I have a QNAP QSW-M408-4C and I was wondering what the serial console port was used for, especially since it wasn’t documented anywhere. Well it turns out it’s a full TTY terminal in LEDE Linux. Thanks to u/sinisterpisces’s post who inspired me to find out more about it.
- You will need a Cisco compatible RJ45 Console Port to Serial/USB adapter
Connecting via Serial
- Install PuTTY, this is probably also possible to do with PowerShell, but I don’t know how.
- In PuTTY, set the ‘Connection Type’ to “Serial”
- Find the COM port in Device Manager under ‘Ports (COM & LPT)’
- Back to PuTTY, set the ‘Serial Line’ to the COM port you found
- Set the ‘Speed’ to 115200
- Install screen (It’s often already installed)
ls /dev/tty*to find the Serial Adapter (usually starts with /dev/ttyUSB or /dev/ttyS)
screen [adapter path] 115200to connect
- Press enter then enter the same username and password used for the web interface
- When logging out type
exitto quit the session
There’s multiple scripts just lying around on the switch that can be used for various things. You can find them all with
find / -name *.sh.
Here’s a clean list:
[email protected]:/admin# ls /usr/bin/*.sh /bin/*.sh /sbin/*.sh /etc/*.sh /bin/ipcalc.sh /usr/bin/firmware_update.sh /etc/diag.sh /usr/bin/genenvs.sh /etc/reg_boardinfo.sh /usr/bin/isscli.sh /etc/setvlans.sh /usr/bin/issip.sh /etc/start_service.sh /usr/bin/issnet2tap.sh /sbin/fan_ctrl.sh /usr/bin/isspass.sh /sbin/led.sh /usr/bin/issswname.sh /sbin/prepare_system.sh /usr/bin/luacli.sh /sbin/qsw_fwupgrade.sh /usr/bin/runisscmd.sh /usr/bin/evdisp.sh /usr/bin/setmode.sh /usr/bin/event.sh /usr/bin/sys_stat.sh
Here’s a few of the ones I’ve looked at:
sys_stat.shGets/sets fan speeds, temp, rtc, leds, memory, reset, i2c, and mode (
isscli.sh“Aricent Intelligent Switch Solution” CLI (also on
tcp://localhost:6023, blocked externally by iptables)
runisscmd.shRuns piped input as a command on the CLI (eg.
echo "help" | runisscmd.sh)
luacli.sh“LUA CLI shell”, (
?for help, some things cause switch to crash)
isspass.shSets the UI Password using said API using the MAC Address as the old password
reg_boardinfo.shSets MAC, Serial and Model (I think)
led.shSelf explanatory but doesn’t seem to work
The switch seems to have SSH enabled by default but it’s blocked by
iptables, here’s how to unblock it:
Enable SSH until reboot
iptables -L INPUT 2and you should get
DROP tcp -- anywhere anywhere tcp dpt:ssh
- If you do type
iptables -D INPUT 2
- If you don’t type
iptables -L INPUT --line-numbers | grep sshthen
iptables -D INPUT [line number]
Enable SSH permanently
- Add a
#to the beginning of the line that says
iptables -A INPUT -i cpsstap -p tcp --dport 22 -j DROP(likely line 2)
ito insert in vi
- Save and reboot
:wqto save in vi
rebootto reboot in linux
|3||6080||Aricent Web GUI (Seems to require IE or an older browser)|
|4||6023||Aricent Telnet CLI (Can already be used though the console using
|8||69||TFTP? Doesn’t seem to be listening|
|9||12345||ISS408wt.exe is listening|
|10||12346||ISS408wt.exe is listening|
|11||31337||ISS408wt.exe is listening|
|12||31338||ISS408wt.exe is listening|
The Aricent interfaces can be accessed using the admin username and password, or the debug username and password present in
/usr/bin/runisscmd.sh. I believe the debug password is the same on every switch, so I wouldn’t recommend allowing them.
- Download the firmware from the QNAP site onto the switch:
- Extract the firmware:
tar -xvf <file name>.img
You might think
qsw_fwupgrade.sh from above would do something, it doesn’t.
To install packages with
opkg install <package>I installed htop since it wasn’t installed for me
Supermicro also has some CLI documentation for their Aricent Switches that might be helpful.
There’s also some extra VLAN config in
/etc/iss_vlan.txt that might let you tag VLAN 1, otherwise I’m sure the Aricent interface will.