I have a QNAP QSW-M408-4C and I was wondering what the serial console port was used for, especially since it wasn’t documented anywhere. Well it turns out it’s a full TTY terminal in LEDE Linux. Thanks to u/sinisterpisces’s post who inspired me to find out more about it.
Requirements
- You will need a Cisco compatible RJ45 Console Port to Serial/USB adapter
Connecting via Serial
Windows (PuTTY)
- Install PuTTY, this is probably also possible to do with PowerShell, but I don’t know how.
- In PuTTY, set the ‘Connection Type’ to “Serial”
- Find the COM port in Device Manager under ‘Ports (COM & LPT)’
- Back to PuTTY, set the ‘Serial Line’ to the COM port you found
- Set the ‘Speed’ to 115200
Linux (Screen)
- Install screen (It’s often already installed)
- Run
ls /dev/tty*to find the Serial Adapter (usually starts with /dev/ttyUSB or /dev/ttyS) - Run
screen [adapter path] 115200to connect
Logging in/out
- Press enter then enter the same username and password used for the web interface
- When logging out type
exitto quit the session
Scripts
There’s multiple scripts just lying around on the switch that can be used for various things. You can find them all with find / -name *.sh.
Here’s a clean list:
[email protected]:/admin# ls /usr/bin/*.sh /bin/*.sh /sbin/*.sh /etc/*.sh
/bin/ipcalc.sh /usr/bin/firmware_update.sh
/etc/diag.sh /usr/bin/genenvs.sh
/etc/reg_boardinfo.sh /usr/bin/isscli.sh
/etc/setvlans.sh /usr/bin/issip.sh
/etc/start_service.sh /usr/bin/issnet2tap.sh
/sbin/fan_ctrl.sh /usr/bin/isspass.sh
/sbin/led.sh /usr/bin/issswname.sh
/sbin/prepare_system.sh /usr/bin/luacli.sh
/sbin/qsw_fwupgrade.sh /usr/bin/runisscmd.sh
/usr/bin/evdisp.sh /usr/bin/setmode.sh
/usr/bin/event.sh /usr/bin/sys_stat.sh
Here’s a few of the ones I’ve looked at:
sys_stat.shGets/sets fan speeds, temp, rtc, leds, memory, reset, i2c, and mode (--helpworks)isscli.sh“Aricent Intelligent Switch Solution” CLI (also ontcp://localhost:6023, blocked externally by iptables)runisscmd.shRuns piped input as a command on the CLI (eg.echo "help" | runisscmd.sh)luacli.sh“LUA CLI shell”, (?for help, some things cause switch to crash)isspass.shSets the UI Password using said API using the MAC Address as the old passwordreg_boardinfo.shSets MAC, Serial and Model (I think)fan_ctrl.sh&led.shSelf explanatory but doesn’t seem to work
Remote Access
Enabling SSH
The switch seems to have SSH enabled by default but it’s blocked by iptables, here’s how to unblock it:
Enable SSH until reboot
- Type
iptables -L INPUT 2and you should getDROP tcp -- anywhere anywhere tcp dpt:ssh - If you do type
iptables -D INPUT 2 - If you don’t type
iptables -L INPUT --line-numbers | grep sshtheniptables -D INPUT [line number]
Enable SSH permanently
- Edit
/etc/firewall.user- eg.
vi /etc/firewall.user
- eg.
- Add a
#to the beginning of the line that saysiptables -A INPUT -i cpsstap -p tcp --dport 22 -j DROP(likely line 2)- press
ito insert in vi
- press
- Save and reboot
ESC+:wqto save in virebootto reboot in linux
Other Ports
| Line | Port | Comment |
|---|---|---|
| 1 | 161 | SNMP (Community: NETMAN or PUBLIC) |
| 2 | 22 | SSH |
| 3 | 6080 | Aricent Web GUI (Seems to require IE or an older browser) |
| 4 | 6023 | Aricent Telnet CLI (Can already be used though the console using isscli.sh) |
| 6 | 8080 | uhttpd Webserver |
| 8 | 69 | TFTP? Doesn’t seem to be listening |
| 9 | 12345 | ISS408wt.exe is listening |
| 10 | 12346 | ISS408wt.exe is listening |
| 11 | 31337 | ISS408wt.exe is listening |
| 12 | 31338 | ISS408wt.exe is listening |
The Aricent interfaces can be accessed using the admin username and password, or the debug username and password present in /usr/bin/runisscmd.sh. I believe the debug password is the same on every switch, so I wouldn’t recommend allowing them.
Upgrading Firmware
- Download the firmware from the QNAP site onto the switch:
wget <url> - Extract the firmware:
tar -xvf <file name>.img - Run
./firmware_update.sh
You might think qsw_fwupgrade.sh from above would do something, it doesn’t.
Additional Things
Installing Packages
To install packages with opkg:
opkg updateopkg install <package>I installed htop since it wasn’t installed for me
Config
There’s also some extra VLAN config in /etc/iss_vlan.txt that might let you tag VLAN 1, otherwise I’m sure the Aricent interface will.