23.08.2010 (draft)
Well, it's quite easy to do it, as it works just plug-and-play. But as I could not find this information in google (not for USB connection), I decided to write it down, maybe it will be usefull to somebody.
Router: Cisco 1941 Series.
PC: Debian GNU Linux with 2.6.32 kernel on board.
Instead of using Cisco console cable with this router it was sufficient to use common USB cable. After plug-in following messages appeared in /var/log/messages:
usb 5-1: new full speed USB device using uhci_hcd and address 3
usb 5-1: New USB device found, idVendor=05a6, idProduct=0009
usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 5-1: Product: Cisco USB Console
usb 5-1: Manufacturer: Cisco
usb 5-1: configuration #1 chosen from 1 choice
cdc_acm 5-1:1.0: This device cannot do calls on its own. It is not a modem.
cdc_acm 5-1:1.0: ttyACM0: USB ACM device
usbcore: registered new interface driver cdc_acm
cdc_acm: v0.26:USB Abstract Control Model driver for USB modems and ISDN adapters
After that one needs just to setup minicom for port ttyACM0 and boudrate 9600. One can do it via minicom -s or by manually editing /etc/minicom/minirc.dfl:
pu port /dev/ttyACM0
pu baudrate 9600
pu bits 8
pu parity N
pu stopbits 1
See also: Basic Router Configuration
Unfortunatelly when trying to assign IP address to FastEthernet 0/0/0 there is an error: "IP addresses may not be configured on L2 links FastEthernet0/0/0". The reason is that this interface is a port of internal switch and can not be assigned IP address directly. VLAN has to be created and IP address can be assigned to VLAN then:
(config)# interface fastethernet 0/0/0
(config-if)# switchport access vlan 2
(config-if)# exit
(config)# interface vlan 2
(config-if)# ip address 192.168.144.1 255.255.255.0
(config-if)# no shutdown
On Linux machine:
Setup rsyslogd. In /etc/rsyslogd.conf uncomment lines:
$ModLoad imudp
$UDPServerRun 514
In the same config file add:
local1.* /var/log/ciscorouter.log
Remember to change firewall entries for UDP port 514.
On Cisco router:
logging host 192.168.x.x
logging trap debug
logging facility local1
If logging works properly after e.g. shutdown/no shutdown on any interface in /var/log/ciscorouter.log you should find entries like:
Oct 5 15:49:57 ciscorouter 51: *Oct 5 13:50:01.241: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
To backup current configuration without use of TFTP etc. one can use minicom option (Ctrl-A, L) to dump all messages. Then just show running-config and Ctrl-A, L again.
To backup config and IOS image to SSH server use commands:
copy running-config scp://user@192.168.100.100
copy flash:cisco-IOS-image.bin scp://user@192.168.100.100
You can follow standard password recovery procedure, but remember that for minicom "Break" signal must be send with Ctrl-a f. Then you will be able to enter ROMMON. After that please follow usual steps (confreg 0x2142, reset etc.).
I don't recommend use of any automatic configuration/secure tools such as auto secure or even http/https access to router unless you know exactly what you are doing. Otherwise your router can behave not as you expect it to work and it might be difficult to debug the problem. It is better to follow e.g. Cisco Guide to Harden Cisco IOS Devices, and step by step do all the stuff manually and with understanding.
Maybe there is simpler way to restart SSH (e.g. after change of default port from 22 with ip ssh port ...), but the way I know goes:
crypto key zeroize rsa
crypto key generate rsa