For the first few lab sessions I used a layer-3 port on my 3750G switches for console access. The plan worked well for the most part, though it had minor issues: debug messages typically don’t print to the vty lines, and if you were to make a mistake in your lab you could lose access to it until you made a physical change.
To be honest, I don’t have a lot of spare cash to buy spare equipment. That being said, the equipment I have access to has enough horsepower to get away with running an extra device on it. So I decided that I should take a minute away from studying to improve the quality of my lab.
What I Did
The basic idea is simple:
- Plug your USB-to-Serial Adapters into your ESXi Host.
- Create a Linux VM that will become your reverse-telnet server.
- Configure “DirectPath I/O” (allow your VM to use the physical hardware).
- Attach the devices to your VM
- Set up your reverse telnet server (and allow via firewall)
I’ll walk you through each of the steps here below.
Create a Linux VM
Download your favorite Linux distribution and install it as a VM on your host. For any sort of server use I always recommend CentOS/RedHat or Debian (if you want fancy new packages Ubuntu also works in place of Debian). Once you have it installed, go ahead and plug your USB-to-Serial cables into your host.
Configure VMware Direct I/O
This part took some figuring out, but it really shouldn’t have. All you need to do is go to the “Configuration” tab under you ESXi host, and click on “Advanced settings.” There isn’t much on this screen, which makes it easy to look past it, but you’ll see an area that looks like so:
You’re going to want to click on the link that says “Configure Passthrough.” This will lead to another box that will let you select which devices you want to connect to your VMs. Typically you’ll choose whichever device looks like a USB controller.
Once this is complete you’ll need to reboot your host machine. Once that’s complete we can proceed to our next step.
Attach the devices to your VM
When the host comes back online you need to modify the hardware settings of your virtual machine. Make sure your virtual machine is powered off, then select your virtual machine and go to “Edit virtual machine settings.” Click “Add.” Choose the “PCI Device” option. You’ll be presented with the option to choose your PCI device. Choose the USB controller. You’ll need to do it for each USB controller you want the device to have access to.
Once that’s finished, you can boot up your virtual machine. Now all we have to do is…
Set up the reverse-telnet server
Log into your server and open up a terminal. The first thing we need to do is install ser2net. You can do this on CentOS like such:
sudo yum install ser2net
After installation, we need to see where our serial connections are mounted:
dmesg | grep tty
The output should be something along the lines of “/dev/ttyUSB0.” remember what they are because we’re about to modify a file that will use these values. Using your favorite text-editor, modify the /etc/ser2net.conf file. I used VIM, but you can use whatever floats your boat:
sudo vim /etc/ser2net.conf
We’re going to add the following lines to it. You’re should modify this file to meet the security needs of your environment.
ipv4,5001:telnet:0:/dev/ttyUSB0:9600 8DATABITS NONE 1STOPBIT ipv4,5002:telnet:0:/dev/ttyUSB1:9600 8DATABITS NONE 1STOPBIT
Finally we’re going to start the service, enable it to run at boot-time, and configure our firewall rules. Keep in mind that this assumes you’re using the firewalld as well as systemd. If you’re not, you’ll have to do some research into what firewall you’re using.
sudo systemctl enable ser2net --now sudo firewall-cmd --zone public --add-port 5001/tcp sudo firewall-cmd --zone public --add-port 5002/tcp sudo firewall-cmd --runtime-to-permanent
You should now be able to telnet to your device on the specified ports (tcp/5001-5002) and get console access to your devices.
- Configuring Ser2Net:
- ESXi Passthrough:
- Using Firewalld:
- Using Systemd: