Cyclades-TS3000 Console Access and Terminal Server
I’ve been using numerous different access servers during my career and after doing it for so long I settled with my preference list of vendors - Lantronix, Opengear, Cisco. Final choice depends on many factors, but today I’d like to make a quick note on yet another Console Access and Terminal Server - Cyclades-TS3000.
It is 48-port “console concentrator” or “access server” or “terminal server” (whatever term you prefer) from the company called “Cyclades Corporation” (cyclades.com) that was founded in 1991 and used to be located in Fremont, CA. Cyclades has grown from a provider of serial communications cards for Linux to the proven worldwide leader in Out-of-Band Infrastructure (OOBI) management solutions. Cyclades had two series of terminal/console servers such as “Cyclades-TS” (released in 2001) and “AlterPath ACS” (released in 2002). Later in 2003 Cyclades Corporation added “AlterPath KVM” to their portfolio to cover pretty much all the needs in terms of out-of-band management of different hardware in DataCenters.
To understand company’s vision we can read “Introducing Cyclades” paragraph in User Guide for any of their products:
Cyclades is a data center fault management company that enables remote management of servers, network equipment and automation devices. Its products help data center managers at enterprise, telecommunication and Internet companies to maximize network and server
availability. This results in decreased maintenance costs, increased efficiency and productivity, along with greater control, freedom and peace of mind. Cyclades’ advantage is providing scalable products leveraging Linux technology for flexibility and ease of customization.
In 2006 Cyclades Corporation was acquired by Avocent which was acquired by Emerson Electric in 2009. In 2016 all of that was rebranded under the name Vertiv. Company names sound familiar. Right?
Let’s go back and take a look at TS3000 model and its specs:
• Model: Cyclades-TS3000
• Hardware: MPC855T PowerPC Dual-CPU with 128MB RAM and 16MB CompactFlash (removable, but you have to open a chassis).
• Latest software: Cyclades-TS3000-Linux V_1.4.0-3 (Dec/16/04)
• Ports: 1xEthernet 10/100 (RJ45), 1xConsole (RJ45), 48xSerials (RJ45).
• Console cable pinout: RJ45-RJ45 “rollover” cable, not changeable/programmable. You can use “Cisco Console Rollover Adapter for RJ45 Ethernet Cable” for regular “straight-through” cables.
• Quality of hardware: I got to tell you that this chassis has exceptional quality build. This is one of the best chassis I’ve ever touched comparing to all other terminal servers I’ve been using. It’s relatively compact, heavy (which in most cases a good sign), it has great ergonomics (all the ports are on just one side of chassis). Nothing looks cheap or flimsy. Even painting after 15 years looks just awesome including properly designed mounting ears. Whoever did the design of the chassis did a perfect job! No wonder why this company was acquired by Avocent (a giant company) and kept this product for very long time. Even now, newer generations of terminal servers from Vertiv look pretty much the same with almost the same basis functionality.
• Current price: $100 on Ebay.
For those who familiar with Avocent products this exact model will look and feel very familiar and easy to grasp, but there some differences. There’re a lot of nuances that I’m not going to cover here, but here is a quick start guide:
• Connect to Console port using regular RJ45 cable (regular Cisco aqua console cable will work) and 9600-8-N-1 parameters.
• Power up the box. You should see something like this:
relocated to: 00200020 0020C3A8 board data at: 002062C8 002064B8 relocated to: 001FF120 001FF310 zimage at: 00217000 002805B3 relocated to: 07C5A000 07CC35B3 initrd at: 002805B3 005B93E5 relocated to: 07CC6000 07FFEE32 avail ram: 00281000 07CC6000 Linux/PPC load: root=/dev/ram ramdisk=0x0000F000 Uncompressing Linux...done. Now booting the kernel Linux version 2.2.14 (root@dell) (gcc version 2.95.2 19991030 (2.95.3 prerelease/franzo)) #3 Thu Dec 16 10:34:21 PST 2004 Boot arguments: root=/dev/ram ramdisk=0x0000F000 CPM interrupt vector 0 handler c00b351c time_init: decrementer frequency = 180000000/60 Calibrating delay loop... 47.82 BogoMIPS Memory: 125228k available (744k kernel code, 1768k data, 32k init) [c0000000,c8000000] CF+ addr: cc004000 Flash Addr cc006000, CPLD addr: cc002000, UART Addr: cc000000 CPLD-30 init: r1=0 ck1=ff sc1=0 i1=0 i2=0 i3=0 i4=0 s1=0 s2=0 s3=0 s4=0 r2=0 ck2=f sc2=0 i5=0 i6=0 s5=0 s6=0 IDE: Compact Flash SMC128AFB6E Size 130 Mbytes FLASH disk driver initialized: VMA cc006000 size 256kb blocks 4 Dentry hash table entries: 16384 (order 5, 128k) Buffer cache hash table entries: 131072 (order 7, 512k) Page cache hash table entries: 32768 (order 5, 128k) POSIX conformance testing by UNIFIX Linux NET4.0 for Linux 2.2 Based upon Swansea University Computer Society NET3.039 NET4: Unix domain sockets 1.0 for Linux NET4.0. NET4: Linux TCP/IP 1.0 for NET4.0 IP Protocols: ICMP, UDP, TCP TCP: Hash tables configured (ehash 131072 bhash 65536) Initializing RT netlink socket Starting kswapd v 1.2 Serial driver version 4.27 with SHARE_IRQ enabled ttyS01 at 0xcc000000 (irq = 2) is a ST16C654 ttyS02 at 0xcc000008 (irq = 2) is a ST16C654 ttyS03 at 0xcc000010 (irq = 2) is a ST16C654 ttyS04 at 0xcc000018 (irq = 2) is a ST16C654 ttyS05 at 0xcc000020 (irq = 2) is a ST16C654 ttyS06 at 0xcc000028 (irq = 2) is a ST16C654 ttyS07 at 0xcc000030 (irq = 2) is a ST16C654 ttyS08 at 0xcc000038 (irq = 2) is a ST16C654 ttyS09 at 0xcc000040 (irq = 2) is a ST16C654 ttyS10 at 0xcc000048 (irq = 2) is a ST16C654 ttyS11 at 0xcc000050 (irq = 2) is a ST16C654 ttyS12 at 0xcc000058 (irq = 2) is a ST16C654 ttyS13 at 0xcc000060 (irq = 2) is a ST16C654 ttyS14 at 0xcc000068 (irq = 2) is a ST16C654 ttyS15 at 0xcc000070 (irq = 2) is a ST16C654 ttyS16 at 0xcc000078 (irq = 2) is a ST16C654 ttyS17 at 0xcc000080 (irq = 2) is a ST16C654 ttyS18 at 0xcc000088 (irq = 2) is a ST16C654 ttyS19 at 0xcc000090 (irq = 2) is a ST16C654 ttyS20 at 0xcc000098 (irq = 2) is a ST16C654 ttyS21 at 0xcc0000a0 (irq = 2) is a ST16C654 ttyS22 at 0xcc0000a8 (irq = 2) is a ST16C654 ttyS23 at 0xcc0000b0 (irq = 2) is a ST16C654 ttyS24 at 0xcc0000b8 (irq = 2) is a ST16C654 ttyS25 at 0xcc0000c0 (irq = 2) is a ST16C654 ttyS26 at 0xcc0000c8 (irq = 2) is a ST16C654 ttyS27 at 0xcc0000d0 (irq = 2) is a ST16C654 ttyS28 at 0xcc0000d8 (irq = 2) is a ST16C654 ttyS29 at 0xcc0000e0 (irq = 2) is a ST16C654 ttyS30 at 0xcc0000e8 (irq = 2) is a ST16C654 ttyS31 at 0xcc0000f0 (irq = 2) is a ST16C654 ttyS32 at 0xcc0000f8 (irq = 2) is a ST16C654 ttyS33 at 0xcc000100 (irq = 4) is a ST16C654 ttyS34 at 0xcc000108 (irq = 4) is a ST16C654 ttyS35 at 0xcc000110 (irq = 4) is a ST16C654 ttyS36 at 0xcc000118 (irq = 4) is a ST16C654 ttyS37 at 0xcc000120 (irq = 4) is a ST16C654 ttyS38 at 0xcc000128 (irq = 4) is a ST16C654 ttyS39 at 0xcc000130 (irq = 4) is a ST16C654 ttyS40 at 0xcc000138 (irq = 4) is a ST16C654 ttyS41 at 0xcc000140 (irq = 4) is a ST16C654 ttyS42 at 0xcc000148 (irq = 4) is a ST16C654 ttyS43 at 0xcc000150 (irq = 4) is a ST16C654 ttyS44 at 0xcc000158 (irq = 4) is a ST16C654 ttyS45 at 0xcc000160 (irq = 4) is a ST16C654 ttyS46 at 0xcc000168 (irq = 4) is a ST16C654 ttyS47 at 0xcc000170 (irq = 4) is a ST16C654 ttyS48 at 0xcc000178 (irq = 4) is a ST16C654 CPM UART driver version 0.03 ttyS0 on SMC1 at 0x0280, BRG1 CPM interrupt vector 4 handler c00b397c RAM disk driver initialized: 16 RAM disks of 61440K size eth0: FEC ENET Version 0.1, 00:fec: Phy @ 0x1, type 0x20005c23 60:2e:01:cd:fec: link down e9 PPP: version 2.3.7 (demand dialling) TCP compression code copyright 1989 Regents of the University of California PPP line discipline registered. SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256). RAMDISK: Compressed image found at block 0 VFS: Mounted root (ext2 filesystem). Freeing unused kernel memory: 32k init mount: /etc/mtab: No such file or directory Sat Jan 1 12:00:00 xx/powerpc 2000 SIOCSIFFLAGS: Cannot assign requested address SIOCADDRT: No such device Machine CPLD, Ports 48 Allocated shmid : 0 at : 0x3ff00000 Max device :48 dynamic memory size : 393216 4098+0 records in 4098+0 records out Linux version 2.2.14 (root@dell) (gcc version 2.95.2 19991030 (2.95.3 prerelease/franzo)) #3 Thu Dec 16 10:34:21 PST 2004 Cyclades-TS3000-Linux V_1.4.0-3 (Dec/16/04) Restoring firewall rules from /etc/network/firewall ... Could not open file /etc/dhcpc/dhcpcd-eth0.info Cyclades-TS TSx000 login:
• Login using default credentials: root/tslinux
TSx000 login: root Password: tslinux Welcome to Cyclades TS-Linux version 1.4.0-3 This product runs an embedded version of the Linux kernel. Even if you are an experienced Linux user, please do NOT use the generic system tools for networking configuration. Please consult the latest version of the user's guide, which is available for download from the Technical Support area of the Cyclades website, before configuring this product. Chapter 2 of the User's Guide details the configuration process. Here is a summary of what you need to do in order to get the product working: 1) Modify the files: /etc/hostname, /etc/hosts, /etc/resolv.conf, /etc/network/st_routes and /etc/portslave/pslave.conf. 2) Activate the changes (signal_ras hup). 3) Make sure the configuration is working fine. 4) Save the configuration into flash (saveconf). Also, if you are upgrading from a previous firmware version, read the document "/upgrade_notes" that provides the information you need to setup your TS properly. [root@TSx000 /root]#
• Reset configuration to factory default by executing the following commands:
[root@CAS /root]# echo > /proc/flash/script [root@CAS /root]# reboot
• The box will be rebooted and if everything goes right it should come up with default hostname “TSx000”. Relogin using default credentials: root/tslinux.
• Change default root password to something else by using regular command “passwd”, then save the config using “saveconf” command:
[root@TSx000 /root]# passwd Enter new UNIX password: NEWPASS Retype new UNIX password: NEWPASS [root@TSx000 /root]# saveconf Checking the configuration file list... Compressing configuration files into /tmp/saving_config.tar.gz ... done. Saving configuration files to flash ... done. [root@TSx000 /root]#
• Start configuration wizard by typing “wiz” and setup basic parameters.
[root@TSx000 /root]# wiz *********************************************************** ********* C O N F I G U R A T I O N W I Z A R D ********* *********************************************************** INSTRUCTIONS for using the Wizard: You can: 1) Enter the appropriate information for your system and press ENTER or 2) Press ENTER if you are satisfied with the value within the brackets [ ] and want to go on to the next parameter or 3) Press ESC if you want to exit. NOTE: For some parameters, if there is nothing within the brackets, it will continue ▒ ask for a value. In that case, you must enter a valid value or # if you do not wish to configure the value. Press ENTER to continue...
• After changing, applying and saving configuration TS3000 will be accessible via TELNET, SSH and WEB. BTW, Web GUI looks decent and probably looked just awesome for year 2004, but I was not able to make “Connect to Serial Ports” option to work. Regular configuration setting/knobs work fine.
• By default all serial ports are configured for 9600 baud rate. To change it via CLI:
# To change baudrate for serial port 2 to 115200: config configure line 2 speed 115200 # You can also put a range of ports. If you'd like to change it for all 48 ports do this: config configure line 1-48 speed 115200 # Activate changes: signal_ras hup # Save the file to the flash: saveconf
• Here is how yo can change port speed via GUI: “Configuration” > “Serial Ports” > “Logical Port:” select Port X from drop-down menu > “Submit” > change “Speed (bps)” > “Submit”. Apply/Activate configuration changes by going to “Administration” > “Run Configuration” > Select “Serial Ports, Ethernet, Static Routes” > “Activate Configuration”. If you have open session to a port that you reconfigured, this connection will be closed so you will need to reconnect. Sessions to other unchanged ports will stay untouched.
• To close a session to Serial port: “CAS Sessions” > select one > “Kill Session”. I’ve no idea how to kill all the session at the same time. The easiest way is to use CLI or perform reboot.
• Here is how you can enable multiple simultaneous connections to console ports:
# To allow multiple RW sessions to all the ports with Ctrl+q for menu (which I was not able to simply disable): config configure line 1-48 adminusers 'yes' sniffmode 'i/o' escape '^q' multiplesess 'RW_session' # Activate changes: signal_ras hup # Save the file to the flash: saveconf
• You can also do it using wazard by typing “wiz –snf” or via Web GUI: “Configuration” > “Serial Ports” > All ports > Submit > Sniff Session Mode: Both, Administrative Users: yes, Escape Char from Sniff Mode: ^q, Allows Multiple Sniff Sessions: RW Session, Multiple Sniff Session Notification: no > Submit. Apply/Activate configuration changes by going to “Administration” > “Run Configuration” > Select “Serial Ports, Ethernet, Static Routes” > “Activate Configuration”.
• To connect to a console port you can TELNET to port “7000 + port number”. Based on configuration we just did you should not see any authentication or any menu and should be able to have multiple simultaneous connections to any of console ports.
• To see who is logged in and what port is being used you can use “w” or “w_cas” commands. In this example you can see one remote connection into CLI, one session to console port 1 and 18 sessions to console port 2:
[root@CAS /root]# w 4:44pm up 43 min, 1 user, load average: 2.09, 1.91, 1.53 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root ttyp0 192.168.33.227 4:01pm 0.00s 2.12s 0.54s /bin/login -h 192.168.33.227 -p CAS users : 19 USER TTY FROM LOGIN@ PID/Command NONE ttyS1 192.168.33.227:51705 04:17pm 439/-RW_srv ttyS1 NONE ttyS2 192.168.33.227:51635 04:14pm 401/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51736 04:18pm 458/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51789 04:21pm 523/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51791 04:23pm 524/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51900 04:43pm 525/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51902 04:43pm 526/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51903 04:43pm 527/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51904 04:43pm 528/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51905 04:43pm 529/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51906 04:43pm 530/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51907 04:43pm 531/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51908 04:43pm 532/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51909 04:43pm 533/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51910 04:43pm 534/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51911 04:43pm 535/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51912 04:43pm 536/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51916 04:43pm 540/-RW_srv ttyS2 NONE ttyS2 192.168.33.227:51918 04:43pm 541/-RW_srv ttyS2 [root@CAS /root]#
In conclusion I’d like to share my opinion on Cyclades-TS3000:
• It’s very good for personal lab OR for your not really important lab at work especially if you’re on the budget and willing to spend your time to make rollover cables or spend some money on rollover adapters, but make sure it’s behind the firewall (I really don’t want to even try to assess if this ancient device is secure or not).
• For production - NOT recommended since it’s deprecated or simply ancient product with NO support whatsoever. NOT recommended especially if you need to assign public IP to this box or make it accessible from the Internet.
Pros:
• Port density. The “price per port” is low.
• Multiple simultaneous RW connections to a single console port. This is the only major feature that you would be missing if you go with Cisco as AccessServer.
• Web GUI (people like me who prefer CLI won’t care).
Cons:
• You can NOT use regular straight-through ethernet cables and have to make/purchase and run rollover cables OR order rollover adapters that might cost you multiple times more that the price for the chassis itself. Even if the price is $5 per piece overall price for 48 ports is $240.
• NO support.
• Ancient hardware, so your experience most likely will NOT be applicable in your future career which is wasting time. Common things are there (including different options for authentication, logging, PDU integration, etc), but as we all know to make a difference you have to go beyond common things.
Few links that might be useful:
• Cyclades-TS Series Console Servers Overview(PDF)
• Cyclades-TS Software Releases
• Cyclades-TS User Guide Version TS 1.4.0 (PDF)
• Avocent Cyclades ACS console server password reset or reset unit factory defaults
• How to reset hung ports on a Cyclades terminal server
Good luck!
MikroTik DHCP server logs to rsyslog [TESTED]
Very quick note on how to configure logging for DHCP server running on MikroTik RouterOS, send and store syslog messages on CentOS 7.x using rsyslog. In our configuration MikroTik device will have 1.1.1.1 IP, CentOS (syslog server) will have 2.2.2.2, we will store syslog messages received from 1.1.1.1 address into /var/log/remotelogs/ folder in a file named “desired_file_name.log”.
MikroTik configuration:
/system logging action set 3 remote=2.2.2.2 /system logging add action=remote topics=dhcp
CentOS 7.x configuration:
[root@centos7 ~]# vi /etc/rsyslog.conf # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # Rules for remote logs if $fromhost-ip=='1.1.1.1' then /var/log/remotelogs/desired_file_name.log & ~
Then we will need to restart rsyslog service:
[root@centos7 ~]# systemctl restart rsyslog
Then we can generate test log message on MikroTik device:
[admin@MikroTik] > :log info TEST
If our local firewall is not blocking UDP/514 incoming packets you should be able to see that message in target file you specified in configuration:
[root@centos7 ~]# tail -f /var/log/remotelogs/desired_file_name.log | grep TEST 2020-05-25T20:36:20.829911-07:00 host-1-1-1-1.example.com script,info TEST
The last piece is to configure logrotate. I will create a new file in “/etc/logrotate.d/” folder for that:
[root@centos7 ~]# vi /etc/logrotate.d/remotelogs
/var/log/remotelogs/*.log {
# keep 30 versions online
rotate 3
# rotate each day
daily
# compress/nocompress
compress
# add a YYYYMMDD extension instead of a number
dateext
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
You can also forcibly run logrotate to see the result:
[root@centos7 ~]# logrotate -fv /etc/logrotate.d/remotelogs [root@centos7 ~]# ls -lah /var/log/remotelogs/
Good luck!
MikroTik The Dude 6.46.3 or older can not connect to RouterOS 6.46.4 or newer.
I recently had to troubleshoot an issue with “The Dude” v6.46.3 that could not connect to MikroTik v6.46.5. Interestingly enough, target MikroTik devices was showing nothing in its logs (no successful or failed connection attemts). I don’t remember what The Dude was showing, but it was not anything specific that could help to understand what’s wrong like authentication failure.
Captured traffic dump was showing normal TCP session over port 8291 what was active for 30 seconds and then normally terminated by The Dude server. Crazy!
I remember seeing changes regarding Winbox authentication method in some of recent RouterOS release notes. Simple google search showed me this thread - v6.46.4 [stable] is released!:
To get RouterOS data from the devices, Dude now requires RouterOS to be 6.46.4 or newer. The other stats and of course Ping will still work. This is due to security measures being strengthened.
Sure enough, here is what Release notes for 6.46.4 says:
Important note!!!
- The Dude server must be updated to monitor 6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- To get RouterOS data from the devices, The Dude now requires RouterOS to be 6.46.4 or v6.47beta30+.
I decided to downgrade MikroTik device to 6.46.3, but it didn’t fully fix the issue. The Dude started showing some specific error:
std failure: not allowed (9), next attempt at 18:35:57
To fix that you have to add “dude” into “full” user group:
/user group set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp skin=default
Good luck!
Cisco Catalyst 9300 - Software upgrade.
As of today (March 28th, 2020) per Cisco.com, suggested software release is Fuji-16.9.4 (MD) despite of the fact that we have newer Fuji-16.9.5 (MD) which is also “MD”. In addition to that we have much newer Gibraltar 16.11 and 16.12 (EDs only) and Amsterdam 17.1 (EDs only). Based on that I would personally use Fuji-16.9.5 (MD) which is the latest MD-type of version of current release which is Fuji-16.9 just to be safe unless I need a feature introduced in newer releases. BTW, in 2020 I got two C9300-48T-A switches with super old Everest-16.6.3 (ED) with RTU licenses of course.
• Release Notes for Cisco Catalyst 9300 Series Switches, Cisco IOS XE Fuji 16.9.x > Upgrading in Install Mode
! Copy file from USB stick over to internal flash. copy usbflash0:/cat9k_iosxe.16.09.05.SPA.bin flash: ! Install new software. request platform software package install switch all file flash:/cat9k_iosxe.16.09.05.SPA.bin ! Reload to apply new software. reload ! Clean internal flash from remnants. request platform software package clean
Good luck and don’t forget to take care of Smart License on the switch!