CCIE level problem - Serial Port - Check Point UTM >> Cisco TerminalServer

We have an issue with connectivity between a checkpoint UTM firewall
and a cisco terminal server.

When connecting to the UTM serial port via hyperterminal we can see
the boot messages (POST).

When using the Cisco terminal server we see the Check Point device
send an 'AT' command on the serial and the first thing we see is the
grub menu - meaning we cannot break into the BIOS or select a break
key for PXE booting.

Console redirection is enabled in the BIOS and we have tried numerous
setting on the line config.

What we have tried without success:

no flush-at-activation
flowcontrol hardware
modem DTR-active
transport input all

The pertinent GRUB config is as follows:

serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal --silent --timeout=5 console serial

We just don't understand why this is happening. Other devices work ok
on the same term serv, same port, with the same config. I've tried
terminal types: vt100, ansi, vt220 and also tried with flowcontrol set
to off, software and hardware - none of which gave any joy.

Here are the router details:

#show ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(5d), RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sat 02-Feb-02 03:36 by kellythw
Image text-base: 0x80008088, data-base: 0x80989870

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

lon99bgdt11 uptime is 7 weeks, 3 days, 3 hours, 32 minutes
System returned to ROM by power-on
System image file is "flash:c2600-i-mz.122-5d.bin"

cisco 2610 (MPC860) processor (revision 0x300) with 28672K/4096K bytes
of memory.
Processor board ID JAD060706XA (2626773323)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
32 terminal line(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102


Line Config
line 48
session-timeout 60
no exec
no exec-banner
terminal-type ansi
transport input all
transport output none
telnet transparent
stopbits 1
flowcontrol hardware

And line output:

#show line 48
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise
Overruns Int
* 48 TTY 9600/9600 - - - - - 14 13
0/0 -

Line 48, Location: "", Type: "vt220"
Length: 84 lines, Width: 130 columns
Baud rate (TX/RX) is 9600/9600, no parity, 1 stopbits, 8 databits
Status: Ready, Connected, Active, CTS Raised
Capabilities: EXEC Suppressed, Telnet Transparent Mode,
Hardware Flowcontrol In, Hardware Flowcontrol Out, No login banner
Modem state: Ready
Modem hardware state: noCTS* noDSR* DTR RTS
Special Chars: Escape Hold Stop Start Disconnect Activation
^^x none - - none
Timeouts: Idle EXEC Idle Session Modem Answer Session
Dispatch
00:10:00 01:00:00 none
not set
Idle Session Disconnect Warning
never
Login-sequence User Response
00:00:30
Autoselect Initial Wait
not set
Modem type is unknown.
Session limit is not set.
Time since activation: 00:19:32
Editing is enabled.
History is enabled, history size is 10.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed input transports are pad v120 telnet rlogin udptn.
Allowed output transports are none.
Preferred transport is telnet.
No output characters are padded
No special data dispatching characters

 

My guess is the port on the terminal server isn't taking input until DTR
comes active. Your BIOS is leaving it low, and you start to see output
once grub starts up (and sets up the serial port, and raises DTR).

I don't have a commserver handy, and you didn't say what model you're
using, so I can't give you specific configurations to try. But look
around the "modem" part of the line config and see if you can make it a
three-wire (TX, RX, and ground) configuration. That is, leave off both
modem control lines as well as hardware flow lines. This should leave
you as close as possible to simply seeing the bytes as they're framed
into the commserver's UART, which would be a good starting point. You
can then start turning stuff on until your BIOS output goes missing
again.

Andy Valencia

 

Instead of rewiring, try turning off flowcontrol on the Cisco side. CTS and
DSR are low, so the Cisco will not send any data out the port because you
have flowcontrol turned on. When enabled, the port will not send traffic
until CTS (clear to send) and DSR (data set ready) are high. You also could
have things wired wrong. When flow control is enabled you need the pins
wired as:

TX ----> RX
RX <---- TX
DTR ----> DSR/CTS
DSR/CTS <---- DTR

If the UTM has hardware flowcontrol on, you will need to have it enabled on
the Cisco side as well, rewired as above. Another method is to loopback
each ends DTR to its own DSR/CTS.