North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

summary: router/server serial console access aggregator

  • From: Sanjay Dani
  • Date: Thu Mar 18 16:36:05 1999

This is a summary of the private responses to my nanog query:

	>From: Sanjay Dani <[email protected]>
	>Subject: semi-relevant: router/server serial console access aggregator
	>To: [email protected]
	>I am looking for recommendations on a small "footprint"
	>(1U) device that is directly accessible via ethernet/IP
	>and dial-in. It will be hosted in a remote data center
	>to access the consoles of several cisco routers and
	>UNIX servers remotely.
	>I have a feeling somebody has built a cheap and reliable
	>linux/bsd/unix based device with sshd, ethernet port and
	>8 or 16 serial ports.

Thanks to all of you who replied. I may not be able to reply
to you personally.

	18 suggested using variations of the Cisco 2509/11/14. 1U.
		Can use telnet with IP address based access lists.
		ssh support expected in 12.0T, out in a few weeks.
		*** Watch out for the 2500's sending a break on
		asynch ports on power cycle and halting Sun consoles ***
	 4 suggested other 1U servers without ssh such as WTI,
		Lantronix, and Shiva LAN Rovers with RADIUS auth
	 9 suggested using 1U or terminal servers such as
		Livingston Portmasters (7 out of 9). No ssh,
		but can use SecureID with RADIUS.

	 7 suggested "bulky" 2U or more bsdi/linux based PC's
		with cyclades or other cards or Sun boxes with
		magma SBUS or Digi SCSI cards
	11 are _very_ interested in better solutions.

I'v attached exceprts from some of the replies I got. I decided
to not quote the name/email of the sender. Hope that is the right
call here re. respecting privacy vs. attributing credits.

PS. A local PC integrator we work with got the post forwarded by
someone else on Nanog. He came back within a few minutes with a
promise to deliver a 1U Intel/Linux box in the next three weeks,
after doing some hardware engineering. That overall seems the
best match for my own requirements. I have no financial interest
in this integrator except I may get an evaluation piece,
competitive pricing :), and the satisfaction of promoting
somebody on the "good" side (freeware, custom hardware,
reliability, functionality etc.) against the big guys
(M$, Crisco etc.). Excerpt attached at the end.


I buy Livingston Portmaster 2E-30s (30 DB25 serial) for this purpose. I've 
bought several used for around $1000 from Network Hardware Resale in Santa 
Barbara, CA. These boxes are reliable--probably far more so than a PC-based 
solution--offer good port density in a relatively small footprint, and will 
run forever.

There's no support for ssh, but you can use SecureID with RADIUS if necessary.


Most terminal servers will do what you need, except for the SSH bit.  I
have used Xyplex and Livingston terminal servers for this purpose and 16
port Xyplex terminal servers are/were available in a 1U height.


I'd be interested in the summary, but I've scoured the web for such a device
and as far as I can see, nothing will have sshd AND 16 serial ports that isn't
a full fledged bsd box with cyclades cards.

We currently use livingston pm2e's with a modem in s0 and various devices off
of the other ports (they are about 3-4U though). We have IP based filters on
them and they work very well for what we need them for...


Well, except for sshd and dialup, that's a terminal server, with
reverse telnet.  That wouldn't be to hard to do, except for the 1U
requirement, with J. Random Linux box; the Boca BB1008 and 1016(?)
cards work nicely.  Finding something with both 1) enough serial ports,
and 2) that small a formfactor is likely to be troublesome.


The 2511-RJ version with 16 RJ45 jacks fans out more easily over several 
racks than the classic cisco 2511 with its 2 octopus cords.

And yet as a REAL cisco router you can also have it on someone
else's frame relay network globally as your OOB access when your
own network is trashed.

Beware the cisco pinning inheritted from DEC via Emulex. Pins 3+6 are
paired in normal Cat-3/5 patch cords but that pairs xmit with receive data
for cisco. That is why their console cords MUST be FLAT mod cordage.

Cisco plan for 'rolled' wiring where pin 1 at one end is
8 at the other. We wire our own mod to rs232 adapters backwards to 
cisco's and so use straight through wiring. If you prefer to use
round 4 pair cable rather than flat, bastard pin it straight through
but DON'T nake 3+6 be a pair! Just use a pair each for 1+2, 3+4, 
5+6, and 7+8. Tip color code on odd  pin, and do them in THAT sequence
by normal color code starting with wh/blu blu/wh on 1+2. That way any savvy
person looking will spot that they are NOT a normal cat-5 ethernet/t1/whatever

If you need a spiffier router that even supports 100BaseT for running VLANs
on a small cisco 19xx class switch, look at the 262x routers. The
LARGE slot in there is the same as a 36xx router and can get you 32 
octopussed async ports. 3 of those 32 port modules in a 3640 get you
96 ports with a slot left for MANY options from 2x10BaseT + 4xT1 to 
even a full HSSI for T3.

Althouhg one of the ASYNC ports can be a modem in, so can the normal 
AUX port.

These cisco async ports are also PPP ports for those CSU/DSUs etc
that need such for SNMP remote management.

OTOH, folks retiring PM2s use them.


Might not be what you wanted, but check out:

and more generally:


Western Telematic makes a network accessible device that
can be used for console aggregation.  The product is the
RSM-800, which WTI describes as a "Telnet & Dial-up Remote
Port Manager."

Take a look at the following URL for more information:


Check  They have a unit like the one you're looking
for.  They also make 1U power strips with a serial port for modem, a
console port for dumbterm and an ethernet port for the LAN for in/out of
band administration.


I'm interested in what you find out.

I'm currently building a Linux CD image to boot and run w/o
hard drive or floppy on a PC device.  I've found a 2U case
I could put a PC motherboard.  Add things like P/S, CDROM,
CPU, RAM, NIC, then you'd have at least something that can
run fairly stable (certainly can't trash it's hard drive).
Mostly I'll be using cheap boxes of the MicroATX form factor.

SSH will be a complication for a couple reasons, but I'm
planning to put together a non-encrypted connection server
that uses RIPEMD-160 to get into the box from remote, but
without encryption (e.g. no one can open the door, but they
can see you walk in if they are looking).


We use the Lantronix LRS16 - 1U, 16 serial ports (on RJ45), and ethernet. It's
actually a full dial-in server, so you can attach a modem to one serial port
and it'll give you dial-back/securid/whatever you require. I believe they 
also now do one which doesn't have all the dial-in bits, making it a bit

We pay UKP 1200 for them (about $1920), so they're not cheap, but they're

Doesn't do ssh, despite several requests :(


Well, I've got nothing that small, but what we use is 2u in height.
They're made by a company called Server Technologies (
The box we have is the "Sentry".  It's got 8 power ports which can be
remotely cycled, 8 serial (up to 12 I believe), ethernet, and 2 "inbound"
serial (one for modem and one for cisco aux port type stuff).  The only
bummer is the 8 serials are 6-conducter RJ11.  Everything I've used before
these has either been RJ45 or DB9.  Once you get used to it tho, it's no
big deal


Just stick an extra ethernet card in one of your existing administrative
servers (or all of them!) and create a private RFC 1918 network.
Firewall it off and attach any old terminal server that supports reverse
telnet to that admin lan.  Plug a modem and a terminal into two of its
ports as well, and away you go.  There may be lots of other admin uses
for that second LAN too.  I run secure NTP and DNS between my servers on
it, do my backups over it, etc.

I happened across a bunch of DECserver90TL's (little 8-port modular
terminal servers) [and a DECserver900TM 32-port, but it needs a DEChub
900 backplane to attach to], and they work very well for this job
(except for the fact that you have to re-configure them manually unless
you have all of DEC's original PC-based config management tools).


cisco's old terminal server, the 2511 works nicely.  1U, with an octopus
type assembly running out the back to a 16 port patch panel.  The only
problem I've come across is that, in the event of the 2511 being power
cycled, it'll send something that looks like a break out on all the async
lines.  This tends to upset Suns, but there are ways around it.


We use 2511s. We have somewhere between 60-100 installed without any issues...


I say, Yes.. I have something like this which I can sell today.. But, I am
holding on to it.
My 1U will be shipping soon.. with lots of good features (eg.. for this
application we can have a pci internal modem card for remote dialin into
the syste, if network connection from outside world is not available) etc.
etc. etc..

There are few product highlights.. which are being further enhanced before
we start shipping.

I can give 4 serial ports out of the box.. othes I will have to think of..
But, hey I have a spare PCI slots for expansion.. I may put it work and do
something intelligent with it.

The stuff  you see on my web page, it's ready.

But, the extra pci expansion port and attachements are not ready yet. I
have stopped the shipping of this 1U product, so I can incorporate the pci
expansion card in there and make it more versatile. This PCI expansion card
will let you plug another ethernet port (for firewalls), or ethernet pci
card with multiple ethernet ports (small router), or even a combination of
ehther and scsi card or a pci 8 or 16port multiport serial card as you

Yes, I do have certain things ready.. But, I am not ready with the
expansion pci card yet.

As I said aboe, I have designed a pci riser card, which is bit specific to
this particular enclosure, but uses the same circuits etc.. as our 2U does.
It will take another 2-3 weeks for me to get the first lot manufacturered.