In today's article, I'd like to take a look at accessing a Cisco router from a FreeBSD box using a rollover cable.
Normally, the only time you need to access a Cisco router is to view or
change its configurations and you use the
telnet utility to do so.
However, when you first purchase a router, or if you accidently erase
your configurations, you can't telnet into it as the interfaces will be
down and they won't have any IP addresses set to telnet into. If this is
the case, you'll need to access the router via its console interface from
a serial interface on your computer.
In Microsoft land, the
hyperterminal utility is usually used to do this.
While you don't get
hyperterminal on your FreeBSD computer, there are
two built-in utilities and several programs in the ports collection that provide this functionality. I'd like to demonstrate the use of
tip. I'll also build and demonstrate
seyon in this article.
If you're setting up a Cisco router for the first time, find the long, flat, light blue rollover cable that came with the router. This cable is easy to recognize if you compare both ends of the cable. You'll also see why it's called a rollover cable as the pinouts are opposite to each other; in effect, the cable was rolled over when the second connection was crimped on.
Plug one end of the rollover cable into the connection at the back of the
router that is marked "console" in the same light blue color as the
cable. Don't plug the other end of the cable into your FreeBSD computer
yet, as you need to use one of the serial adapters that came with the
router. You should have a 9-pin and a 25-pin adapter. Take a look at the
back of your FreeBSD computer to see which serial port you have available
to use. On my system,
com1 was taken by my mouse, but
com2 was free.
Accordingly, I plugged the rollover cable into the 25-pin adapter, then I
connected it to
com2 on my computer. Once everything was connected,
I turned my FreeBSD computer back on and turned on the power switch at the
back of the Cisco router.
The last thing we need to sort out before starting is the FreeBSD device
names for the com ports on your computer. Com ports are
# starts at 0. If you used
com1, you're using
cuaa0; since I'm using
com2, I'll be using
cuaa1 in this article. Also, because we will be
directly accessing serial devices, all of the utilities mentioned require
you to be the superuser to use them.
Let's start with the utilities that come with FreeBSD --
tip. To use
cu, simply specify your com port using the
-l or line switch and a
speed of 9600 baud using the speed switch
-s like so:
su Password: cu -l /dev/cuaa1 -s 9600 Connected.
I'll now press enter and I've entered the setup utility on the Cisco
router. Note that I'll be prompted to set IP addresses on the interfaces,
the enable password, and the
telnet (virtual terminal) password. These are
the minimum configurations that will be required to be able to access a Cisco
router without the rollover cable. You'll note that in Cisco, most questions
have an answer in "
" meaning you can just press Enter if you're satisfied with
that answer. If you aren't, type in your desired response. The setup
process should look like this:
First, would you like to see the current interface summary? [yes]:
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
Ethernet0 unassigned NO unset up down
Serial0 unassigned NO unset down down
Configuring global parameters:
Enter host name [Router]:
The enable secret is a one-way cryptographic secret used
instead of the enable password when it exists.
Enter enable secret:
The enable password is used when there is no enable secret
and when using older software and some boot images.
Enter enable password:
Enter virtual terminal password:
Configure SNMP Network Management? [yes]: no
Configure IPX? [no]:
Configure IP? [yes]:
Configure IGRP routing? [yes]: no
Configure RIP routing? [no]:
Configuring interface parameters:
Configuring interface Ethernet0:
Is this interface in use? [yes]:
Configure IP on this interface? [yes]:
IP address for this interface: 10.0.0.100
Number of bits in subnet field :
Class A network is 10.0.0.0, 0 subnet bits; mask is /8
Configuring interface Serial0:
Is this interface in use? [yes] no
The following configuration command script was created:
Use this configuration? [yes/no]: yes
Use the enable mode 'configure' command to modify this configuration.
Press RETURN to get started!
My configurations are now finished and I'm presented with the user mode prompt. If you're familiar with your Cisco IOS commands, you can proceed to use them as usual.
When you wish to disconnect from the Cisco router by closing the
then press the Enter key. You should receive a "Disconnected." message and get your FreeBSD prompt back.
Now let's try re-accessing the router using the
tip utility. With
you don't use line or speed switches as
tip expects you to use an entry
/etc/remote file. Let's take a quick look at this file:
more /etc/remote # $FreeBSD: src/etc/remote,v 18.104.22.168 # 2001/03/06 02:22:39 obrien Exp $ # # @(#)remote 5.2 (Berkeley) 6/30/90 # # remote -- remote host description file # see tip(1), remote(5) # # dv device to use for the tty # el EOL marks (default is NULL) # du make a call flag (dial up) # pn phone numbers (@ =>'s search phones file; # possibly taken from PHONES environment variable) # at ACU type # ie input EOF marks (default is NULL) # oe output EOF string (default is NULL) # cu call unit (default is dv) # br baud rate (defaults to 300) # fs frame size (default is BUFSIZ) -- used in # buffering writes on receive operations # tc to continue a capability # Systems definitions netcom|Netcom Unix Access:\ :pn=\@:tc=unix1200: omen|Omen BBS:\ :pn=\@:tc=dos1200: # UNIX system definitions unix1200|1200 Baud dial-out to a UNIX system:\ :el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial1200: unix300|300 Baud dial-out to a UNIX system:\ :el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial300: # DOS system definitions dos1200|1200 Baud dial-out to a DOS system:\ :el=^U^C^R^O^D^S^Q:ie=%$:oe=^Z:pa=none:tc=dial1200: # General dialer definitions used below # # COURIER switch settings: # switch: 1 2 3 4 5 6 7 8 9 10 # setting: D U D U D D U D U U # Rackmount: U U D U D U D D U D # dial2400|2400 Baud Hayes attributes:\ :dv=/dev/cuaa0:br#2400:cu=/dev/cuaa0:at=hayes:du: dial1200|1200 Baud Hayes attributes:\ :dv=/dev/cuaa0:br#1200:cu=/dev/cuaa0:at=hayes:du: # Hardwired line cuaa0b|cua0b:dv=/dev/cuaa0:br#2400:pa=none: cuaa0c|cua0c:dv=/dev/cuaa0:br#9600:pa=none: # Finger friendly shortcuts com1:dv=/dev/cuaa0:br#9600:pa=none: com2:dv=/dev/cuaa1:br#9600:pa=none: com3:dv=/dev/cuaa2:br#9600:pa=none: com4:dv=/dev/cuaa3:br#9600:pa=none:
That file looks pretty icky until you get to the finger-friendly shortcuts
section at the bottom that contains the entries for the four com ports.
tip, I simply have to type:
tip com2 connected
When I press Enter, I'll again see my
router> prompt meaning I'm back
into Cisco's user mode prompt. When I'm finished my
tip session, I
disconnect from the router by typing:
You need a bit more finger coordination for that disconnect sequence. Hold
down Shift while you press the
~ key; keep your finger on the Shift key as
you press the Control key, then the letter "D".
Let's move on to the
comms section of the ports collection and build some
ports that can be used to access the Cisco router. I'll start with
make install clean
===> minicom-1.83.1_2 is forbidden: Local exploit yielding setuid uucp.
You'll note that this port has been marked as forbidden as there is an
minicom. To read about the details and the workaround for
this exploit, see this advisory.
Once you've read the advisory, you can decide for yourself if this port
will be a risk in your environment. Because there is an easy workaround and
I won't be using
minicom as a dial-in server, I'll resume the build.
First, I'll have to remove the remark (
#) from the
FORBIDDEN line of the make file, then I'll rerun the
make. I've included some of the interesting
output of the build:
make install clean <snip> # this script creates a link from your comm # port to /dev/modem /bin/sh /usr/ports/comms/minicom/scripts/create-dev-link Minicom will be installed mode 4511 (setuid) owner uucp, and group dialer. Is this ok? [y] y Minicom needs to know what device your modem is hanging off of. I (the porter) have adopted Satoshi Asami's lead of using /dev/modem. Lets see if you have too...Nope, you haven't (yet). The patches to Minicom hardcode /dev/modem. Would you like me to make this link for you? [Y] From the list below, what port number is your modem attached to? cuaa0 cuaa1 cuaa2 cuaa3 Enter the number X from cuaaX above : 1 <snip> ===> SECURITY NOTE: This port has installed the following binaries which execute with increased privileges. 1143283 288 -rwsr-xr-x 1 uucp dialer 132420 Oct 4 12:33 /usr/local/bin/minicom If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern.
Before we use
minicom, let's do the workaround for that exploit as
explained in the advisory:
chmod -s /usr/bin/minicom chmod: /usr/bin/minicom: No such file or directory
Hmm, better try that again:
which minicom /usr/local/bin/minicom chmod -s /usr/local/bin/minicom
The first time you use
minicom, you'll want to enter its setup mode by
s switch like so:
This will bring up the
minicom configuration menu. I'll arrow down to the
"Serial port setup" and press Enter. I'll then press "A" to change the Serial
dev/cuaa1. I'll then press "E" to change the
Bps/Par/Bits, then press E again to select
9600. Finally, I'll press "F" to turn off Hardware Flow Control. I'll press the Escape key to leave this configuration menu, arrow down to "Save setup as.." and I'll save this
entry as "
cisco". Once my configuration is saved, I'll arrow down to
"exit" at which point
minicom will connect to the Cisco router and I'll
When you're finished and wish to end the
minicom session, press Control-A, let go of the Control key, then press "Q". You'll want to choose "Yes" to
leave without reset. If you ever need to access the Cisco router again
minicom, simply type:
to initiate the connection.
Now let's try
cd /usr/ports/comms/ecu make install clean
When you build this port, it automagically answers the following for you:
If you execute ecu with uid set to uucp lines, then uucp will be able to access any serial line owned by the user or owned by uucp. In addition, you need not provide for world-write access to the UUCP lock directory. Answer 'n' if you are not sure. Do you wish to run ecu setuid to uucp? ([y],n)? What do you want for a default tty? [cuaa0] What do you want for a default bit rate?  What do you want for default parity ([n],e,o)? Where do you want the public executables placed? [/usr/local/bin] Where do you want the ECU library placed? [/usr/local/lib/ecu] How many seconds should the built-in dialer wait for carrier?  What is the maximum number of screen lines (>= 24)?  What is the maximum number of screen columns ($gt;= 80)?  <snip$gt; ===$gt; SECURITY NOTE: This port has installed the following binaries which execute with increased privileges. 1143290 592 -rws--x--x 1 uucp bin 292948 Oct 4 12:48 /usr/local/bin/ecu If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern.
ecu lets you create and save an entry. I'll create the entry as follows:
ecu ^D to enter phone directory a to add an entry Enter new directory entry name: cisco arrow down to device and type in: cuaa1 press END key to accept press Enter to dial type y to save entry Connecting to cisco on /dev/cuaa1 at 9600 baud (14:38:22) CONNECT 9600
When I press Enter, I'll receive my
router$gt; prompt. This program has a comprehensive help system which can be accessed by pressing the Home key
When you're finished using
ecu, press the Home key and then type:
Again, if you ever need to use
ecu again, you can now access the router
Let's move on to
cd /usr/ports/comms/kermit make install clean
kermit, type the following:
kermit SET LINE /dev/cuaa1 SET CARRIER-WATCH OFF connect
then press the Enter key to get the
router$gt; prompt. When you're finished with
kermit session, hold down the Control key while pressing the
\ key, then
let go and press the Shift key while pressing "C". Your prompt will now look
and you can type "quit" to leave "kermit":
C-Kermit$gt; quit Closing /dev/cuaa1...OK
The last port we'll take a look at is the one that is used from an X Windows session:
cd /usr/ports/comms/seyon make install clean
Once the build is finished, start an X Windows session and open up an
xterm window and become the superuser. If you type the following within the
su Password: seyon -modems /dev/cuaa1
two windows will open up that look like this.
One of the windows shows your connection to the router, while the other
window contains the
seyon commands. When you're finished with the
router, you can press the exit option with your mouse to end your session.
If you've ever used any of these utilities before, or have followed along by building them for yourself, you'll realize that each of the utilities discussed in this article has far greater capabilities than I've mentioned. Even though I've concentrated on using them to access a Cisco router, these utilities provide powerful serial port communications. If you want to explore their other possibilities, every utility I've demonstrated does have an extensive man page for your perusal.
Dru Lavigne is a network and systems administrator, IT instructor, author and international speaker. She has over a decade of experience administering and teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD systems. A prolific author, she pens the popular FreeBSD Basics column for O'Reilly and is author of BSD Hacks and The Best of FreeBSD Basics.
Read more FreeBSD Basics columns.
Return to the BSD DevCenter.
Copyright © 2009 O'Reilly Media, Inc.