Knowledge Base

 
Reset Search
 

 

Article

NCOS: Out of Band Management

« Go Back

Information

 
Content

NCOS: Out of Band Management

Products Supported: AER31x0, AER21x0, MBR1400v2, MBR1400v1, IBR11x0, IBR6x0B, IBR6x0, CBA850, CBA750B. See Identify Cradlepoint Products​ to identify your router.

To use this feature via NCM, you must have a
NetCloud Prime (Essentials) or Enterprise (Advanced) Branch account. See NetCloud Manager Tiers for more information.

NCOS Version: 6.1* - for information on upgrading NCOS Versions, see NCOS: How to update the NCOS of a Cradlepoint router.

*Certain NCOS v6.2 features are included in this article.


Quick Links

Summary

Configuration

Connection Methods

SSH Hopping

Out of Band Management Features with v6.2 Firmware

Troubleshooting

Related Articles


Summary

This document is intended to guide administrators through configuring the Serial Redirector feature on Cradlepoint routers for out-of-band management and troubleshooting of devices with an RS232 console interface. Once enabled, this feature is used by establishing an SSH or Telnet client session with the router, which then redirects the SSH or Telnet traffic to the attached console cable.


Configuration

Configuration Difficulty: Intermediate

Hardware Setup

Obtain the cabling/connectors required for the type of connection being made with the serial redirect. Use the following table for reference:
 

Serial Redirector Connector Reference
Connection TypeSupported ProductsType of ConnectorNotes
Serial-to-serial
  • IBR11x0 series
DB9 Male to Male Serial Adapter 
USB-to-serial
  • COR IBR600/IBR650
  • COR IBR600B/IBR650B
  • CORIBR1100/IBR1150
  • AER1600/AER1650 and AER2100
The USB-to-serial adapter must use an FTDI chip set. See Cradlepoint Serial Console Support for more information.1-to-4 USB-to-RS232 serial adapter can be used for multiple out of band devices.
RJ45 serial console
  • CBA850 (head unit) 1, 2
  • AER3100/AER3150 (devices managed by the CBA850)
  
The CBA850 and AER3100/AER3150 will work with a USB-to-serial cable (with one or more serial connections) if a high-speed USB hub is connected between the router and the USB-to-serial cable.

Not all Cisco RJ45 serial console ports are standard. Their TX/RX pins provide standard transmit/receive functionality, but the control signals (such as RTS/CTS for HW handshaking) vary by product. Performing simple out of band management with Cisco RJ45 serial console ports is usually possible, but using advanced control signals varies. Either avoid these advanced signals, or assemble custom cables to match the Cisco model's RJ45 serial console port.


1. Make the required hardware connections before beginning the software configuration. (A USB-to-serial connection is shown below as an example.)

    a. Connect a USB-to-serial adapter (callout 1) to the USB port of the Cradlepoint router (callout 2).

    b. Connect a console cable (callout 3) to the USB-to-serial adapter.

    c. Connect the console cable to the console port of the device to manage (callout 4).

Physical connections for OOBM devices
 

 

Example:

Place 1601_FW6_img2.png here
 

Software Setup

Note: No software setup is required for Cradlepoint routers using RJ45 console-port connections.

Use the following steps to enable and configure the Cradlepoint router’s software settings for serial redirection.

1. Log into the router's NCOS Page. For help with logging in, see NCOS: Accessing the Setup Pages of a Cradlepoint Router.

2. Click on the SYSTEM tab on the left, and then select Serial Redirector
 

User-added image

3. Place a check mark next to Enabled in the Telnet to Serial Configuration area, and then click the Submit button. Wait for the Server Status field to indicate "Ready".

Note: If there is a problem with the detection of the adapter, the Server Status field will display Starting and never change. This usually means the adapter is not supported by the router.

4. In the USB Serial Adapter Configuration section, set the values to match those used by your device.

Note: Some routers require slightly different settings than Cradlepoint's default router settings. If the console window does not display text correctly (such as inserting a blank row between each line of text), change the Cradlepoint's Linefeed setting to a different value and then try again.

Place 1601_FW6_img4.png here

5. Click the Submit button again if additional changes were made.


Connection Methods

Client software is required to open SSH/Telnet connections to Cradlepoint routers. The SSH/Telnet client software, PuTTY, is used in the following procedures. For more information on installing and using PuTTY, see Download PuTTY.

SSH-to-Serial (Secure Connection)

The recommended, secure method to access your hardware is to first establish an SSH session to the Cradlepoint router. Establishing SSH sessions to Cradlepoint routers can be done in any of the three following ways:
Note: To connect to the Cradlepoint router using client software, the router must have a publicly routable WAN IP address. See NCOS: How to determine if you have a publicly routable IP address for more information.​​
​1. Open your SSH client software (PuTTY, in this example) and type in the public IP address and port for the Cradlepoint router in the Host Name (or IP Address) and Port fields.

Place 1601_FW6_img7.png here

2.  Select SSH for the Connection type.

3. Click the Open button to establish an SSH connection to the Cradlepoint router.

Once you have established an SSH connection to the router's command-line interface (CLI), use the serial command to create a console session from the Cradlepoint router to the serially-connected device.
 
serial

If you are using a 1-to-4 USB-to-Serial adapter, use the following command format to initiate a serial connection to a specific client device:
 
serial #

For example, to connect serially to a device connected to the third port of USB-to-Serial adapter:
 
serial 3 

After the session is established, you have access to the console of your device.

Place 1601_FW6_img8.png here

Use the following commands to end the session:

  • CTRL + W to break the connection to the device, but keep the SSH session up
  • CTRL + Q to break the connection to the device and end the SSH session

Console Cable Connection (CBA850 only)

The CBA850 router has a console port for Out of Band Management (OOBM) of third-party devices. Console access from a CBA850 to the CLI of a third-party router/firewall requires the following:

  • An SSH Client installed on your computer (e.g PuTTY)
  • A Public Static/Dynamic IP address with your ISP
  • A router/firewall with a console port

NOTE: The CBA850 console port requires the use of a rollover cable or adapter.

1. Open your SSH Client (PuTTY, in this example) and type the public IP address for the CBA850 in the Host Name (or IP Address) field.

2. Select SSH for the Connection type.

User-added image

3. Click the Open button to establish an SSH connection to the CBA850.

4. Type the command

serial

at the CBA850’s command line prompt to start a session from the CBA850 to the device connected to the console port of the CBA850.

User-added image

Note: Out of Band Management with the console port allows only one connection at a time.

Telnet-to-Serial (Direct Connection)

Important: Cradlepoint recommends using the SSH-to-Serial connection method whenever possible because it is encrypted and requires a username and password. Cradlepoint does NOT recommend using Telnet-to-serial access unless the device is on a private network and is not accessible from the Internet.​

1. Open your SSH client software (PuTTY, in this example) and type in the public IP address for the Cradlepoint router in the Host Name (or IP Address) field.

Note: The WAN connection will not work unless WAN is enabled within the router's system settings (SYSTEM > Serial Redirector > Telnet to Serial Configuration area).​

2. Type the Telnet port number in the Port field. This port number is listed on the router's SYSTEM > Serial Redirector > Telnet to Serial Configuration area in the Server Port field.

3. Select Telnet for the Connection type.

Place 1601_FW6_img5.png here

4. Click the Open button to establish the Telnet session and interact directly with your hardware connected to the Cradlepoint router.

Place 1601_FW6_img6.png here

SSH Hopping

Users are able to SSH into any device on either the WAN or LAN that is running an SSH Server.

Configurable Options: - Port - Login name - Data compression - Session ciphers

Supported ciphers: -

  • aes256-ctr 
  • aes192-ctr 
  • aes128-ctr 
  • aes256-cbc 
  • aes192-cbc
  • aes128-cbc 
  • 3des-cbc 
  • blowfish-cbc
Client uses the below ciphers by default for PCI-Compliance:
  • aes256-ctr
  • aes192-ctr
  • aes128-ctr

Required arguments: hostname Either the hostname or a user@hostname pair

Optional arguments:

  • -v Debug level. May be specified up to 3 times (-v, -vv, -vvv).
  • -C Requests compression of all data.
  • -1 Force ssh to try protocol version 1 only.
  • -2 Force ssh to try protocol version 2 only.
  • -l Specifies login name.
  • -p Specifies port.
  • -c Comma separated list of ciphers (e.g. aes256-ctr,aes192-ctr,aes128-ctr,).

Place 1601_FW6_img8.png here

NOTE: When asked if your trust the host key; make sure to type "yes" and not "y."

NOTE: Only one session can be active at the a time. If a new session is opened (if the device is accessed by a different method, or by a second user) before the original one is stopped, you may receive garbled feedback.​

 


Out of Band Management Features with v6.2 Firmware

Starting with NCOS v6.2, NetCloud Manager provides improved Out of Band Management features, including the following:

  • OOBM access for Diagnostic-role users
  • The Remote Connect menu, with all remote connection features located in one place.
  • The ability to create OOBM connection profiles for one-click connection and access to devices.
  • The Cradlepoint CLI is not required for access.
  • Increased console-buffer size to hold and view more information.
This section provides the steps necessary to create and use OOBM connection profiles.

Remote Connect menu
 

Create an OOBM Connection Profile

1. Click the Remote Connect menu.

2. Click Add/Edit for Out of Band Manager.

3. From the Remote Connect screen, click the Add button in the Out of Band Manager area.

4.  On the Add Serial Profile dialog do the following:

      a. Type a name for the connection profile in the Name field.

      b. Select the serial port that the connection will use, from the Serial drop-down box.

      c. Click the Save button to save the OOBM connection profile.

User-added image
 

Use an OOBM Connection Profile 

OOBM Connection Profiles can be accessed and used with either of the following methods:

From the Remote Connect menu:


Select the profile from the Out of Band Manager area in the Remote Connect menu.


Remote Connect menu
 
From the Remote Connect screen:


Click the Connect button next to the profile.


Remote connect - Connect screen
 


 

Troubleshooting

  • Reboot the hardware, including the Cradlepoint router and its client serial device.
  • Reseat the connectors.
  • Disable/re-enable the Serial Redirect feature on the Cradlepoint router.
  • Ensure you are able to access your device’s console directly through the USB-to-Serial adapter.
  • Check the RS232 settings on your device and make sure they match.

Related Articles/Links


Published Date: 07/14/2017

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255