_FW6_img1.png here

For example:

Place 1601_FW6_img2.png here

Software Setup

Note: Not required for Cradlepoints using RJ45 Console port
  • Step 1: Log into the router's NCOS Page. For help with logging in please click here.
  • Step 2: Click on System tab on the left and select Serial Redirector.

User-added image

  • Step 3: Place a check mark next to Enabled and click the Submit button. Wait for Server Status to become "Ready".
    • Note: The Server Status will read Starting and never change if there is a problem with the detection of the adapter. This usually means the adapter is not supported by the router.
  • Step 4: In the USB Serial Adapter Configuration section, set the values to match those used by your device.
    • NOTE: Some routers require slightly different settings than Cradlepoint's defaults. If you find that the console window does not appear to be displaying the data correctly (such as inserting a blank row between each line of text), try changing the Cradlepoint's "Line Feed" option to a different value and then try again.
  • Step 5: Click Submit again if additional changes were made.

Place 1601_FW6_img4.png here


Usage

Direct Connection

NOTE: Cradlepoint highly recommends using the SSH-to-Serial access option instead because it is encrypted and requires a username and password. We recommend NOT using telnet-to-serial access unless the device is on a private network and not accessible from the Internet.

Using your system's telnet client software, establish a session to the Cradlepoint.

The example below shows a local connection through PuTTY.

  • Specify the Cradlepoint's LAN or WAN IP address.
    • (Note: the WAN connection will not work unless WAN is enabled within the router's System Settings>Serial Redirect>Telnet to Serial Configuration section. This option is highly insecure and should not be used unless the Cradlepoint router is on a private network and not accessible from the Internet.)
  • Specify the telnet port specified on the router's System Settings>Serial Redirect>Telnet to Serial Configuration page.

Place 1601_FW6_img5.png here

Once the session is established, you may interact directly with your hardware.

Place 1601_FW6_img6.png here

Console Cable

On the CBA850 a Console port is available to use for Out of Band Management (OOBM) to a third party device. To be able to access the CLI of the third party router/firewall, you will need to have the following.

  • SSH Client installed on your computer (for example: PuTTY).
  • Public Static/Dynamic IP address with your ISP.
  • A router/firewall with a console port.

NOTE: The CBA850 console port requires the use of a rollover cable.

  • Step 1: Pull up your SSH Client (PuTTY) and type in the public IP address for the CBA850.

User-added image

  • Step 2: Once logged into the CBA850's CLI you will type the command of serial. This will start session to your router/firewall that is connected to the console port of the CBA850.

User-added image

Out of Band Management with the Console port only allows one connection at a time.

Secure Connection

An alternate, and secure, way to access your hardware would be to establish a SSH session to the Cradlepoint. This can be done in one of three ways:

Once you have access to the router's CLI, you can issue the serial command to create a console session to your hardware.

Use the following command to initiate the serial redirect:

serial

If you are using a 1-to-4 USB to Serial Adapter, utilize the following command to initiate a serial connection to a specific client device:

serial # - for example - serial 3

Place 1601_FW6_img7.png here

After the session is established, you will be able to access the console of your device.

Place 1601_FW6_img8.png here

Use the following commands to end the session:

CTRL + W to break connection to the device, but keep the SSH session up

CTRL + Q to break connection to the device and end the SSH session

SSH Hopping

Users are able to SSH into any device on either the WAN or LAN that is running an SSH Server.

Configurable Options: - Port - Login name - Data compression - Session ciphers

Supported ciphers: -

  • aes256-ctr 
  • aes192-ctr 
  • aes128-ctr 
  • aes256-cbc 
  • aes192-cbc
  • aes128-cbc 
  • 3des-cbc 
  • blowfish-cbc
Client uses the below ciphers by default for PCI-Compliance:
  • aes256-ctr
  • aes192-ctr
  • aes128-ctr

Required arguments: hostname Either the hostname or a user@hostname pair

Optional arguments:

  • -v Debug level. May be specified up to 3 times (-v, -vv, -vvv).
  • -C Requests compression of all data.
  • -1 Force ssh to try protocol version 1 only.
  • -2 Force ssh to try protocol version 2 only.
  • -l Specifies login name.
  • -p Specifies port.
  • -c Comma separated list of ciphers (e.g. aes256-ctr,aes192-ctr,aes128-ctr,).

Place 1601_FW6_img8.png here

NOTE: When asked if your trust the host key; make sure to type "yes" and not "y"

NOTE: Only one session can be active at the a time. If a new session is opened (if the device is accessed by a different method, or by a second user) before the original one is stopped, you may receive garbled feedback.

NCM Out of Band Management


From NCM if the device is connected to a serial splitter, profiles and names can be created.
User-added image
User-added image  


Troubleshooting

  • Reboot the hardware, including the Cradlepoint router and its client serial device.
  • Reseat the connectors.
  • Disable/re-enable the Serial Redirect feature on the Cradlepoint router.
  • Ensure you are able to access your device’s console directly through the USB-to-Serial adapter.
  • Check the RS232 settings on your device and make sure they match.

Related Articles/Links


Published Date: 07/14/2017


 
Knowledge Home | Product