Sunday, March 13, 2011

Cisco USB Console Ports


Cisco products now come with USB ports that allow console access

For years I have been wondering when Cisco would activate the USB ports on their devices. I have been hoping for all kinds of USB functionality to routers, switches, firewalls but Cisco has been slow to unlock the power of these USB ports. Wouldn't it be cool if you could connect the myriad of USB devices to a Cisco router to further the list of amazing things you could do? Cisco has started to put mini-USB ports on their devices to allow for console port connectivity.

I am hoping that this new method continues to be spread to other devices. I also hope that Cisco will enable all of the USB Type-A ports on their other devices for similar connectivity. For years I have hauled around two console cable sets. Because I often connect to multiple devices at the same time, such as redundant supervisors on 6500s or to two supervisors in redundant 6500s or VSS, I need two serial cables. Here is a picture of one of my typical USB cables. I use a Keyspan USA-19HS USB to serial adapter. I realize that this is expensive but it is the most reliable and its driver seems universally accepted by laptop operating systems. Note that the end on the light-blue console cable has been replaced and a yellow boot added because of excessive wear. You know you have logged into a lot of Cisco routers when you wear out the RJ-45 connector on the end of your favorite console cable.
Go Native IPv6
Cisco has now given us the ability to connect our laptops to the USB ports for console access. Cisco has added USB Type-B ports to their devices and these ports can be used as a console cable.
Go Native IPv6
You will need three things to get this working.
1) A device that uses this type of USB Type-B port
2) A USB Type A to 5-pin mini Type-B cable
3) A driver from Cisco to make this work with your laptop operating system
You still need to install a driver on your laptop to use the USB interface as a serial communications port. Don't worry that this link shows the download location for 3900 ISR G2 routers. The same utility works for the entire ISR-G2 line. The latest version of the USB Console Software is version 3.1 The filename of the software is "Cisco_usbconsole_driver_3_1.zip" and the current version was release on Jan 20, 2010 with a file size of 14692.83 KB (15045453 bytes).
Currently, Cisco has USB console drivers for the following operating systems:
  • Windows 2000, Windows XP 32- and 64-bit, Windows Vista 32- and 64-bit
  • Mac OS X version 10.5.4
  • Redhat / Fedora Core 10 with kernel 2.6.27.5-117
  • Ubuntu 8.10 with kernel 2.6.27-11
  • Debian 5.0 with kernel 2.6
  • Suse 11.1 with kernel 2.6.27.7-9
Once you install the driver you need to create a connection using your favorite terminal emulation software. My favorite one happens to be SecureCRT from VanDyke. You need to set the terminal emulator to use the proper COM port that is being used by the USB port on your laptop. Then you set the serial communications to the old-reliable standard: 9600 baud, 8 data bits, no parity, and 1 stop bit, no flow control. However, I have been told that these console ports can be run up to 12Mbps but the baud rate of the serial port can only go as high as 115,200 bps. That could have come in handy many moons ago when I had to upload IOS files using XMODEM.
The other caveat is that the Cisco devices are still coming with the traditional RJ-45 console ports. You can use both of these ports but only one will allow for commands to be entered. It appears that the USB port trumps the RJ-45 port. It is like the USB port is the default console media-type. Since the USB port takes precedence over the RJ-45 port then you will want to set the inactivity timeout for the USB port so that if it is unplugged that the RJ-45 port can become active again. This is done with the following command.
Switch# configure terminal
Switch#(config)# line console 0
Switch#(config-line)# usb-inactivity-timeout 30

I believe that the usb-inactivity-timeout command is not supported on 2900 series routers. To restore USB console port connectivity after the timeout period then you will need to unplug and re-plug the USB port to re-activate the USB console port connection.
For security reasons you may want to disable this USB port. In this case you can configure the device to only allow console connectivity with the RJ-45 port. This can be performed with the following commands.
Switch# configure terminal
Switch(config)# line console 0
Switch(config-line)# media-type rj45
When I logged into the USB port of an ISR G2 router I was prompted for the same console login method configured for "line con 0". Therefore, there is not need to worry about the security of the USB console ports unless you haven't configured proper security for your serial line console port. In other words, you don't have to specify AAA for the USB port. It simply uses the same AAA strategy defined for "line con 0" for both the RJ-45 serial and USB interfaces.
Right now, from what I can tell, the only devices that can use this special USB interface as a console port are the ISR G2 routers (1900s, 2900s, 3900s, 5500 Wireless controllers, 3750-X, 3560-X, and 2960-S switches).
Does anyone know of any other Cisco product that has these USB/Console ports?
How about other manufacturers other than Cisco?
Now in addition to all the standard serial console cables I am carrying around I have added a mini USB cable to the mix. My console cable bag is growing larger, but this is a standard cable that many of us carry with us anyway. Overtime, we may stop carrying the old clunky serial cables with DB-9 and USB to serial converters. I am all in favor of anything that makes the job easier.

1 comment:

Ken said...

What is the default usb-inactivity-timeout? 10 mins? Thanks