Cyclades-TS3000 Console Access and Terminal Server

I’ve been using numerous different access servers during my career and after doing it for so long I settled with my preference list of vendors - Lantronix, Opengear, Cisco. Final choice depends on many factors, but today I’d like to make a quick note on yet another Console Access and Terminal Server - Cyclades-TS3000.

It is 48-port “console concentrator” or “access server” or “terminal server” (whatever term you prefer) from the company called “Cyclades Corporation” ( that was founded in 1991 and used to be located in Fremont, CA. Cyclades has grown from a provider of serial communications cards for Linux to the proven worldwide leader in Out-of-Band Infrastructure (OOBI) management solutions. Cyclades had two series of terminal/console servers such as “Cyclades-TS” (released in 2001) and “AlterPath ACS” (released in 2002). Later in 2003 Cyclades Corporation added “AlterPath KVM” to their portfolio to cover pretty much all the needs in terms of out-of-band management of different hardware in DataCenters.

To understand company’s vision we can read “Introducing Cyclades” paragraph in User Guide for any of their products:

Cyclades is a data center fault management company that enables remote management of servers, network equipment and automation devices. Its products help data center managers at enterprise, telecommunication and Internet companies to maximize network and server
availability. This results in decreased maintenance costs, increased efficiency and productivity, along with greater control, freedom and peace of mind. Cyclades’ advantage is providing scalable products leveraging Linux technology for flexibility and ease of customization.

In 2006 Cyclades Corporation was acquired by Avocent which was acquired by Emerson Electric in 2009. In 2016 all of that was rebranded under the name Vertiv. Company names sound familiar. Right?

Let’s go back and take a look at TS3000 model and its specs:
• Model: Cyclades-TS3000
• Hardware: MPC855T PowerPC Dual-CPU with 128MB RAM and 16MB CompactFlash (removable, but you have to open a chassis).
• Latest software: Cyclades-TS3000-Linux V_1.4.0-3 (Dec/16/04)
• Ports: 1xEthernet 10/100 (RJ45), 1xConsole (RJ45), 48xSerials (RJ45).
• Console cable pinout: RJ45-RJ45 “rollover” cable, not changeable/programmable. You can use “Cisco Console Rollover Adapter for RJ45 Ethernet Cable” for regular “straight-through” cables.
• Quality of hardware: I got to tell you that this chassis has exceptional quality build. This is one of the best chassis I’ve ever touched comparing to all other terminal servers I’ve been using. It’s relatively compact, heavy (which in most cases a good sign), it has great ergonomics (all the ports are on just one side of chassis). Nothing looks cheap or flimsy. Even painting after 15 years looks just awesome including properly designed mounting ears. Whoever did the design of the chassis did a perfect job! No wonder why this company was acquired by Avocent (a giant company) and kept this product for very long time. Even now, newer generations of terminal servers from Vertiv look pretty much the same with almost the same basis functionality.
• Current price: $100 on Ebay.

For those who familiar with Avocent products this exact model will look and feel very familiar and easy to grasp, but there some differences. There’re a lot of nuances that I’m not going to cover here, but here is a quick start guide:

• Connect to Console port using regular RJ45 cable (regular Cisco aqua console cable will work) and 9600-8-N-1 parameters.

• Power up the box. You should see something like this:

relocated to:  00200020 0020C3A8
board data at: 002062C8 002064B8
relocated to:  001FF120 001FF310
zimage at:     00217000 002805B3
relocated to:  07C5A000 07CC35B3
initrd at:     002805B3 005B93E5
relocated to:  07CC6000 07FFEE32
avail ram:     00281000 07CC6000

Linux/PPC load: root=/dev/ram ramdisk=0x0000F000
Uncompressing Linux...done.
Now booting the kernel
Linux version 2.2.14 (root@dell) (gcc version 2.95.2 19991030 (2.95.3 prerelease/franzo)) #3 Thu Dec 16 10:34:21 PST 2004
Boot arguments: root=/dev/ram ramdisk=0x0000F000
CPM interrupt vector 0 handler c00b351c
time_init: decrementer frequency = 180000000/60
Calibrating delay loop... 47.82 BogoMIPS
Memory: 125228k available (744k kernel code, 1768k data, 32k init) [c0000000,c8000000]
CF+ addr: cc004000 Flash Addr cc006000, CPLD addr: cc002000, UART Addr: cc000000
CPLD-30 init: r1=0 ck1=ff sc1=0 i1=0 i2=0 i3=0 i4=0 s1=0 s2=0 s3=0 s4=0
  r2=0 ck2=f sc2=0 i5=0 i6=0 s5=0 s6=0
IDE: Compact Flash SMC128AFB6E                              Size 130 Mbytes
FLASH disk driver initialized:  VMA cc006000 size 256kb blocks 4
Dentry hash table entries: 16384 (order 5, 128k)
Buffer cache hash table entries: 131072 (order 7, 512k)
Page cache hash table entries: 32768 (order 5, 128k)
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.2
Based upon Swansea University Computer Society NET3.039
NET4: Unix domain sockets 1.0 for Linux NET4.0.
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
TCP: Hash tables configured (ehash 131072 bhash 65536)
Initializing RT netlink socket
Starting kswapd v 1.2
Serial driver version 4.27 with SHARE_IRQ enabled
ttyS01 at 0xcc000000 (irq = 2) is a ST16C654
ttyS02 at 0xcc000008 (irq = 2) is a ST16C654
ttyS03 at 0xcc000010 (irq = 2) is a ST16C654
ttyS04 at 0xcc000018 (irq = 2) is a ST16C654
ttyS05 at 0xcc000020 (irq = 2) is a ST16C654
ttyS06 at 0xcc000028 (irq = 2) is a ST16C654
ttyS07 at 0xcc000030 (irq = 2) is a ST16C654
ttyS08 at 0xcc000038 (irq = 2) is a ST16C654
ttyS09 at 0xcc000040 (irq = 2) is a ST16C654
ttyS10 at 0xcc000048 (irq = 2) is a ST16C654
ttyS11 at 0xcc000050 (irq = 2) is a ST16C654
ttyS12 at 0xcc000058 (irq = 2) is a ST16C654
ttyS13 at 0xcc000060 (irq = 2) is a ST16C654
ttyS14 at 0xcc000068 (irq = 2) is a ST16C654
ttyS15 at 0xcc000070 (irq = 2) is a ST16C654
ttyS16 at 0xcc000078 (irq = 2) is a ST16C654
ttyS17 at 0xcc000080 (irq = 2) is a ST16C654
ttyS18 at 0xcc000088 (irq = 2) is a ST16C654
ttyS19 at 0xcc000090 (irq = 2) is a ST16C654
ttyS20 at 0xcc000098 (irq = 2) is a ST16C654
ttyS21 at 0xcc0000a0 (irq = 2) is a ST16C654
ttyS22 at 0xcc0000a8 (irq = 2) is a ST16C654
ttyS23 at 0xcc0000b0 (irq = 2) is a ST16C654
ttyS24 at 0xcc0000b8 (irq = 2) is a ST16C654
ttyS25 at 0xcc0000c0 (irq = 2) is a ST16C654
ttyS26 at 0xcc0000c8 (irq = 2) is a ST16C654
ttyS27 at 0xcc0000d0 (irq = 2) is a ST16C654
ttyS28 at 0xcc0000d8 (irq = 2) is a ST16C654
ttyS29 at 0xcc0000e0 (irq = 2) is a ST16C654
ttyS30 at 0xcc0000e8 (irq = 2) is a ST16C654
ttyS31 at 0xcc0000f0 (irq = 2) is a ST16C654
ttyS32 at 0xcc0000f8 (irq = 2) is a ST16C654
ttyS33 at 0xcc000100 (irq = 4) is a ST16C654
ttyS34 at 0xcc000108 (irq = 4) is a ST16C654
ttyS35 at 0xcc000110 (irq = 4) is a ST16C654
ttyS36 at 0xcc000118 (irq = 4) is a ST16C654
ttyS37 at 0xcc000120 (irq = 4) is a ST16C654
ttyS38 at 0xcc000128 (irq = 4) is a ST16C654
ttyS39 at 0xcc000130 (irq = 4) is a ST16C654
ttyS40 at 0xcc000138 (irq = 4) is a ST16C654
ttyS41 at 0xcc000140 (irq = 4) is a ST16C654
ttyS42 at 0xcc000148 (irq = 4) is a ST16C654
ttyS43 at 0xcc000150 (irq = 4) is a ST16C654
ttyS44 at 0xcc000158 (irq = 4) is a ST16C654
ttyS45 at 0xcc000160 (irq = 4) is a ST16C654
ttyS46 at 0xcc000168 (irq = 4) is a ST16C654
ttyS47 at 0xcc000170 (irq = 4) is a ST16C654
ttyS48 at 0xcc000178 (irq = 4) is a ST16C654
CPM UART driver version 0.03
ttyS0 on SMC1 at 0x0280, BRG1
CPM interrupt vector 4 handler c00b397c
RAM disk driver initialized:  16 RAM disks of 61440K size
eth0: FEC ENET Version 0.1, 00:fec: Phy @ 0x1, type 0x20005c23
60:2e:01:cd:fec: link down
PPP: version 2.3.7 (demand dialling)
TCP compression code copyright 1989 Regents of the University of California
PPP line discipline registered.
SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256).
RAMDISK: Compressed image found at block 0
VFS: Mounted root (ext2 filesystem).
Freeing unused kernel memory: 32k init
mount: /etc/mtab: No such file or directory
Sat Jan  1 12:00:00 xx/powerpc 2000
SIOCSIFFLAGS: Cannot assign requested address
SIOCADDRT: No such device
Machine CPLD, Ports 48
Allocated shmid : 0  at : 0x3ff00000
Max device :48  dynamic memory size : 393216
4098+0 records in
4098+0 records out

Linux version 2.2.14 (root@dell) (gcc version 2.95.2 19991030 (2.95.3 prerelease/franzo)) #3 Thu Dec 16 10:34:21 PST 2004
Cyclades-TS3000-Linux V_1.4.0-3 (Dec/16/04)

Restoring firewall rules from /etc/network/firewall ...
Could not open file /etc/dhcpc/


TSx000 login:

• Login using default credentials: root/tslinux

TSx000 login: root
Password: tslinux
Welcome to Cyclades TS-Linux version 1.4.0-3

This product runs an embedded version of the Linux kernel. Even if you are
an experienced Linux user, please do NOT use the generic system tools for
networking configuration.

Please consult the latest version of the user's guide, which is available
for download from the Technical Support area of the Cyclades website, before
configuring this product.

Chapter 2 of the User's Guide details the configuration process. Here
is a summary of what you need to do in order to get the product working:

1) Modify the files: /etc/hostname, /etc/hosts, /etc/resolv.conf,
   /etc/network/st_routes and /etc/portslave/pslave.conf.
2) Activate the changes (signal_ras hup).
3) Make sure the configuration is working fine.
4) Save the configuration into flash (saveconf).

Also, if you are upgrading from a previous firmware version, read the document
"/upgrade_notes" that provides the information you need to setup your TS

[root@TSx000 /root]#

• Reset configuration to factory default by executing the following commands:

[root@CAS /root]# echo > /proc/flash/script
[root@CAS /root]# reboot

• The box will be rebooted and if everything goes right it should come up with default hostname “TSx000”. Relogin using default credentials: root/tslinux.

• Change default root password to something else by using regular command “passwd”, then save the config using “saveconf” command:

[root@TSx000 /root]# passwd
Enter new UNIX password: NEWPASS
Retype new UNIX password: NEWPASS
[root@TSx000 /root]# saveconf
Checking the configuration file list...
Compressing configuration files into /tmp/saving_config.tar.gz ... done.
Saving configuration files to flash ... done.
[root@TSx000 /root]#

• Start configuration wizard by typing “wiz” and setup basic parameters.

[root@TSx000 /root]# wiz
********* C O N F I G U R A T I O N   W I Z A R D *********

INSTRUCTIONS for using the Wizard:
You can:
   1) Enter the appropriate information for your system
   and press ENTER or
   2) Press ENTER if you are satisfied with the value
   within the brackets [ ] and want to go on to the
   next parameter or
   3) Press ESC if you want to exit.

NOTE: For some parameters, if there is nothing within
the brackets, it will continue ▒ ask for a value.
In that case, you must enter a valid value or # if you
do not wish to configure the value.

Press ENTER to continue...

• After changing, applying and saving configuration TS3000 will be accessible via TELNET, SSH and WEB. BTW, Web GUI looks decent and probably looked just awesome for year 2004, but I was not able to make “Connect to Serial Ports” option to work. Regular configuration setting/knobs work fine.

• By default all serial ports are configured for 9600 baud rate. To change it via CLI:

# To change baudrate for serial port 2 to 115200:
config configure line 2 speed 115200

# You can also put a range of ports. If you'd like to change it for all 48 ports do this:
config configure line 1-48 speed 115200

# Activate changes:
signal_ras hup

# Save the file to the flash:

• Here is how yo can change port speed via GUI: “Configuration” > “Serial Ports” > “Logical Port:” select Port X from drop-down menu > “Submit” > change “Speed (bps)” > “Submit”. Apply/Activate configuration changes by going to “Administration” > “Run Configuration” > Select “Serial Ports, Ethernet, Static Routes” > “Activate Configuration”. If you have open session to a port that you reconfigured, this connection will be closed so you will need to reconnect. Sessions to other unchanged ports will stay untouched.

• To close a session to Serial port: “CAS Sessions” > select one > “Kill Session”. I’ve no idea how to kill all the session at the same time. The easiest way is to use CLI or perform reboot.

• Here is how you can enable multiple simultaneous connections to console ports:

# To allow multiple RW sessions to all the ports with Ctrl+q for menu (which I was not able to simply disable):
config configure line 1-48 adminusers 'yes' sniffmode 'i/o' escape '^q' multiplesess 'RW_session'

# Activate changes:
signal_ras hup

# Save the file to the flash:

• You can also do it using wazard by typing “wiz –snf” or via Web GUI: “Configuration” > “Serial Ports” > All ports > Submit > Sniff Session Mode: Both, Administrative Users: yes, Escape Char from Sniff Mode: ^q, Allows Multiple Sniff Sessions: RW Session, Multiple Sniff Session Notification: no > Submit. Apply/Activate configuration changes by going to “Administration” > “Run Configuration” > Select “Serial Ports, Ethernet, Static Routes” > “Activate Configuration”.

• To connect to a console port you can TELNET to port “7000 + port number”. Based on configuration we just did you should not see any authentication or any menu and should be able to have multiple simultaneous connections to any of console ports.

• To see who is logged in and what port is being used you can use “w” or “w_cas” commands. In this example you can see one remote connection into CLI, one session to console port 1 and 18 sessions to console port 2:

[root@CAS /root]# w
  4:44pm  up 43 min,  1 user,  load average: 2.09, 1.91, 1.53
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
root     ttyp0    4:01pm  0.00s  2.12s  0.54s  /bin/login -h -p 

CAS users :  19
USER           TTY     FROM                   LOGIN@    PID/Command
NONE           ttyS1   04:17pm   439/-RW_srv ttyS1
NONE           ttyS2   04:14pm   401/-RW_srv ttyS2
NONE           ttyS2   04:18pm   458/-RW_srv ttyS2
NONE           ttyS2   04:21pm   523/-RW_srv ttyS2
NONE           ttyS2   04:23pm   524/-RW_srv ttyS2
NONE           ttyS2   04:43pm   525/-RW_srv ttyS2
NONE           ttyS2   04:43pm   526/-RW_srv ttyS2
NONE           ttyS2   04:43pm   527/-RW_srv ttyS2
NONE           ttyS2   04:43pm   528/-RW_srv ttyS2
NONE           ttyS2   04:43pm   529/-RW_srv ttyS2
NONE           ttyS2   04:43pm   530/-RW_srv ttyS2
NONE           ttyS2   04:43pm   531/-RW_srv ttyS2
NONE           ttyS2   04:43pm   532/-RW_srv ttyS2
NONE           ttyS2   04:43pm   533/-RW_srv ttyS2
NONE           ttyS2   04:43pm   534/-RW_srv ttyS2
NONE           ttyS2   04:43pm   535/-RW_srv ttyS2
NONE           ttyS2   04:43pm   536/-RW_srv ttyS2
NONE           ttyS2   04:43pm   540/-RW_srv ttyS2
NONE           ttyS2   04:43pm   541/-RW_srv ttyS2
[root@CAS /root]#

In conclusion I’d like to share my opinion on Cyclades-TS3000:
• It’s very good for personal lab OR for your not really important lab at work especially if you’re on the budget and willing to spend your time to make rollover cables or spend some money on rollover adapters, but make sure it’s behind the firewall (I really don’t want to even try to assess if this ancient device is secure or not).
• For production - NOT recommended since it’s deprecated or simply ancient product with NO support whatsoever. NOT recommended especially if you need to assign public IP to this box or make it accessible from the Internet.

• Port density. The “price per port” is low.
• Multiple simultaneous RW connections to a single console port. This is the only major feature that you would be missing if you go with Cisco as AccessServer.
• Web GUI (people like me who prefer CLI won’t care).

• You can NOT use regular straight-through ethernet cables and have to make/purchase and run rollover cables OR order rollover adapters that might cost you multiple times more that the price for the chassis itself. Even if the price is $5 per piece overall price for 48 ports is $240.
• NO support.
• Ancient hardware, so your experience most likely will NOT be applicable in your future career which is wasting time. Common things are there (including different options for authentication, logging, PDU integration, etc), but as we all know to make a difference you have to go beyond common things.

Few links that might be useful:
Cyclades-TS Series Console Servers Overview(PDF)
Cyclades-TS Software Releases
Cyclades-TS User Guide Version TS 1.4.0 (PDF)
Avocent Cyclades ACS console server password reset or reset unit factory defaults
How to reset hung ports on a Cyclades terminal server

Good luck!

MikroTik DHCP server logs to rsyslog [TESTED]

Very quick note on how to configure logging for DHCP server running on MikroTik RouterOS, send and store syslog messages on CentOS 7.x using rsyslog. In our configuration MikroTik device will have IP, CentOS (syslog server) will have, we will store syslog messages received from address into /var/log/remotelogs/ folder in a file named “desired_file_name.log”.

MikroTik configuration:

/system logging action set 3 remote=
/system logging add action=remote topics=dhcp

CentOS 7.x configuration:

[root@centos7 ~]# vi /etc/rsyslog.conf

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Rules for remote logs
if $fromhost-ip=='' then /var/log/remotelogs/desired_file_name.log
& ~

Then we will need to restart rsyslog service:

[root@centos7 ~]# systemctl restart rsyslog

Then we can generate test log message on MikroTik device:

[admin@MikroTik] > :log info TEST

If our local firewall is not blocking UDP/514 incoming packets you should be able to see that message in target file you specified in configuration:

[root@centos7 ~]# tail -f /var/log/remotelogs/desired_file_name.log | grep TEST

2020-05-25T20:36:20.829911-07:00 script,info TEST

The last piece is to configure logrotate. I will create a new file in “/etc/logrotate.d/” folder for that:

[root@centos7 ~]# vi /etc/logrotate.d/remotelogs

/var/log/remotelogs/*.log {
# keep 30 versions online
        rotate 3
# rotate each day
# compress/nocompress
# add a YYYYMMDD extension instead of a number
        /bin/kill -HUP `cat /var/run/ 2> /dev/null` 2> /dev/null || true

You can also forcibly run logrotate to see the result:

[root@centos7 ~]# logrotate -fv /etc/logrotate.d/remotelogs
[root@centos7 ~]# ls -lah /var/log/remotelogs/

Good luck!

MikroTik The Dude 6.46.3 or older can not connect to RouterOS 6.46.4 or newer.

I recently had to troubleshoot an issue with “The Dude” v6.46.3 that could not connect to MikroTik v6.46.5. Interestingly enough, target MikroTik devices was showing nothing in its logs (no successful or failed connection attemts). I don’t remember what The Dude was showing, but it was not anything specific that could help to understand what’s wrong like authentication failure.

Captured traffic dump was showing normal TCP session over port 8291 what was active for 30 seconds and then normally terminated by The Dude server. Crazy!

I remember seeing changes regarding Winbox authentication method in some of recent RouterOS release notes. Simple google search showed me this thread - v6.46.4 [stable] is released!:

To get RouterOS data from the devices, Dude now requires RouterOS to be 6.46.4 or newer. The other stats and of course Ping will still work. This is due to security measures being strengthened.

Sure enough, here is what Release notes for 6.46.4 says:

Important note!!!

- The Dude server must be updated to monitor 6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- To get RouterOS data from the devices, The Dude now requires RouterOS to be 6.46.4 or v6.47beta30+.

I decided to downgrade MikroTik device to 6.46.3, but it didn’t fully fix the issue. The Dude started showing some specific error:

std failure: not allowed (9), next attempt at 18:35:57

To fix that you have to add “dude” into “full” user group:

/user group
set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp skin=default

Good luck!

Cisco Catalyst 9300 - Software upgrade.

As of today (March 28th, 2020) per, suggested software release is Fuji-16.9.4 (MD) despite of the fact that we have newer Fuji-16.9.5 (MD) which is also “MD”. In addition to that we have much newer Gibraltar 16.11 and 16.12 (EDs only) and Amsterdam 17.1 (EDs only). Based on that I would personally use Fuji-16.9.5 (MD) which is the latest MD-type of version of current release which is Fuji-16.9 just to be safe unless I need a feature introduced in newer releases. BTW, in 2020 I got two C9300-48T-A switches with super old Everest-16.6.3 (ED) with RTU licenses of course.

Release Notes for Cisco Catalyst 9300 Series Switches, Cisco IOS XE Fuji 16.9.x > Upgrading in Install Mode

! Copy file from USB stick over to internal flash.
copy usbflash0:/cat9k_iosxe.16.09.05.SPA.bin flash:

! Install new software.
request platform software package install switch all file flash:/cat9k_iosxe.16.09.05.SPA.bin

! Reload to apply new software.

! Clean internal flash from remnants.
request platform software package clean

Good luck and don’t forget to take care of Smart License on the switch!

Admin area