Console port on XG-7100/SG-3100 - is there a mini-USB to RJ-45 converter?

chrismacmahon

We don't sell one.

Quick google got a few results: https://www.amazon.com/dp/B07HCZ7JCT/ref=psdc_464404_t2_B01N6ZSIPA

stephenw10

That particular cable may not work as the on-board usb to serial chip in the firewall is powered by the USB connection. That cable requires power from the USB end which the firewall does not provide.
A lot of console servers can connect to USB now anyway. Is this a specific console server you already have in place?

Steve

victorhooi

Thanks Stephen/Chris for getting back.

Yeah, I checked in r/networking - it seems a lot of these USB ports aren't real console ports, but console ports with the serial-to-USB adapter built in?

https://www.reddit.com/r/networking/comments/cfcv64/how_can_you_convert_miniusbmicrousbusbc_console/

We have a lot of console servers that just use RJ-45 ports - e.g. all of the Avocent range, as well as some of the older ZPE/NodeGrid gear.

I suppose there's no way at all to expose a traditional console port on the XG-7100 or SG-3100, is there?

(Most devices I've seen with USB-style console ports, also have a traditional RJ-45 console port as well).

stephenw10

I think both devices have secondary comports you could potentially use but you would still need an adapter of some sort as they are very likely TTL level. Also you would not get any Coreboot output and you'd have to modify the loader variables to use it as the primary console.
A lot of people use something like a RasPi as a USB console server for this.
Another option is to connect pfSense devices to each other, useful if you have an HA pair for example. SSH into one node then connect to the console on the other using cu, the drivers are included in FreeBSD/pfSense.

Steve

victorhooi

Thanks for the info!

I think ultimately, having a normal RJ-45 console port on the router out of the box would be great - but I do understand that's not likely to happen soon.

The Raspberry Pi option might be a temporary workaround for us for now. (We've had less than great luck with Raspberry Pis in DC s lasting very long - maybe heat?).

How would you recommend setting up a Raspberry Pi to talk to the XG-7100? What software do you use? And is there a way to export this again as a standard console port?

johnpoz

@victorhooi said in Console port on XG-7100/SG-3100 - is there a mini-USB to RJ-45 converter?:

Avocent range

Their current stuff has usb interfaces.. So yours must be quite dated..

victorhooi

Yup, the Avocent units we have are fairly old. Then again, when you buy hundreds of thousands of one model, they tend to stick around.

The newer stuff are things like ZPE console servers, which are 48 or 64 RJ-45 console ports in 1RU (i.e. fairly high density). A lot of the enterprise stuff we use runs on RJ-45 console ports, hence would be useful to have.

My own testing lab at my desk or at home, yup, USB-c is neat (e.g. Ruckus 7150-C12P), but then I don't run a 64-port console at home .

Anyhow, for this small deploy of XG-7100, I'm happy to jerry rig something together with Raspberry Pis if I have to. If anybody has any experiences they can share with how they did it, or what the best practices are, would be very grateful.

johnpoz

There was a thread awhile back where I tested it for someone.. I plugged the pi into my sg4860, then ssh'd in the pi, and yeah I could access the console..

I could dig up that thread.. But that is as much play time I have with it.

edit: Here is thread I was talking about
https://forum.netgate.com/topic/138371/serial-console-raspberry-pi

Derelict

You can also access a console from another pfSense. A criss-cross between HA nodes is a good idea in some cases. Can be a "free" console server.

stephenw10

Yeah, you can probably use almost anything else you have there that's running Linux or *BSD to connect from. Connecting from another pfSense device is relatively common. Of course the stack of devices I have is probably atypical!

Steve

jimp

+1 for a Pi console server. That's what I'm using now.

Plus you can map the serial devices to static names, so that no matter what order they connect in, you can reference the custom names in things like screen.

$ cat /etc/udev/rules.d/99-usb-serial.rules 
# Normally connected to Pi console
SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", ATTRS{serial}=="015F06E0", SYMLINK+="serial_xg7100"
SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", ATTRS{serial}=="012D3960", SYMLINK+="serial_sg1000_b2"
SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", ATTRS{serial}=="012D3952", SYMLINK+="serial_sg1000_b1"
SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", ATTRS{serial}=="00C17C07", SYMLINK+="serial_sg4860"
SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", ATTRS{serial}=="013273DF", SYMLINK+="serial_sg3100_prod"
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ATTRS{serial}=="A402WO4M", SYMLINK+="serial_fw7551"
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ATTRS{serial}=="A7012SC9", SYMLINK+="serial_apu"
SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", ATTRS{serial}=="00ADB748", SYMLINK+="serial_sg8860"
SUBSYSTEM=="tty", ATTRS{idVendor}=="067b", ATTRS{idProduct}=="2303", SYMLINK+="serial_sg1100"

$ cat ~/.consoles.screenrc 
startup_message off
defscrollback 50000
sessionname consoles
hardstatus alwayslastline
hardstatus string '%{gk}[%{G}%H%{g}][%= %{wk}%?%-Lw%?%{=b kR}(%{W}%n*%f %t%?(%u)%?%{=b kR})%{= kw}%?%+Lw%?%?%= %{g}]%{=b C}[%m/%d/%y %C %A]%{W}'

screen -t 'APU'       /dev/serial_apu         115200
screen -t 'SG-1000-1' /dev/serial_sg1000_b1   115200
screen -t 'SG-1000-2' /dev/serial_sg1000_b2   115200
screen -t 'SG-1100'   /dev/serial_sg1100      115200
screen -t 'SG-3100'   /dev/serial_sg3100_prod 115200
screen -t 'SG-4860'   /dev/serial_sg4860      115200
screen -t 'FW-7551'   /dev/serial_fw7551      115200
screen -t 'XG-7100'   /dev/serial_xg7100      115200
screen -t 'SG-8860'   /dev/serial_sg8860      115200

johnpoz

That is some great info @jimp is that documented anywhere? That sort of stuff could be in the book or even maybe a hangout..

jimp

Not in the docs since it's really not pfSense-specific, and it's covered widely around the web in various places. Not too keen on putting that specific sort of example in the pfSense docs since it's actually talking about configuring a Linux host. Might do a forum post about the whole process at some point if I ever have the time, though.

johnpoz

All good points.. Even that post you make with examples is more then enough info... I am sure this sort of question will come up - now can use this as reference ;)

I have bookmarked it... Need to start doing that for stuff like this - sometimes they can be difficult to find via just searching..

jimp

I've posted fragments of it before, though my previous example didn't have the devices mapped statically.

There are some other tricky bits to the setup, mostly finding ways in the available USB device info dump to uniquely identify each device. Depending on the chips involved it might not be possible, too, since sometimes the USB/Serial chips don't get a unique serial number/ID, so if you have multiple overlapping devices it may be a crap shoot.