Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Al_Marti
Participant

Access serial console of another device thru Checkpoint Appliance USB port

 

I had the need to configure a new Cisco 3750 switch at a remote site with minimal hands-on help.   I had remote ssh access to an R80.20 3100 appliance on site and wondered if could use the 3750 console cable plugged into the 3100 to access the 3750 switch console.

I arranged for the mini-USB end of the 3750 console cable to be plugged into the Cisco 3750 mini-USB console port and the other end to be plugged into the Checkpoint 3100 appliance Type-A USB  port.

Running the dmesg command in expert mode I could see that the GAIA kernel had created a serial device file after the cable was connected:

[Expert@sta-fw01:0]# dmesg | tail -30
usb 1-1.2: new full speed USB device using ehci_hcd and address 3 usb 1-1.2: configuration #1 chosen from 1 choice drivers/usb/class/cdc-acm.c: This device cannot do calls on its own. It is no modem. cdc_acm 1-1.2:1.0: ttyACM0: USB ACM device usbcore: registered new driver cdc_acm drivers/usb/class/cdc-acm.c: v0.25:USB Abstract Control Model driver for USB modems and ISDN adapters

Using the cat command I could see that I had good serial connectivity to the switch:

[Expert@sta-fw01:0]# cat < /dev/ttyACM0 
Apr  3 01:26:06.726: %USB_CON
Switch>

Now I just needed to find a terminal emulation program in GAIA that would give me an interactive connection over the serial port to the switch.   I searched for tip, minicom and several others to no avail, and then I discovered that GAIA comes with the picocom terminal emulation program installed.

I just ran the command: picocom /dev/ttyACM0  and bingo I had an interactive connection over the USB serial cable to the switch:

 

[Expert@sta-fw01:0]# picocom /dev/ttyACM0 
picocom v2.1
port is        : /dev/ttyACM0
flowcontrol    : none
baudrate is    : 9600
parity is      : none
databits are   : 8
stopbits are   : 1
escape is      : C-a
local echo is  : no
noinit is      : no
noreset is     : no
nolock is      : no
send_cmd is    : sz -vv
receive_cmd is : rz -vv -E
imap is        : 
omap is        : 
emap is        : crcrlf,delbs,

Type [C-a] [C-h] to see available commands

Terminal ready

Apr  3 01:42:26.784: %LINK-3-U
Switch>
Switch> en
Switch#
Switch# show ver | inc Cisco
Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.2(1)E2, RELEASE SOFTWARE (fc1)
...
...
...
Switch#

 Once connected via picocom, Ctrl-a Ctrl-h displays a helpful list of escape sequences like Ctrl-a Ctrl-x to end the session:

 

*** Picocom commands (all prefixed by [C-a])

*** [C-x] : Exit picocom
*** [C-q] : Exit without reseting serial port
*** [C-b] : Set baudrate
*** [C-u] : Increase baudrate (baud-up)
*** [C-d] : Decrease baudrate (baud-down)
*** [C-i] : Change number of databits
*** [C-j] : Change number of stopbits
*** [C-f] : Change flow-control mode
*** [C-y] : Change parity mode
*** [C-p] : Pulse DTR
*** [C-t] : Toggle DTR
*** [C-|] : Send break
*** [C-c] : Toggle local echo
*** [C-s] : Send file
*** [C-r] : Receive file
*** [C-v] : Show port settings 

 

Anyways, I thought others may find this helpful for remote configuration of devices with a USB console port in a pinch. 

The same method could be used to remotely configure a Checkpoint Appliance manually using isomorphic USB GAIA installation and the config_system command for the first time configuration.

Al

(1)
8 Replies
PhoneBoy
Admin
Admin

Nice, had no idea that was possible.

0 Kudos
Vladimir
Champion
Champion

This is great! Thank you for sharing.

0 Kudos
Maarten_Sjouw
Champion
Champion

Have you also tried a rollover cable from the serial port of the CP to the console port of the cisco? (Rollover means 1-8, 2-7, 3-6 etc)
I know this works the other way around from Cisco routers with the aux port, just connect to the IP of the router with telnet on port 2001, you only need to make sure to make some proper adjustments to the aux port, like 'transport input all' and 'no-exec'.
Regards, Maarten
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Nice hack!

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Maarten_Sjouw
Champion
Champion

picocom is only available from 80.20 (and up?), I tried on R77.30 and R80.10 but only R80.20 has picocom aboard.
Regards, Maarten
Arkadiy_Korotin
Explorer

0 Kudos
Arkadiy_Korotin
Explorer

https://archives.fedoraproject.org/pub/archive/epel/5/i386/picocom-1.6-1.el5.i386.rpm 

work on 77.30

0 Kudos
Zolo
Contributor
Contributor

Until R81.10
Unfortunately, it has been removed from R81.20 🤔

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events