What is the best practice for accessing a switch via internet? 1

[dadz]

Hello all,

I need a solution that will allow me to securely (i.e. encrypted) access a customer's switch via the internet. With the proliferation of internet access, and WiFi in particular, it has become increasingly rare to find an analog dialtone (especially when mobile). I prefer to use ethernet vs. RS232.

Currently, the company I work for uses L0gmein for all PC Console, OTM and HMS access. I'm trying to migrate them toward not having the actual PCs connected to the internet as it exposes them to unnecessary risk.


Any recommendations?

 

[Johnthephoneguy]

I've never worked in an environment that would allow any PBX to be publically accessed via the internet.

I can however VPN to our network and connect that way through some of our buffer boxes that are connected to our internal network.

JohnThePhoneGuy

"If I can't fix it, it's not broke!

 

[GHTROUT]

There are a multitude of cheap and effective serial to IP/telnet adapters out there. The security of the connection to the PBX from the outside will be equal to the security of the network. As Johnthephoneguy wrote - he uses VPN.

If you need to be separate from the customers network, then I'd still seek the advice of the customers network security administrator ...since it is their system.

If the data security administrators took the time to see how many of us have installed plain modems on their PBXs, open to anyone war-dialing, many of them would be pretty amazed.

GHTROUT.com | FAQs | Recent Replies

 

[dadz]

Hey guys,

Thanks for the speedy responses. For the time being the PBX is not on their LAN, and talking to their sysadmin is a joke.

Let's just say that their main server has a public IP address and NO security appliance between it and the rest of the internet!! Don't ask!!

I'm a sysadmin and I've been toying with the VPN idea myself - reasonably priced router & a bunch of port forwards should do the trick. I was just wondering if there were any tailor-made solutions out there.

 

[dadz]

Change of plans.

Any recommendations of a specific brand (or brands) of IP to serial adapter?

 

[Johnthephoneguy]

I will look after I get back to the office, we have a buffer box sitting there connected to the network and the serial connection to the PC plugged in

JohnThePhoneGuy

"If I can't fix it, it's not broke!

 

[openthegate]

I have used the Lantronics UDS 10 at first. Now I use a device called a DL-150 by Asentria. I can telnet into my choice of 4 ports or dial into it. I also have it setup to email or text my cellular phone when a T1 has issues, someone dials 911 or a superloop goes down. No special contracts needed. You buy it. Program it. Install it!

 

[dadz]

Ok, I got a UDS-10 from a friend and got the IP portion to work (I can connect to the device from home - 50km away).

However, I've not been able to communicate with the PBX via the serial port.

I'm using a TTY port set as DTE. If I connect a terminal to the (straight) cable, I can log in just fine, but no joy via the UDS-10. I know it's serial port works because I've connected to and can program the device thru it.

The PBX port is set for 9600-8-N-1.

Can someone help me out with the settings for the UDS??

 

[openthegate]

Sure I can help you. Have you programmed the uds 10 with the software that came with it? The settings will be the same for the PBX.

 

[openthegate]

Here is the programming I am using to access the TTY with the uds-10.

*** Channel 1
Baudrate 9600, I/F Mode 78 Flow 00
port 10001
Connect Mode : C5
Auto increment source port disabled
Remote IP port Adr:---none---, Port 00000
Disconn Mode : 00
Flush Mode :00

*** Expert
TCP keepalive :45s
ARP cache timeout :600s
Monitor mode @ bootup :enabled
Http Port nubmer :80

 

[dadz]

openthegate: Thanks for the info.

However, just I can't seem to successfully connect to the device via telnet. I can http to it just fine though.

Strange.

I've managed to change all but the DISCONNECT MODE settings for channel 1. The expert-related setting are proving a little more challenging to match (too many settings!)

Normally I'd take a quick trip to the customer's location, but there's a storm comin' today (Gustav), so out of area trips are a no-no. I'm in Montego Bay, Jamaica by the way.

Would it be too much trouble to post the settings as per the web interface?

 

[openthegate]

When you http into the device look at the port settings and make sure that telnet is enabled. Then use the telnet command with the port as 10001. Exp. 192.168.2.130 10001

 

[dadz]

Okay... that's done, but I still can't get to the login prompt!

I'm using one of the long grey DB9 to DB25 cables that came with the PBX (I don't have the exact P/N on hand). Is this the correct one?

Next question, do I configure the QSDI port as DCE or DTE?

 

[GHTROUT]

If you are connecting to the 9 pin plug on the panel - where the paddle board ribbon cable connects, forget it - that is not standard RS232. Here is how it's wired:

http://www.ghtrout.com/ghtrout/files/paddle_board_pins.zip

GHTROUT.com | FAQs | Recent Replies

 

[dadz]

Does the fact that I have the QSDI port configured (via switch setting) as RS232 make no difference? The plot thickens. So now I'm gonna have to make this cable. Would you happen to have a pinout diagram of such a paddle board to UDS-10 cable lying around?

Man!! You guys that use these Lantronix devices make it seem so easy to connect it to a Nortel!

 

[tnphoneman]

That port should be SDI2 if you are using a quad paddle board. Make sure the port works to your laptop before tryhing to connect to the other interface.

Signature===========================================
Artificial Intelligence Is No Match for Natural Stupidity.

The latest survey shows that 3 out of 4 people make up 75% of the population.

The original point and click interface was a Smith & Wesson.

Red meat is not bad for you, it is the green fuzzy meat that is bad.

 

[openthegate]

If you config the port as DCE you will need a null modem adapter. If it is DTE you will only need a cable. I have always used a straight thru cable from the tty port to my UDS-10.

 

[dadz]

Okay, here's an update.

I finally got the infernal thing to work! Sadly, I killed the QSDI port in the process (such finnicky things they are!), forget to disable it before plugging or unplugging a DB9 and zap! Toasted.

Anyway, after much reconfiguration of the paddle board in software and switch settings, a ridiculous amount of configuration changes on the Lantronix UDS-10 - it's up!!

I got fed up with walking from the front of the PBX (where the OTM is) to the back to change configs, and used a null modem cable to connect the UDS to J25 instead... Voila! It worked!! I could've kicked myself in the head for not trying it sooner.

I'll post the config for the PBX port, UDS, and cable later.
Maybe it'll save someone else some grief.

A BIG THANK YOU, to all the folks who rendered their assistance.

P.S.
It would be nice if someone posted the exact setup (h/w & s/w) required to get this working on a paddle board (hint-hint).

 

[georges392]

guys i,m trying to connect a lantronix uds 1100 to my switch i' can get into the http confg page but no luck telnetting into in i tried following the cues form this post but no luck !!!

 

[don2119]

I have a tty going right over the lan. I also have a DIGI ONE TS to a tty that I use for when I am at home and I pick up the switch, Call pilot, Element mgr. etc. over a VPN