Out of band management is a pretty interesting topic. Getting access to devices that are meant to managed by IP, well sometimes IP is not working anymore. In that case a serial or USB connection to a switch or router via a dedicated line is more than helpful.
Now starts the discussion on what to do and how to realize a out of band management system. The most reliable way to get access to a device is its serial interface. This is very often not affected by any kind of “TCP/IP outage” (DDoS, defective NIC, oversubscription …)
First of all a dedicated line between the Admin room and the server room is necessary. It does not matter if 3G, DialUp or a dedicated LAN link is used. The only requirement is that is can not be effected by the productive network. (a QoS rule could do in certain circumstances)
To get remote access to a serial or USB connection of a Cisco router or switch an additional piece of equipment is necessary. Either you get an additional Router such as an 18xx/28xx/38xx/19xx/29xx/39xx with an Serial and Asynchronous Module or you get a very cheap solution with a raspberry pi and some RS232toUSB converters (depending on the number of devices: e.g. 8x Delock RS232toUSB) or if you use more modern devices an USB hub for e.g. 19xx/29xx/39xx routers or 3750X/3560X/2960X sitches.
All that is needed for the rapsberry pi is a package called “ser2net“. This package makes it easy to get any serial speaking device connected to the network. You can do more than you only Cisco Terminal sessions but well I will stick to this only.
When the Raspbian is installed on your raspberry pi and connected it to your network, you need to install the following package:
sudo aptitude install ser2net
This software installed does all the trick.
Now when you connect your RS232toUSB connector try to find your which serial interfaces will be provided.
In My case is looks similar to this:
#sudo lsusb ... Bus 002 Device 003: ID 9710:7840 MosChip Semiconductor MCS7820/MCS7840 2/4 port serial adapter Bus 002 Device 004: ID 9710:7840 MosChip Semiconductor MCS7820/MCS7840 2/4 port serial adapter ...
Now check that not only the USB has been identified, but that also the USB serial ports have been correctly allocated:
#dmesg | grep USB ... [423853.979726] USB Serial support registered for Moschip 7840/7820 USB Serial Driver [423853.979923] mos7840 2-3.1:1.0: Moschip 7840/7820 USB Serial Driver converter detected [423853.984900] usb 2-3.1: Moschip 7840/7820 USB Serial Driver converter now attached to ttyUSB0 [423853.984992] usb 2-3.1: Moschip 7840/7820 USB Serial Driver converter now attached to ttyUSB1 [423853.985067] usb 2-3.1: Moschip 7840/7820 USB Serial Driver converter now attached to ttyUSB2 [423853.985144] usb 2-3.1: Moschip 7840/7820 USB Serial Driver converter now attached to ttyUSB3 [423854.076425] usb 2-3.2: New USB device found, idVendor=9710, idProduct=7840 [423854.076430] usb 2-3.2: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [423854.076798] mos7840 2-3.2:1.0: Moschip 7840/7820 USB Serial Driver converter detected [423854.081636] usb 2-3.2: Moschip 7840/7820 USB Serial Driver converter now attached to ttyUSB4 [423854.081718] usb 2-3.2: Moschip 7840/7820 USB Serial Driver converter now attached to ttyUSB5 [423854.081790] usb 2-3.2: Moschip 7840/7820 USB Serial Driver converter now attached to ttyUSB6 [423854.081858] usb 2-3.2: Moschip 7840/7820 USB Serial Driver converter now attached to ttyUSB7 ...
To get access now via network the config file for ser2net needs to be updated.
I commented the original entries as reference. Further I added the specific configuration for my needs to get access to the Cisco devices via telnet to the serial console of each device.
BANNER:banner:\r\nser2net port \p device \d [\s] (Debian GNU/Linux)\r\n\r\n #2000:telnet:600:/dev/ttyS0:9600 8DATABITS NONE 1STOPBIT banner #2001:telnet:600:/dev/ttyS1:9600 8DATABITS NONE 1STOPBIT banner #3000:telnet:600:/dev/ttyS0:19200 8DATABITS NONE 1STOPBIT banner #3001:telnet:600:/dev/ttyS1:19200 8DATABITS NONE 1STOPBIT banner 2000:telnet:600:/dev/ttyS0:9600 8DATABITS NONE 1STOPBIT banner 2001:telnet:600:/dev/ttyUSB0:9600 8DATABITS NONE 1STOPBIT banner 2002:telnet:600:/dev/ttyUSB1:9600 8DATABITS NONE 1STOPBIT banner 2003:telnet:600:/dev/ttyUSB2:9600 8DATABITS NONE 1STOPBIT banner 2004:telnet:600:/dev/ttyUSB3:9600 8DATABITS NONE 1STOPBIT banner 2005:telnet:600:/dev/ttyUSB4:9600 8DATABITS NONE 1STOPBIT banner 2006:telnet:600:/dev/ttyUSB5:9600 8DATABITS NONE 1STOPBIT banner 2007:telnet:600:/dev/ttyUSB6:9600 8DATABITS NONE 1STOPBIT banner 2008:telnet:600:/dev/ttyUSB7:9600 8DATABITS NONE 1STOPBIT banner
Depending on the number of serial ports that you have available this might alter.