Most network devices such as routers, switches, and servers offer EIA-232 serial port(s) for management. Typically you would hook up a modem, dumb terminal, or PC running a terminal emulation program. The Digi ethernet based products offer access to 8-64 EIA-232 serial ports via ethernet, WAN link, or modem dialup. Using TCP/IP utilities like reverse telnet, network administrators can access these consoled serial ports from the LAN, WAN, or a modem.
The Digi terminal server, and device server product lines are an extremely powerful tool for remotely managing these network devices. It allows them to be managed thru the network and can even be available when there is a network failure. Depending on your needs, the device can be setup in various ways, an explanation and examples are below.
Basic Unit Configuration:
Befor configuring the port(s), you will need to minimally assign an IP address to the unit. Using a crossover cable, connect a terminal or PC to any one of the 16 ports at 9600 baud 8/1/N. Login as root, issue the following commands:
#> set config ip=[the_ip_you_want_to_assign_to_the_digi]
#> boot action=reset (reboots the unit)
Additionally, other network parameters (gateway, domain, etc) may be required depending on your network.
Port Configuration for Reverse Telnet:
Reverse Telnet means that instead of initiating a telnet session from the Digi ethernet product into the network, the session will be initiated from the network into one of the Digi serial ports. One popular benefit of this feature is the ability to eliminate multiple monitors that connect to various console ports by simply cabling each of the console ports to the Digi serial ports.
We will be using port 16 in this example, however any port(s) can be used. This is done by logging into the Digi unit as root, and typing:
#> set port range=16 dev=prn auto=off
The above example will set port 16 to a "Printer or incoming only" setting. The Printer setting is the optimal setting for a reverse telnet session; it puts the port into a "passive" mode (disabling the login prompt), which will allow a session of data to go in "reverse."
You may possibly need to set up a baud rate and protocol settings for the reverse telnet port. By default, the ports will be set to 9600. If you need to change the rate, run the following command:
#> set line range=16 baud=(baud_rate)
Depending on the attached device it may be necessary to change the flow control method for the port. This will also involve the necessary cable. By default, the ports will all be set to use xon/xoff flow control. In nearly every case, xon/xoff is fine for reverse telnet situations. Type the following to check flow control settings:
#> set flow range=16
To set the flow control to xon/xoff (software) issue the following command:
#> set flow range=16 ixon=on ixoff=on cts=off rts=off
Testing the Port(s):
Digi products come with a loopback plug (RJ45 or DB9 connector with no cable). Insert the loopback plug into the port you want to test, in this case, port 16.
Connect to the ports using the following standard:
2001 - 2099 *Telnet Connect socket numbers.
2101 - 2199 *Raw Connect socket numbers.
In most cases for reverse telnet, you will use the first standard. Think of this as the number 2000 + the port number you want to go to. For example, if you want to connect to Port 16, you would type the following from your server prompt:
telnet [ip_of_the_unit] 2016
With the loopback plug in the port, when you type some characters on your keyboard they should echo back at your screen. In other words, you can see what you are typing. This is an indication that everything is working correctly.
The last thing to verify is the cabling from the Digi serial port to the console port. Make sure that the cable you are using is a Console cable or adapter. A link to find pinouts for the Console Cable or Adapter can be found on the Digi Support Homepage.
Connect your cable, and make the device attached to the Digi serial port is enabled for login. When you connect to the port again and press Enter, you should see a login prompt from the attached device, whether it be a server, router, or any other serial device.
Advanced Features and Typical Problems:
There are a few common tasks that are requested, beyond the basic setup.
1. "I do not want to remember what port has what connected. Can I assign each port an IP address?"
You assigning an IP address to a particular port by using alternate IP addresses. These alternate IP addresses must be unique from the ethernet address you gave earlier (set config ip=).
To assign an IP address to a port. Type the following commands from the root prompt. In this example we will assign an IP address of 10.0.0.16 to port 16 of the Digi unit.
#> set altip ip=10.0.0.16 group=16
#> set port group=16 range=16
Set the group number the same as the port number. Now the port can be accessed by telneting to 10.0.0.16.
2. "How can I set up security so that the Digi unit will check for login and password (local authentication) before connecting to my console port?"
There is one caveat due to security risks, the "root" user cannot reverse telnet in when you have local authentication set for that port. You must create a new user. So you will need to run the following commands:
#>set auth login=16
Additionally, for the PortServer TS and Digi One product line:
#>set auth unrestricted=1-15 range=1
This setting will allow unrestricted access on all ports except port 16.
#>set user name=test outgoing=on (you can change "test" to any user name you want)
#>newpass name=test (This will allow you to change their password)
At this point, the Digi unit will prompt for a username and password and will verify both are correct, before allowing access on the port.
3. "When I reverse telnet into one of my ports, I see an "Access Denied," or a "Refused connection" message, even though I know the ports are set up right!"
In this case, most likely the port has a process/user on it. This can be checked by telneting to the Digi unit, loging in as root, and typing the following commands:
Look for the tty port. For example, if you are getting the error from a reverse telnet into port 16, look under the TTY column for 16. If you see it, type:
Retype the "who" command. It should not show an entry for the TTY. Then try to reverse telnet into that port again.
4. "Is it possible to set up the unit to allow dialup access to all our console ports in the event of a total network failure?"
Yes! This allows access to your console ports if the network goes down.
Decide which port you want to set a modem up on. Then follow the setup guide for installing a modem.
Simply set up the rest of the ports to provide the reverse telnet capability to each of your console ports as described earlier.
In the event of a network failure, simply call the phone number of the modem you have set up on one of our ports. When connected, you can issue the usual"telnet ip_of_portserver 20##." Even though the network is down, the unit will realize you want to come back to the same IP, and it will loopback into itself and out to your console ports.
This configuration can be done using the Menu Configuration Wizard on PortServer TS and Digi One TS/RP products. Simply point your web browser to the unit IP address. This would be the most user friendly method for configuring Console Management. The following example will show menu configuration using the command line interface. By logging in as a specific user (other than root) you will have a menu. The menu can be setup for outbound network users and/or inbound remote users (modem dialin). Exiting from the port will bring you back to the menu. For the example below we will create a menu to give us the option of connecting to a Cisco on port 10 or the Sun server on port 11. The menu will be accessed by the user "manager".
Before starting the reverse telnet set-up, first verify that the correct ip address, submask settings are correct. To verify, type set config from the root prompt. The information will display on your screen.
- Setup ports 10-11 for console management. Refer to "Basic Configuration" above.
Setup your menu. You must use the ''''connect'''' command to gain access to the serial ports.
#>set menu range=1 t1="firstlineoftitle" t2="secondlineoftitle"
#>set menu range=1 m1="Connect to Cisco" c1=''''connect 10''''
#>set menu range=1 m2="Connect to Sun Server" c2=''''connect 11''''
Next we create the user for the menu and specify an escape character. Issuing the escape character along with a carriage return will break your session and bring you back to the menu. In this example @ will break your session.
#>set user name=manager defaultaccess=menu menu=1
#>set user name=manager connectesc=@ outgoing=on