ONLamp.com    
 Published on ONLamp.com (http://www.onlamp.com/)
 See this if you're having trouble printing code examples


FreeBSD Basics

Accessing a Cisco Router

10/11/2001

In today's article, I'd like to take a look at accessing a Cisco router from a FreeBSD box using a rollover cable.

Normally, the only time you need to access a Cisco router is to view or change its configurations and you use the telnet utility to do so. However, when you first purchase a router, or if you accidently erase your configurations, you can't telnet into it as the interfaces will be down and they won't have any IP addresses set to telnet into. If this is the case, you'll need to access the router via its console interface from a serial interface on your computer.

In Microsoft land, the hyperterminal utility is usually used to do this. While you don't get hyperterminal on your FreeBSD computer, there are two built-in utilities and several programs in the ports collection that provide this functionality. I'd like to demonstrate the use of cu and tip. I'll also build and demonstrate minicom, ecu, kermit, and seyon in this article.

If you're setting up a Cisco router for the first time, find the long, flat, light blue rollover cable that came with the router. This cable is easy to recognize if you compare both ends of the cable. You'll also see why it's called a rollover cable as the pinouts are opposite to each other; in effect, the cable was rolled over when the second connection was crimped on.

Plug one end of the rollover cable into the connection at the back of the router that is marked "console" in the same light blue color as the cable. Don't plug the other end of the cable into your FreeBSD computer yet, as you need to use one of the serial adapters that came with the router. You should have a 9-pin and a 25-pin adapter. Take a look at the back of your FreeBSD computer to see which serial port you have available to use. On my system, com1 was taken by my mouse, but com2 was free. Accordingly, I plugged the rollover cable into the 25-pin adapter, then I connected it to com2 on my computer. Once everything was connected, I turned my FreeBSD computer back on and turned on the power switch at the back of the Cisco router.

The last thing we need to sort out before starting is the FreeBSD device names for the com ports on your computer. Com ports are /dev/cuaa# where the # starts at 0. If you used com1, you're using cuaa0; since I'm using com2, I'll be using cuaa1 in this article. Also, because we will be directly accessing serial devices, all of the utilities mentioned require you to be the superuser to use them.

Let's start with the utilities that come with FreeBSD -- cu and tip. To use cu, simply specify your com port using the -l or line switch and a speed of 9600 baud using the speed switch -s like so:

su
Password:
cu -l /dev/cuaa1 -s 9600
Connected.

I'll now press enter and I've entered the setup utility on the Cisco router. Note that I'll be prompted to set IP addresses on the interfaces, the enable password, and the telnet (virtual terminal) password. These are the minimum configurations that will be required to be able to access a Cisco router without the rollover cable. You'll note that in Cisco, most questions have an answer in "[]" meaning you can just press Enter if you're satisfied with that answer. If you aren't, type in your desired response. The setup process should look like this:

First, would you like to see the current interface summary? [yes]:
Any interface listed with OK? value "NO" does not have a valid configuration

Interface  IP-Address   OK? Method  Status  Protocol
Ethernet0  unassigned   NO  unset   up      down
Serial0    unassigned   NO  unset   down    down

Configuring global parameters:
Enter host name [Router]:
The enable secret is a one-way cryptographic secret used
instead of the enable password when it exists.
Enter enable secret:

The enable password is used when there is no enable secret
and when using older software and some boot images.
Enter enable password:
Enter virtual terminal password:
Configure SNMP Network Management? [yes]: no
Configure IPX? [no]:
Configure IP? [yes]:
Configure IGRP routing? [yes]: no
Configure RIP routing? [no]:

Configuring interface parameters:
Configuring interface Ethernet0:
Is this interface in use? [yes]:
Configure IP on this interface? [yes]:
IP address for this interface: 10.0.0.100
Number of bits in subnet field [0]:
Class A network is 10.0.0.0, 0 subnet bits; mask is /8

Configuring interface Serial0:
Is this interface in use? [yes] no
The following configuration command script was created:
<snip>
Use this configuration? [yes/no]: yes
Building configuration...
Use the enable mode 'configure' command to modify this configuration.

Press RETURN to get started!
Router>

My configurations are now finished and I'm presented with the user mode prompt. If you're familiar with your Cisco IOS commands, you can proceed to use them as usual.

When you wish to disconnect from the Cisco router by closing the cu session, type:

~.

then press the Enter key. You should receive a "Disconnected." message and get your FreeBSD prompt back.

Now let's try re-accessing the router using the tip utility. With tip, you don't use line or speed switches as tip expects you to use an entry from the /etc/remote file. Let's take a quick look at this file:

more /etc/remote
# $FreeBSD: src/etc/remote,v 1.10.2.1 
#    2001/03/06 02:22:39 obrien Exp $
#
#	@(#)remote	5.2 (Berkeley) 6/30/90
#
# remote -- remote host description file
# see tip(1), remote(5)
#
# dv	device to use for the tty
# el	EOL marks (default is NULL)
# du	make a call flag (dial up)
# pn	phone numbers (@ =>'s search phones file; 
#	    possibly taken from PHONES environment variable)
# at	ACU type
# ie	input EOF marks (default is NULL)
# oe	output EOF string (default is NULL)
# cu	call unit (default is dv)
# br	baud rate (defaults to 300)
# fs	frame size (default is BUFSIZ) -- used in 
#	    buffering writes on receive operations
# tc	to continue a capability

# Systems definitions
netcom|Netcom Unix Access:\
	:pn=\@:tc=unix1200:
omen|Omen BBS:\
	:pn=\@:tc=dos1200:

# UNIX system definitions
unix1200|1200 Baud dial-out to a UNIX system:\
	:el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial1200:
unix300|300 Baud dial-out to a UNIX system:\
	:el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial300:

# DOS system definitions
dos1200|1200 Baud dial-out to a DOS system:\
	:el=^U^C^R^O^D^S^Q:ie=%$:oe=^Z:pa=none:tc=dial1200:

# General dialer definitions used below
#
# COURIER switch settings:
# switch:	1 2 3 4 5 6 7 8 9 10
# setting:	D U D U D D U D U U
# Rackmount:	U U D U D U D D U D
#
dial2400|2400 Baud Hayes attributes:\
	:dv=/dev/cuaa0:br#2400:cu=/dev/cuaa0:at=hayes:du:
dial1200|1200 Baud Hayes attributes:\
	:dv=/dev/cuaa0:br#1200:cu=/dev/cuaa0:at=hayes:du:

# Hardwired line
cuaa0b|cua0b:dv=/dev/cuaa0:br#2400:pa=none:
cuaa0c|cua0c:dv=/dev/cuaa0:br#9600:pa=none:

# Finger friendly shortcuts
com1:dv=/dev/cuaa0:br#9600:pa=none:
com2:dv=/dev/cuaa1:br#9600:pa=none:
com3:dv=/dev/cuaa2:br#9600:pa=none:
com4:dv=/dev/cuaa3:br#9600:pa=none:

That file looks pretty icky until you get to the finger-friendly shortcuts section at the bottom that contains the entries for the four com ports. To use tip, I simply have to type:

tip com2
connected

When I press Enter, I'll again see my router> prompt meaning I'm back into Cisco's user mode prompt. When I'm finished my tip session, I disconnect from the router by typing:

~^D
[EOT]

You need a bit more finger coordination for that disconnect sequence. Hold down Shift while you press the ~ key; keep your finger on the Shift key as you press the Control key, then the letter "D".

Let's move on to the comms section of the ports collection and build some ports that can be used to access the Cisco router. I'll start with minicom:

cd /usr/ports/comms/minicom
make install clean
===> minicom-1.83.1_2 is forbidden: Local exploit yielding setuid uucp.

You'll note that this port has been marked as forbidden as there is an exploit in minicom. To read about the details and the workaround for this exploit, see this advisory.

Once you've read the advisory, you can decide for yourself if this port will be a risk in your environment. Because there is an easy workaround and I won't be using minicom as a dial-in server, I'll resume the build. First, I'll have to remove the remark (#) from the FORBIDDEN line of the make file, then I'll rerun the make. I've included some of the interesting output of the build:

make install clean
<snip>
# this script creates a link from your comm 
# port to /dev/modem
/bin/sh /usr/ports/comms/minicom/scripts/create-dev-link
Minicom will be installed mode 4511 (setuid) owner uucp, 
 and group dialer. Is this ok? [y] y
Minicom needs to know what device your modem is hanging 
 off of. I (the porter) have adopted Satoshi Asami's lead 
 of using /dev/modem.
Lets see if you have too...Nope, you haven't (yet).
The patches to Minicom hardcode /dev/modem.
Would you like me to make this link for you? [Y] 
From the list below, what port number is your modem 
 attached to?
cuaa0	cuaa1	cuaa2	cuaa3
Enter the number X from cuaaX above : 1
<snip>
===>  SECURITY NOTE: 
      This port has installed the following binaries 
      which execute with increased privileges.
1143283  288 -rwsr-xr-x   1 uucp   dialer  
  132420 Oct  4 12:33 /usr/local/bin/minicom

      If there are vulnerabilities in these programs 
      there may be a security risk to the system. 
      FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please 
      type 'make deinstall' to deinstall the port if 
      this is a concern.

Before we use minicom, let's do the workaround for that exploit as explained in the advisory:

chmod -s /usr/bin/minicom
chmod: /usr/bin/minicom: No such file or directory

Hmm, better try that again:

which minicom
/usr/local/bin/minicom
chmod -s /usr/local/bin/minicom

The first time you use minicom, you'll want to enter its setup mode by using the s switch like so:

minicom -s

This will bring up the minicom configuration menu. I'll arrow down to the "Serial port setup" and press Enter. I'll then press "A" to change the Serial device from /dev/modem to dev/cuaa1. I'll then press "E" to change the Bps/Par/Bits, then press E again to select 9600. Finally, I'll press "F" to turn off Hardware Flow Control. I'll press the Escape key to leave this configuration menu, arrow down to "Save setup as.." and I'll save this entry as "cisco". Once my configuration is saved, I'll arrow down to "exit" at which point minicom will connect to the Cisco router and I'll see my router> prompt.

When you're finished and wish to end the minicom session, press Control-A, let go of the Control key, then press "Q". You'll want to choose "Yes" to leave without reset. If you ever need to access the Cisco router again using minicom, simply type:

minicom cisco

to initiate the connection.

Now let's try ecu:

cd /usr/ports/comms/ecu
make install clean

When you build this port, it automagically answers the following for you:

If you execute ecu with uid set to uucp lines, then 
 uucp will be able to access any serial line owned 
 by the user or owned by uucp. In addition, you need 
 not provide for world-write access to the UUCP
 lock directory.  Answer 'n' if you are not sure.
 Do you wish to run ecu setuid to uucp?  ([y],n)? 
What do you want for a default tty? [cuaa0]
What do you want for a default bit rate? [9600]
What do you want for default parity ([n],e,o)? 
Where do you want the public executables 
 placed? [/usr/local/bin]
Where do you want the ECU library 
 placed? [/usr/local/lib/ecu]
How many seconds should the built-in dialer wait 
 for carrier? [60]
What is the maximum number of screen 
 lines (>= 24)? [50]
What is the maximum number of screen 
 columns ($gt;= 80)? [80]
<snip$gt;

===$gt;  SECURITY NOTE: 
      This port has installed the following binaries 
      which execute with increased privileges.
1143290  592 -rws--x--x 1 uucp  bin  292948 Oct  4 
  12:48 /usr/local/bin/ecu

      If there are vulnerabilities in these programs 
      there may be a security risk to the system. FreeBSD
      makes no guarantee about the security of
      ports included in the Ports Collection. Please type 
      'make deinstall' to deinstall the port if this is 
      a concern.

Like the minicom utility, ecu lets you create and save an entry. I'll create the entry as follows:

ecu
^D 		to enter phone directory
a 		to add an entry
Enter new directory entry name:   cisco
arrow down to device and type in:    cuaa1
press END key to accept
press Enter to dial
type y to save entry

Connecting to cisco
on /dev/cuaa1 at 9600 baud (14:38:22)
CONNECT 9600

When I press Enter, I'll receive my router$gt; prompt. This program has a comprehensive help system which can be accessed by pressing the Home key and typing:

help

When you're finished using ecu, press the Home key and then type:

EX

Again, if you ever need to use ecu again, you can now access the router directly using:

ecu cisco

Let's move on to kermit:

cd /usr/ports/comms/kermit
make install clean

To use kermit, type the following:

kermit
SET LINE /dev/cuaa1
SET CARRIER-WATCH OFF
connect

then press the Enter key to get the router$gt; prompt. When you're finished with your kermit session, hold down the Control key while pressing the \ key, then let go and press the Shift key while pressing "C". Your prompt will now look like this:

C-Kermit$gt;

and you can type "quit" to leave "kermit":

C-Kermit$gt; quit
Closing /dev/cuaa1...OK 

The last port we'll take a look at is the one that is used from an X Windows session:

cd /usr/ports/comms/seyon
make install clean

Once the build is finished, start an X Windows session and open up an xterm window and become the superuser. If you type the following within the xterm window

su
Password:
seyon -modems /dev/cuaa1

two windows will open up that look like this.

One of the windows shows your connection to the router, while the other window contains the seyon commands. When you're finished with the router, you can press the exit option with your mouse to end your session.

If you've ever used any of these utilities before, or have followed along by building them for yourself, you'll realize that each of the utilities discussed in this article has far greater capabilities than I've mentioned. Even though I've concentrated on using them to access a Cisco router, these utilities provide powerful serial port communications. If you want to explore their other possibilities, every utility I've demonstrated does have an extensive man page for your perusal.

Dru Lavigne is a network and systems administrator, IT instructor, author and international speaker. She has over a decade of experience administering and teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD systems. A prolific author, she pens the popular FreeBSD Basics column for O'Reilly and is author of BSD Hacks and The Best of FreeBSD Basics.


Read more FreeBSD Basics columns.

Return to the BSD DevCenter.

Copyright © 2009 O'Reilly Media, Inc.