Connecting to the RJ45 Console Port

There are times when directly accessing the console is required. Perhaps GUI or SSH access has been locked out, or the password has been lost or forgotten.

A separate adapter is required to make a connection between a computer and the firewall using the RJ45 serial port. This can be a direct RJ45-to-USB serial adapter or a standard USB-to-serial adapter and an RJ45-to-DB9 adapter or cable. It is also possible to utilize client hardware serial ports and compatible cables, but these ports are rare on modern hardware.

These are standard components, inexpensive and readily available from most retail outlets that sell computer cables.

Installing drivers and locating the port will vary depending on the third party device, consult its documentation for details.

Launch a Terminal Program

Use a terminal program to connect to the system console port. Some choices of terminal programs:

For Windows the best practice is to run PuTTY in Windows or SecureCRT. An example of how to configure PuTTY is below.

Warning

Do not use Hyperterminal.

For macOS the best practice is to run GNU screen, or cu. An example of how to configure GNU screen is below.

For Linux the best practices are to run GNU screen, PuTTY in Linux, minicom, or dterm. Examples of how to configure PuTTY and GNU screen are below.

For FreeBSD the best practice is to run GNU screen or cu. An example of how to configure GNU screen is below.

Client-Specific Examples

PuTTY in Windows

  • Open PuTTY and select Session under Category on the left hand side.

  • Set the Connection type to Serial

  • Set Serial line to the console port determined previously

  • Set the Speed to 115200 bits per second.

  • Click the Open button

PuTTY will then display the console.

../_images/putty1.png

An example of using PuTTY in Windows

PuTTY in Linux

  • Open PuTTY from a terminal by typing sudo putty

    Note

    The sudo command will prompt for the local workstation password of the current account.

  • Set the Connection type to Serial

  • Set Serial line to /dev/ttyUSB0

  • Set the Speed to 115200 bits per second

  • Click the Open button

PuTTY will then display the console.

../_images/putty-linux.jpg

An example of using PuTTY in Linux

GNU screen

In many cases screen may be invoked simply by using the proper command line, where <console-port> is the console port that was located above.

$ sudo screen <console-port> 115200

Note

The sudo command will prompt for the local workstation password of the current account.

If portions of the text are unreadable but appear to be properly formatted, the most likely culprit is a character encoding mismatch in the terminal. Adding the -U parameter to the screen command line arguments forces it to use UTF-8 for character encoding:

$ sudo screen -U <console-port> 115200

Terminal Settings

The settings to use within the terminal program are:

Speed

115200 baud, the speed of the BIOS

Data bits

8

Parity

None

Stop bits

1

Flow Control

Off or XON/OFF.

Warning

Hardware flow control (RTS/CTS) must be disabled.

What’s Next?

After connecting a terminal client, it may not immediately see any output. This could be because the device has already finished booting or it may be that the device is waiting for some other input.

If the device does not yet have power applied, plug it in and monitor the terminal output.

If the device is already powered on, try pressing Space. If there is still no output, press Enter. If the device was booted, it may redisplay the console menu or login prompt, or produce other output indicating its status.

From the console, a variety of things are possible, such as changing interface addresses. There is a full explanation of every console menu option in the pfSense software documentation.

Troubleshooting

Serial Device Missing

With a USB serial console there are a few reasons why the serial port may not be present in the client operating system, including:

No Power

Some models require power before the client can connect to the USB serial console.

USB Cable Not Plugged In

For USB consoles, the USB cable may not be fully engaged on both ends. Gently, but firmly, ensure the cable has a good connection on both sides.

Bad USB Cable

Some USB cables are not suitable for use as data cables. For example, some cables are only capable of delivering power for charging devices and not acting as data cables. Others may be of low quality or have poor or worn connectors.

The ideal cable to use is the one that came with the device. Failing that, ensure the cable is of the correct type and specifications, and try multiple cables.

Wrong Device

In some cases there may be multiple serial devices available. Ensure the one used by the serial client is the correct one. Some devices expose multiple ports, so using the incorrect port may lead to no output or unexpected output.

Hardware Failure

There could be a hardware failure preventing the serial console from working. Contact Netgate TAC for assistance.

No Serial Output

If there is no output at all, check the following items:

USB Cable Not Plugged In

For USB consoles, the USB cable may not be fully engaged on both ends. Gently, but firmly, ensure the cable has a good connection on both sides.

Wrong Device

In some cases there may be multiple serial devices available. Ensure the one used by the serial client is the correct one. Some devices expose multiple ports, so using the incorrect port may lead to no output or unexpected output.

Wrong Terminal Settings

Ensure the terminal program is configured for the correct speed. The default BIOS speed is 115200, and many other modern operating systems use that speed as well.

Some older operating systems or custom configurations may use slower speeds such as 9600 or 38400.

Device OS Serial Console Settings

Ensure the operating system is configured for the proper console (e.g. ttyS1 in Linux). Consult the various operating install guides on this site for further information.

PuTTY has issues with line drawing

PuTTY generally handles most cases OK but can have issues with line drawing characters on certain platforms.

These settings seem to work best (tested on Windows):

Window
Columns x Rows

80x24

Window > Appearance
Font

Courier New 10pt or Consolas 10pt

Window > Translation
Remote Character Set

Use font encoding or UTF-8

Handling of line drawing characters

Use font in both ANSI and OEM modes or Use Unicode line drawing code points

Window > Colours
Indicate bolded text by changing

The colour

Garbled Serial Output

If the serial output appears to be garbled, binary, or random characters check the following items:

Terminal Speed

Ensure the terminal program is configured for the correct speed. (See No Serial Output)

Character Encoding

Ensure the terminal program is configured for the proper character encoding, such as UTF-8 or Latin-1, depending on the operating system. (See GNU Screen)

Serial Output Stops After the BIOS

If serial output is shown for the BIOS but stops afterward, check the following items:

Terminal Speed

Ensure the terminal program is configured for the correct speed for the installed operating system. (See No Serial Output)

Device OS Serial Console Settings

Ensure the installed operating system is configured to activate the serial console and that it is configured for the proper console (e.g. ttyS1 in Linux). Consult the various operating install guides on this site for further information.

Bootable Media

If booting from a USB flash drive, ensure that the drive was written correctly and contains a bootable operating system image.