When I was replacing all my buggy little MikroTik RouterOS boxes and VMs with some new shiny (and also buggy) Cisco ISR1000s and CSR1000vs a few years ago, there were several things that I missed so much that existed on the former but not on the latter. One of them was the “MAC Winbox” and “MAC Telnet” capability with which you can plug your maintenance workstation into the router with an Ethernet cable, fire up a Winbox, and it will let you configure the router through a layer 2 connection. It require no valid IP configuration, so it would work as long as you doesn’t shut down the port and there is no wild switch ACL in place. Newer routers have USB console ports, and I do have a console cable in my EDC, but a router’s ability to be configured without a console cable is still its big advantage to me.
Imagine my face today when I learned that Cisco routers (IOS and IOS XE) do support a layer 2 protocol with remote console capability. And the protocol is not new. The protocol is from the 1980s and IOS has been quietly supporting it for years. It has even been enabled by default for years. It is still being supported (as of IOS XE 17.2).
Let me introduce you to the Maintenance Operation Protocol. MOP is designed to be a remote management protocol for VMS. It initially had a lot more capabilities: installing software, remote rebooting, etc., but what we actually need (and the Cisco OSes actually implemented) is its remote console function. The protocol packets are encapsulated directly in Ethernet frames, so it will work across a bridge/switch and without a valid IP configuration.
Let’s spin up a lab VM and see it in action.
MOP Server Configuration
It is simple to enable MOP on a Cisco IOS/IOS XE system.
- MOP should be enabled on interface level
- AAA (username/password authentication) should be configured
- VTY should be reserved for MOP
Here is a minimal configuration:
! set up AAA
aaa new-model
aaa authorization exec default local
username admin privilege 15 secret super-strong-passw0rd
! enable MOP on interface level
interface GigabitEthernet1
no shutdown
mop enable
! reserve VTY for MOP
line vty 1 4
transport input mop
MOP Client Configuration
========================
It's too hard to find a working VMS installation now, so I'll use my Debian 10 for demonstration. We only need the client so remember to disable the server:
```shell
apt install latd
systemctl disable --now latd
Then we simply connect to the router with an interface and a MAC address:
root@localhost:~# ip link set eth0 up
root@localhost:~# moprc -i eth0 -v 00:02:00:00:00:00
Maintenance Version: 3.0.0
Console connected (press CTRL/D when finished)
Username: admin
Password:
Router>
You might need to press Enter after the Console connected message to make the username prompt show up.
Things Worth Noting
Default Configuration
IOS and IOS XE defaults to enable MOP if you have a empty but defined interface configuration block and the interface is a Ethernet interface (no matter how fast it is). In recent versions, if the interface does not exist before, no mop enabled will be generated automatically when the interface is detected.
Cisco Implementation Specific Problems
If you don’t connect with a -v flag, the connection will fail:
root@localhost:~# moprc -i eth0 00:02:00:00:00:01
target does not support remote console
If MOP is enabled on the interface but other configurations are missing, you will get this instead:
root@localhost:~# moprc -i eth0 -v 00:02:00:00:00:01
Maintenance Version: 3.0.0
Console connected (press CTRL/D when finished)
Target does not respond
Monitoring MOP Activity
MOP connected users will show up in show user :
Router#show user
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
1 vty 0 admin idle 00:00:06 UNKNOWN
Interface User Mode Idle Peer Address
MOP packets statistics can be viewed with show interface accounting :
Router#show interfaces GigabitEthernet1 accounting
GigabitEthernet1
Protocol Pkts In Chars In Pkts Out Chars Out
Other 0 0 0 0
IP 0 0 0 0
DEC MOP 1945 116700 1899 114110
ARP 0 0 0 0
And connection logs can be displayed with debug mop :
*Jul 16 15:20:00.096: MOP: Reserving console for 0002.0000.0002
*Jul 16 15:20:00.098: MOP(GigabitEthernet1): Got request\_id message from 0002.0000.0002
*Jul 16 15:20:00.098: MOP(GigabitEthernet1): Sending sysid message to 0002.0000.0002
*Jul 16 15:20:06.427: MOP: Console released by 0002.0000.0002
MOP System ID Messages
There is an auxiliary configuration at the interface level:
interface GigabitEthernet1
mop sysid
If enabled, IOS will send out packets periodically to announce its support for MOP protocol. I haven’t found it useful in any ways.
References: