Tutorial 2: Basic access and configuration display

Roadmap for this tutorial: In this tutorial, the focus will be on the connectivity issues for attaching a serial console (if a switch is network-accessible, ssh is the preferred method). First, configuration issues around the console emulation software will be described. Then, the physical connectivity process will be discussed. Finally, commands for displaying switch configurations will be shown.

Day-to-day routine management of networking devices is handled through ONA for our networking switches and routers, or the Netsrceen web interface for the Juniper Netscreen firewalls. However, for fine-grained management, or in situations where web connectivity is not available, you may need to access the switch software directly.

For switches, there are three possibilities for this, all of which are console-based (web access to the native web management software on our switches is routinely disabled):

• via a network ssh connection, or
• by a direct connection to the serial console port on the switch.
• in some cases, devices are attached to one of our Cyclades serial console multiplexers.

If the switch is network-accessible, ssh is by far the most convenient method, because it doesn't require physical access. However, when all else fails (eg provisioning a new switch), one must connect directly.

The web interface on the Netscreen firewalls is usually available, so if the firewall is network-accessible, the web configuration software is a third alternative.

If the serial console of the device is connected to a Cyclades, the process of connecting consists of:

• ssh-ing to the Cyclades device
• using the Cyclades software to connect to the device
  • log in as "root" (standard switch password)
  • this is a stripped-down *ix shell. Run ts_menu to start the menu-driven device selector, and follow the prompts.
• use the Cyclades web interface. The login credentials are as noted above for the ssh interface. The Web interface uses a Java applet to display the consoles of attached devices. Experience has shown that this is unreliable on Linux, but works on Windows (IE or Firefox).

The Cyclades emulates a direct physical connection. As such, the sections about terminal emulation software and physical connectivity are not relevant, but the section on configuration display is relevant.

To connect directly requires:

• a laptop or other computing device capable of running a VT100/ANSI terminal emulator. For Windows, the built-in "hyperterm" application is suitable (found in Applications -- Communications). For Ubuntu, "minicom" is a suitable application (if is isn't installed, `sudo apt-get install minicom`).
• cabling suitable to connect the laptop to the switch. Older or special-purpose laptops may have a suitable serial connection available, but newer hardware likely won't. In this case a usb-to-serial dongle is required. Under Windows, the newer dongles seem to require driver software that is not built-in. Under Ubuntu, the required support is already installed (tested for Ubuntu 9.04; shows up as devide /dev/ttyUSB0).

The cabling setup can be challenging. Each device manufacturer does things differently. As most CSCF switches are HP, that is what the discussion here will focus on -- others will be discussed on an "as known" basis.

Terminal emulation software

Windows

"Hyperterm" is a standard utility program in Windows, usually located in the Programs--Accessories--Communications, that is appropriate as a console. The first time the program is started, it will prompt for various telephone/dialing settings. These must be provided, even though they are not needed for direct serial/USB communications. And, if you are using hyperterm without specifying a configuration file (see below for more information), you may be prompted for a "connection name". Anything will do here.

The port communications attributes likely will need to be set, as the defaults are not useful. This must be done when a session ("call", in hyperterm terminology) is not in progress: however, since hyperterm automatically starts a session, you will need to end the call before proceeding (Call--disconnect).

The communications attributes are set via the File--properties menu. On the dialog that appears, note the "Connect using" dropdown: it should be set to the appropriate physical device that will be used (as determined by the physical setup). To configure the details, press "Configure" and set the attributes according to the target device:

• HP: 9600 bits per second, 8 data bits, parity none, stop bits 1, flow control xon/xoff (i.e. referred to as "9600,8,n,1,software").
• Nortel: 9600,8,n,1,none
• Netscreens: 9600,8,n,1,none

There is a "terminal to emulate" selection that is set to VT100/ANSI by default. This is appropriate and need not be changed.

If you have already established the physical connection, click Call--call to start a session. Press enter a couple of time to allow the software to sync with the device. If this doesn't produce and output, try generating a "break" signal (keyboard-dependent). If this doesn't work, see the debugging section.

Ubuntu

There are many VT100/ANSI temrinal emulators available for Linux. The one discussed here is "minicom" which has been found to be adequate for the task. Minicom is not installed by default. Use the Synaptics package manager (System--Administration--Synaptics Package Manager) or a commandline:

`sudo apt-get install minicom`

In either case, the userid you are logged in as must be appropriately authorized.

To start minicom from the commandline, simply enter minicom. You should not need to be root to do this, assuming that the physical devices are set up correctly on your system. Within minicom, all command functions are accessed by pressing the control-a key combination. To set communications parameters:

• press control-a followed by the letter o (not control-o).
• cursor-down to "Serial port setup" and press Enter
• press the letter corresponding to the setting you need to change. In most cases this will be "e" for the "Bps/par/bits". (You should confirm that the "Serial device" setting is correct: on most systems it will be /dev/ttySn, where n is a single digit [0, 1, ...} for COM1, COM2, etc.)
  • for HP switches, choose 9600 N81; hardware flow control: no; software flow control: yes
  • for Nortel switches, choose 9600 N81, hardware flow control: no; software flow control: no
  • Netscreens, 600 N81, hardware flow control: no; software flow control: no.
• when finished, press Enter to return to the previous menu
• scroll down and choose the "Exit" selection

Press enter once or twice to confirm that the settings are correct and that you can communicate with the device.

Saved configurations

Both hyperterm and minicom support the concept of saved configurations, to eliminate the need to re-specify parameters every time you use the program. In each case the method for saving a configuration is straightforward, although for minicom you need to be aware of the default locations for saving configurations and the file permissions associated therewith.

Over time, a library of configuration files will be developed, eliminating the need for experimentation with settings. Check with the owner of the laptop you are using to see what configurations are available, or look in the default locations:

• Hyperterm: the default location is automatically selected by the File--open menu operation.
• minicom: look for files /etc/minicom/minirc*

Special note: backspace

Anecdotally, the HP switches behave normally for the backspace character on most PC-class keyboards. However the Netscreens do not seem to recognize backspace. You must use a ctrl-h instead. This seems to apply regardless of the client OS or emulation software or connection path. No doubt there are clever ways to do keyboard mappings or emulator keystroke translations, but these have not been investigated for the purpose of this tutorial.

Physical connections

Once software is set up in a manner that should work, the next step is to establish the physical connection and confirm that the software and hardware actually do work together. Unfortunately, the physical connectivity also has some "configurability", so getting a connection to work the first time is generally an iterative process.

Hardware inventory

There are various bits and pieces of hardware that may be required to connect a laptop to a networking device, including:

• DB9 (9-pin D-shell connectors) to RJ45 (ethernet-style connector) converters in varying configurations:
  • 8-pin straight-through
  • null modem
  • Cyclades straight-8
  • Cyclades null modem
• USB to DB9 dongles, possibly requiring driver software
• cat5 cable (ie RJ45 at each end). Generally we do not use cross-over cables: if a cross is required, it is done with the DB9 wiring
• manufacturer-specific cable, eg
  • HP DB9 to DB9 cables (which is, in fact, a null-modem cable)
  • HP DB9 to RJ45 cables

It is important that you understand the differences between these, and understand what you have at your disposal.

There is additional complexity in the connector at the device. Our devices typically have either a DB9 connector or an RJ45 connector -- you need to know which.

Serial-port laptop

If your laptop already has a DB9 serial connector, you simply need to determine its name. For Windows systems, this is probably COM1 or COM2. For Linux it will likely be /dev/ttyS0 or /dev/ttyS1. Note that laptops that have built-in modems often use the first port (COM1 or /dev/ttyS0) for the modem and make the external connection COM2. To help to determine which is which and what is available:

• Windows: use the Device manager (My Computer--Manage--Device Manager) to look for "Ports (COM and LPT)"
• Ubuntu: `dmesg | grep ttyS`

USB to serial dongle

The most likely scenario is that your laptop has no external serial port. In this case you will need a USB-to-serial converter ("dongle"). CSCF has a supply of these, Startech-branded ICUSB232 that use the "Prolific" chipset.

• For Windows laptops, a ZIP file containing documents and drivers is available here. The device name will likely be COMn, where n is one greater than the existing number of COM ports.
• Ubuntu already has the necessary device support. The device name likely will be /dev/ttyUSB0.

Cabling requirements

HP 2650, and others with a DB9 serial connector

DB9 on the switch, HP cable or a DB9-to-RJ45 null modem

HP 2510, and others with an RJ45 connector

RJ45 port on the switch, use a cat5e/cat6 cable with an appropriate other end (typically a null modem RJ45-to-DB9 converter).

Nortel Baystack 5510

DB9 on the switch, DB9-to-RJ45 straight-8 (we seem to have no genuine Nortel cables)

Netscreen

DB9 on the device, straight cable to the laptop. Plugging a USB dongle directly into to ns500 works, so an alternative would be to use a USB extender instead of a serial cable.

Displaying configurations

Displaying the configuration of switch/device is inherently dependent on the device manufacturer. Each one has their own CLI (command-line interface) language. The information here will be organized by manufacturer, with per-model differences noted as required.

Passwords: in all cases, the userid to use it "root". Passwords vary depending on the device. The edge switches share a common password, as do the core switches. The Netscreens have a distinct password. In all cases, the passwords are recorded in the password file in the key vault.

HP

The HP switches support two styles of console interaction: menu-driven, or strict command-driven. This discussion with focus on the command-driven processes.

When you log into an HP switch as "root", you will normally be put into the "manager" context. You can confirm this by typing a ? at the prompt. If you are in the manager context, you will see summaries of commands like "boot", "clear", "configure", etc. If, however, you see a short description of commands describing "enable", "exit", "link-test" etc you must enter the manager context with the "enable" command.

The basic command to show aspects of the configuration is show. You can get a list of the attributes that can be shown by typing show ?. To show the entire configuration, type show config. The output will be paused after each screenful: press the spacebar to advance to the next page, or press "Enter" to advance one line.

For reference manuals and details on each model, see: http://www.procurve.com/customercare/support/manuals/index.htm.

Nortel

Reference manual for the Baystack 5510: http://www116.nortel.com/docs/bvdoc/baystack/doc_pdf/215080-C_NNCLI_Reference_Guide_for_BoSS_4.1.pdf.

Juniper Netscreen

The basic command is "get". "?" can be used to determine valid options at any point. Typical things to display are interfaces, policies and addresses. The entire configuration can be displayed with "config":

• get config
• get address
• get policy
• get interface

Output does not seem to pause automatically, so make sure you have a large scrollback buffer on your terminal emulator software. You can interrupt the output of a "get" with a ctrl-c.

You can filter output from "get" with a grep-like pipeline called "include". The syntax is:

• get something | include "pattern"

where pattern is a literal string that must be present in the output. For example:

• get policy | include "trg-desktop"

For reference manuals, see: http://www.juniper.net/techpubs/software/screenos/.